Archive of posts in year '2020'

Please note: This archive page is only available in English. If a German version of a post is available, you can change the language once you've opened the post.
See all posts

Scroll down to see more ...

post icon Kubernetes AppOps Security part 3: Security Context (1/2) - Good Practices

03/17/2020 Johannes Schnatterer in Software Craftsmanship

Kubernetes AppOps Security part 3: Security Context (1/2) - Good Practices

The virtual construct of a “container” is a normal Linux process at its core that largely runs in isolation from the rest of the system using certain kernel components. This makes containers lighter but more vulnerable than virtual machines (VMs). To reduce this vulnerability to attack, the container runtimes offer a variety of settings whose default values strike a compromise between usability and security.

Read more
post icon Docs As Code - Continuous Delivery of Presentations with reveal.js and Jenkins - Part 2

02/11/2020 Johannes Schnatterer in EcoSystem

Docs As Code - Continuous Delivery of Presentations with reveal.js and Jenkins - Part 2

The first part of this series demonstrated the use cases and benefits of delivering presentations with reveal.js. They are Docs As Code, and therefore they can be subjected to versioning management and of course delivered via Continuous Delivery. Furthermore, we demonstrate how the Jenkins pipelines can be used to deploy to GitHub Pages using a model concrete implementation. This article demonstrates additional alternatives for deployment (Sonatype Nexus and Kubernetes), while the general structure of the `Jenkinsfile` remains the same.

Read more
post icon Kubernetes AppOps Security: Network Policies Part 2 - Advanced Topics and Tips

01/20/2020 Johannes Schnatterer in Software Craftsmanship

Kubernetes AppOps Security: Network Policies Part 2 - Advanced Topics and Tips

In a Kubernetes cluster, everything (nodes, pods, Kubelets, etc.) can communicate with each other by default. If an attacker succeeds in exploiting a security vulnerability in one of the applications, he can easily expand his attack to all underlying systems in the same cluster. You can restrict this vulnerability using the on-board network policy features found in Kubernetes.

Read more