Encryption, access and management of sensitive data is a critical part of application security. Vault secures, stores and securely manages access to tokens, passwords, certificates and encryption keys for dynamic environments like the cloud, containers and Kubernetes.
In this tutorial, I will show how to deploy a Vault server instance to OpenShift, enable and configure Kubernetes authentication, use the Vault Agent for integration between Vault and Kubernetes, and configure application access to the secrets engine. Alternatively, you can use IBM Secrets Manager, a cloud managed and compliant service of Vault.
This tutorial is assuming you have access to an…
This tutorial explains how to start to
air gap and secure an OpenShift or Kubernetes cluster and physically isolate your cluster using a Virtual Private Cloud (VPC). Using an air gapped cluster is one of the first things you will do to secure your container deployments. …
In this tutorial, you will mount a remote Object Storage bucket using s3fs onto your local machine as a local directory. This practice is known as
Filesystem in Userspace or
FUSE. In this tutorial I used a MacOS (to be precise I used a MacOS Catalina version 10.15, MacBook Pro) and an Ubuntu environment at Labs.CognitiveClass.ai.
Filesystem in Userspace (FUSE) lets non-privileged users create a file system in their user space. The FUSE project consists of two components: a FUSE kernel module that is part of the Linux kernel since version 2.6.14, and the
libfuse userspace library. The libfuse…
If you are an Application Developer, DevOps engineer, Site Reliability Engineer (SRE) or otherwise interested in Cloud Native and application modernization, you will see a lot of action in the fields of security, automation and devops areas on Cloud Native. Venture Capital is investing heavily in devops automation and security, recruiters are aggressively hunting down talent, new job openings are being posted every day, new startups are funded, open source projects and Kubernetes extensions launched with no end.
There are also a lot of really boring companies and technologies, capitalizing on the surge in adoption of cloud native without inspiring…
Red Hat OpenShift Container Platform (RHOCP) is an Enterprise level extension of Kubernetes that is able to run hybrid and multi-cloud clusters on any provider. You can think of OpenShift as a universal Kubernetes operating system.
One of the build and deployment strategies on OpenShift is the
Docker build strategy. A
build is the process of transforming source code into a runnable image. The deployment uses the runnable image to deploy an application to a runtime environment.
To define the build process OpenShift uses a
Docker build strategy invokes the docker build command, and it expects a repository…
By default all files created inside a container are stored on a writable container layer. That means that:
Docker provides two options to store files in the host machine: `volumes` and `bind mounts`. …
Security is an intimidating topic. Some parts of security are really advanced and hard, but there is a few very simple best practices to follow to secure your application. One of those is to include a tool in your DevOps pipeline, to automatically scan for vulnerabilities in your code each time you build. OpenSCAP is one such project, and SonarQube is another. Such a code scan is part of what is called Static Application Security Testing (SAST).
SonarQube is a leading automatic code review tool to detect bugs, vulnerabilities and code smells in your code. To run…
Apache Kafka is a distributed messaging system using a pub-sub or publish and subscribe model to process and store streams of records. This article sets up a managed Kafka instance and creates a Java Spring Boot application to produce and consume event streams.
If you’re interested to read about
Java: Get Messaging with Spring AMQP and RabbitMQ see my earlier article here.
Using the Web Console
This is part 3 in a series to build a full mobile app using the Ionic Framework. In this article, I will add basic support for Progressive Web Apps (PWA) using a Service Worker for caching and proxying network requests, and I add support for live data via a Wordpress API that handles asynchronous requests with RxJS Observables.
This is a sequel to an earlier article called
Create a Full Mobile App with Ionic4 (Part 1).
This article is part 2 and adds CRUD functionality to Create, Read, Update and Delete articles from a feed. This part uses components to define views, services to manage data and interact with a remote API, toggle the component between Read and Update or Create, two-way data binding, and @Input and @Output decorators.
Cloud Native Developer Advocate @IBMDeveloper for Cloud Native, Containers, Kubernetes, Security and DevOps. Dutch NYer, dad, humanist with empathy for paradox.