gRPC Long-lived Streaming

In this blog post I’ll explore a way to implement gRPC long-lived streaming. Using gRPC is perfect for cloud native applications mainly since it is modern, bandwidth and CPU efficient and low latency which is exactly what distributed systems require. If you’re reading this I assume you are already familiar with gRPC. But if you…

Kubernetes Pod Security Policy Deprecation

A couple of weeks ago I noticed that the Kubernetes Auth Special Interest Group (AKA sig-auth) announced its decision to deprecate the Pod Security Policy (PSP) in Kubernetes version 1.21 and to remove the API completely at version 1.25. Similar to the case where it was decided to remove the dynamic audit sink feature, it…

Configure And Implement A Kubernetes Audits Webhook

This post is going to be mostly technical. By the end of it you should know exactly how to implement your own Kubernetes audits webhook. First off, if you need some background on Kubernetes auditing, I recommend reading my Kubernetes audits introduction post first. The reason for which I’m writing this post is because of…

Ambassador Container Design Hands On

When developing a cloud native application, we want it to serve a single purpose and be as simple as possible. For example, you would want to have a clear separation between your application logic and communications to remote services. This is where the ambassador container pattern comes in place.

The Death Of Kubernetes AuditSink

I’ll start this blog post with a funny story: my last blog post was an introduction to Kubernetes audits (which I recommend reading before diving into this post). As a continuing post, I wrote about what I thought to be the future of Kubernetes audits – the dynamic backend. Only to find out, a couple…

Kubernetes Audits Introduction

Monitoring the security aspects of a system as complex as Kubernetes can get frustrating. Especially when you want simple answers to simple questions (e.g., what happened? when did it happen?). That is exactly where Kubernetes audits come into place. In this blog post I will go over Kubernetes audits in detail: What are they exactly?…

What is Open Policy Agent?

In the cloud native space, security goes a long way. One of the open source rising stars of this space is Open Policy Agent (in short – OPA). I’ve found it difficult to explain to fellow engineers and my colleagues what exactly is OPA and what does it do? As time passed, I came up…