Declarative. It becomes a way of life. We have chosen kustomize to safely build our inventory of YAML, including Istio and Cert-Manager. But, it has proven incredibly non-DRY. After some refactoring etc, I made a few Generators and Transformers to cover some of the...
Prevent accidents from happening on un-merged feature branches with GitFlow and kustomize.
In the greater Montreal area? Come see me speak tomorrow at Cloud Native Day. The abstraction layers of 'container' and 'helm' etc often make people not think about the security issues. I run 'helm install X' or 'docker build'. That in turn imports many things which...
Ever wondered why so many breaches happen due to secrets being checked in to source control?
Want to make it easy to commit them to git, and be secure at the same time?
TLS certificates, unlike wine, do not get better with age. Refresh them before they hit the end of their lifecycle.
TLS, HTTPS. These are an important step in defence in depth. Get your entire domain on the https-only list at hstspreload.org, thank me later.
Github ransomware. It might be a misdirection to hide more surreptitious changes to the codebase for you to import into your cloud.
Your virtual-private-cloud private IP setup still has access to key API’s such as storage and messaging. Have you considered exfiltration through these?
Your shiny new cloud instances might be tarnished by the reputation of the last tenant.
Use Shodan to check, and Greynoise to see if its above the norm.
And above all, don’t panic!
Docker hub loses account info, deploy tokens for github + bitbucket. Supply chain security chaos should ensue. Or are we now too blase? Its not me, right?
Subscribe for updates
We'd love to stay in touch. There are two groups you might consider, the 'Announcements' are infrequent things we have to say about our progress, and 'Blog' is a more frequent set of updates (that you can also get via web-push notifications by clicking the bell in the lower-right).
Don't worry, you can unsubscribe anytime, and we don't sell or transfer this list. It's just between us.