AppArmor is a
Linux Kernal Security Module which allows Sys admin to restrict programs access to certain resources defined in
profiles. The security profile allows or disallows specific capabilities, such as network access or file rwx permissions etc.
AppArmor can be configured for any application to reduce its potential attack surface and provide a greater in-depth defense.
AppArmor does this with profiles loaded into the kernel when the system starts. It’s a Mandatory Access Control or
MAC that binds access control attributes to programs rather than to users. It works as a profile loaded into the kernel at boot level.
In the first article of this series, we deployed a dummy python flask-based application in the Kubernetes cluster to demonstrate Istio traffic control capabilities. We talked about Istio concepts briefly and deployed few addons for monitoring and visualization of mesh.
Istio’s ability to enforce policy in communication networks enables useful traffic control, observability features, rate limiting, circuit breaking, and programmable rollouts such as canary deployments. In this article I am covering Canary deployment with Istio.
In a cloud-native solution, the
distributed nature of the services requires greater control over the flow of traffic between the services. A
service mesh allows you to observe, traffic control, secure, manage and connect microservices.
Istio is an implementation of a service mesh and comes with a lot of valuable features. In the previous post on Istio, I covered the installation and setup part in Kubernetes Cluster. In this post, we will deploy a dummy python flask-based application in the Kubernetes cluster and manage the communication using Istio.
In the previous post of this series, I covered the basic standard method to deploy cloud resources using Terraform. In this, post we will discover it using Azure DevOps.
What do you need to start?
Please note I assume that you possess basic knowledge of Azure DevOps and Terraform.
Azure DevOps is an automation CI/CD tool with a variety of powerful features. Azure DevOps provides multiple integrated features which can help you manage the whole Software Development Cycle.
You can work in…
IaC allows developers to codify infrastructure in a way that makes provisioning automated, faster, and repeatable. It’s a key component of Agile and DevOps practices such as version control, continuous integration, and continuous deployment.
HashiCorp Terraform is a
open-source tool that manages
Infrastructure as Code and allows you to build, change, and version infrastructure safely and efficiently. Terraform configurations are written in HashiCorp’s
declarative language called
HashiCorp Configuration Language (HCL). Terraform evaluates every resource in the directory with
.tf extension and executes the configuration.
When deployment happens, Terraform generates a
execution plan, describing what it will do and asks…
In this post, we will explore Microsoft’s unified identity management solution. Microsoft Identity platform helps you to manage identities and facilitate authentication and authorization of applications by supporting industry-standard protocols both in cloud or on-premises. Digital transformation has pushed tremendous growth in recent years. This growth has caused identity diversification as well. Microsoft Identity Platform solution has emerged as a market leader in managing identities across all verticals.
Def as per Microsoft,
The Microsoft identity platform helps you build applications your users and customers can sign in to using their Microsoft identities or social accounts, and provide authorized access to…
Firecracker is a virtual machine monitor (VMM) that uses the Linux Kernel-based Virtual Machine (KVM) to create and manage microVMs!
Virtual Machine Monitor also knows as
Hypervisor is software that creates and runs virtual machines. There are two main types
VMM , referred to as Type 1 (bare-metal) and Type 2 (hosted).
KVM converts Linux into a type-1 (bare-metal) hypervisor.
Serverless computing is a cloud computing execution model that deploys cloud-native applications on-demand…
The term cloud native was first used by Bill Wilder in his book, Cloud Architecture Patterns. He mentioned, a cloud-native application is any application that was architected to take full advantage of cloud platforms.
As per Cloud Native Computing Foundation :
Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.
These techniques enable loosely coupled systems that are resilient, manageable, and observable. …
Open Distro for Elasticsearch, the community-driven, 100% open source distribution of Elasticsearch and Kibana. The distribution also provides few plugins to support different features. This distribution does not include Logstash or any of the Beats components.
Open Distro for Elasticsearch combines the OSS distributions of Elasticsearch and Kibana with a large number of open-source plugins. You can use these plugins individually as well. Open Distro for Elasticsearch is supported by Amazon Web Services.