Azure Kubernetes Service Series

Azure | Kubernetes | DevOps | AppArmor | Security | Docker

Photo by on

What is AppArmor

AppArmor is a Linux Kernal Security Module which allows Sys admin to restrict programs access to certain resources defined in profiles. The security profile allows or disallows specific capabilities, such as network access or file rwx permissions etc. AppArmor can be configured for any application to reduce its potential attack surface and provide a greater in-depth defense.

AppArmor does this with profiles loaded into the kernel when the system starts. It’s a Mandatory Access Control or MAC that binds access control attributes to programs rather than to users. It works as a profile loaded into the kernel at boot level.


Part 2: Istio | Canary | Python Flask | Kubernetes | DevOps

Photo by on

In the of this series, we deployed a dummy in the Kubernetes cluster to demonstrate Istio traffic control capabilities. We talked about Istio concepts briefly and deployed few addons for monitoring and visualization of mesh.

Istio’s ability to enforce policy in communication networks enables useful traffic control, observability features, rate limiting, circuit breaking, and programmable rollouts such as canary deployments. In this article I am covering Canary deployment with Istio.

Quick Recap

Before moving on, let me quickly brief you about the application. I have created an application using the Python Flask web framework. The home page…

Tech Basics

Part 1: Istio | Microservice | Python Flask | Kubernetes | DevOps

Image Generated by Kiali

In a cloud-native solution, the distributed nature of the services requires greater control over the flow of traffic between the services. A service mesh allows you to observe, traffic control, secure, manage and connect microservices. Istio is an implementation of a service mesh and comes with a lot of valuable features. In the previous on Istio, I covered the installation and setup part in Kubernetes Cluster. In this post, we will deploy a dummy python flask-based application in the Kubernetes cluster and manage the communication using Istio.

Terraform Basics: Post 2

Infrastructure as Code | Terraform | Azure | Azure DevOps

Photo by on

In the previous of this series, I covered the basic standard method to deploy cloud resources using Terraform. In this, post we will discover it using Azure DevOps.

What do you need to start?

  • Access to Azure Cloud Subscription
  • Azure DevOps

Please note I assume that you possess basic knowledge of Azure DevOps and Terraform.

Azure DevOps

Azure DevOps is an automation CI/CD tool with a variety of powerful features. Azure DevOps provides multiple integrated features which can help you manage the whole Software Development Cycle.

  • Azure Repos
  • Azure Pipelines
  • Azure Boards
  • Azure Test Plans
  • Azure Artifacts

You can work in…

Terraform Basics: Post 1

Infrastructure as Code | Terraform | Azure

Infrastructure as Code

IaC allows developers to codify infrastructure in a way that makes provisioning automated, faster, and repeatable. It’s a key component of Agile and DevOps practices such as version control, continuous integration, and continuous deployment.

Terraform Introduction

HashiCorp Terraform is aopen-source tool that manages Infrastructure as Code and allows you to build, change, and version infrastructure safely and efficiently. Terraform configurations are written in HashiCorp’s proprietary, declarative language called HashiCorp Configuration Language (HCL). Terraform evaluates every resource in the directory extension and executes the configuration.

Terraform provisionsimmutableinfrastructure.

When deployment happens, Terraform generates a execution plan, describing what it will do and asks…


Using Python MSAL Library to fetch Auth Token

In this post, we will explore Microsoft’s unified identity management solution. Microsoft Identity platform helps you to manage identities and facilitate authentication and authorization of applications by supporting industry-standard protocols both in cloud or on-premises. Digital transformation has pushed tremendous growth in recent years. This growth has caused identity diversification as well. Microsoft Identity Platform solution has emerged as a market leader in managing identities across all verticals.

Def as per Microsoft,

The Microsoft identity platform helps you build applications your users and customers can sign in to using their Microsoft identities or social accounts, and provide authorized access to…


AWS Firecracker Virtual Machine Monitor (VMM)

Photo by on

Firecracker is a virtual machine monitor (VMM) that uses the Linux Kernel-based Virtual Machine (KVM) to create and manage microVMs!

What is VMM?

A VMM Virtual Machine Monitor also knows as Hypervisor is software that creates and runs virtual machines. There are two main types VMM , referred to as Type 1 (bare-metal) and Type 2 (hosted).

What is KVM?

Kernel-based Virtual Machine (KVM) is technology built into Linux. Installing KVM on top of your Linux will convert your system into Hypervisor.

KVM converts Linux into a type-1 (bare-metal) hypervisor.

What is Serverless computing?

Serverless computing is a cloud computing execution model that deploys cloud-native applications on-demand…


Building Container Images in Kubernetes (Securely)

Photo by on

Google’s Kaniko project is designed to make container building easier on Kubernetes without giving access to docker daemon!


Photo by on

What is Cloud Native?

The term cloud native was first used by Bill Wilder in his book, . He mentioned, a cloud-native application is any application that was architected to take full advantage of cloud platforms.

As per :

Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.

These techniques enable loosely coupled systems that are resilient, manageable, and observable. …


Photo by on

What is Open Distro for Elasticsearch?

, the community-driven, 100% open source distribution of Elasticsearch and Kibana. The distribution also provides few plugins to support different features. This distribution does not include Logstash or any of the Beats components.
Open Distro for Elasticsearch combines the OSS distributions of Elasticsearch and Kibana with a large number of plugins. You can use these plugins individually as well. Open Distro for Elasticsearch is supported by Amazon Web Services.

Why it is in news?

Elastic has done significant changes in its Licensing mechanism recently. They have moved from the Open Source licensing to the dual licensing model of Elastic License and…

Arun Kumar Singh

In quest of understanding How Systems Work !

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store