Cloud dev blog: Kubernetes, golang, containers and more
When developing a cloud native application, we want it to serve a single purpose and be as simple as possible. For example, you would want to have a clear separation between your application logic and communications to remote services. This is where the ambassador container pattern comes in place.
I’ll start this blog post with a funny story: my last blog post was an introduction to Kubernetes audits (which I recommend reading before diving into this post). As a continuing post, I wrote about what I thought to be the future of Kubernetes audits – the dynamic backend. Only to find out, a couple…
Monitoring the security aspects of a system as complex as Kubernetes can get frustrating. Especially when you want simple answers to simple questions (e.g., what happened? when did it happen?). That is exactly where Kubernetes audits come into place. In this blog post I will go over Kubernetes audits in detail: What are they exactly?…
Since I discovered AWS Lambda, or Serverless functions in general, I was always confused as to how should I run or debug these locally? I mean, there are several approaches as to how to do this, but some are only relevant to specific runtimes, while others don’t exactly imitate the environment that AWS supply. So,…
In the previous post you walked through an explanation on what syscalls are, what is seccomp and specifically what is a seccomp filter. If you are unfamiliar with seccomp filters or syscalls, I suggest you read the first part and then come back here. In this post, you’ll implement a seccomp filter on a Go…
In the following two blog posts series you are welcome to deep dive with me into applying seccomp filters on Go applications. Navigating your way bottom-up, these posts will give you a better understanding of what seccomp is. Hopefully, when finish reading this short, two-parts guide, you’ll be able to use it to protect your…
In the cloud native space, security goes a long way. One of the open source rising stars of this space is Open Policy Agent (in short – OPA). I’ve found it difficult to explain to fellow engineers and my colleagues what exactly is OPA and what does it do? As time passed, I came up…
