This year only, two companies using AWS reached out to us for help because they have been hacked, and their damage was over 30.000$. This is why we created a free ebook with 7 actionable steps that will secure an AWS account in just 30 minutes. And we mean that! Download this free ebook andContinue reading “FREE EBOOK: 7 Steps to Secure Your AWS Account in just 30 minutes”
Introduction Kubernetes has a built-in feature for secrets management called a Secret. The Secret object is convenient to use but does not support storing or retrieving secret data from external secret management systems such as AWS Secrets Manager. It’s often beneficial to use Kubernetes with an external secrets service that handles secret management. Due to this limitation, GoDaddy cameContinue reading “Getting Started with External Secrets Operator on Kubernetes using AWS Secrets Manager”
Managing Pods distribution across a cluster is hard. Pod affinity and anti-affinity feature of Kubernetes allows some control of Pod placement. However, these features only resolve part of Pods distribution use cases. There is a common need to distribute the Pods evenly across the cluster for high availability and efficient cluster resource utilization. As such, PodTopologySpread schedulingContinue reading “Kubernetes: Evenly Distribution of Pods Across Cluster Nodes”
A short while ago, we accepted the invitation to host a hands-on infrastructure workshop for Innovation Labs. This is an innovation program dedicated to emerging Romanian entrepreneurs that wish to turn their startup ideas into MVPs.
In many corporate system infrastructures, it’s very important for the information to be encrypted end-to-end, to be protected from potential vulnerabilities. We’ve learned from our experience that creating a fully secure setup is essential. The main part of the diagram that we will focus on today will be the traffic going from the Nginx proxy to Istio’s HTTPS port. Keep in mind that, even if it’s not compulsory to have a full HTTPS connection between Nginx and Istio, there are applications that won’t work if you don’t use SSL offloading in front (Keycloak, for example).
The key to success in any application development lifecycle is to have as little discrepancies as possible between environments. Luckily, Kubernetes and Docker give you the necessary tools to achieve environment uniformization. Nonetheless, it was always challenging to create development environments that would work on any operating system, be it Linux, Windows, or MacOS. This short article will guide you through all the necessary steps to create your own development environment with Vagrant and MicroK8S on your laptop or PC.
When it comes to giving people from your organization access to your Kubernetes cluster, things can get a little tricky. Kubernetes does not have an authentication mechanism by default. By doing this, you get stuck with an admin certificate you must share with the developers. In consequence, this gives them access to all the resources in the cluster, which can create holes in your security policy.
At CloudHero, we face challenging situations each day when helping our customers in their digitalization and automation journey. One such challenge was automating the process of cloning the production database and anonymizing the data for development use. Specifically, maintenance is usually done only on the production database, and the staging one has stale data, so there are a lot of differences between the staging and the production environment. Here, we are going to generalize the problem, so we help you adapt these methods to your own use case.
One common use case when sending logs to Elasticsearch is to send different lines of the log file to different indexes based on matching patterns. In this article, we will go through the process of setting this up using both Fluentd and Logstash in order to give you more flexibility and ideas on how to approach the topic.
Looking to increase developer productivity and observability at Otter, we noticed that when using one Elasticsearch index for each application, search becomes faster, the queries become easier, and the logs can be parsed using custom regex patterns, and we have full control over the cleanup policy when using Elasticsearch Curator.