Encryption, access and management of sensitive data is a critical part of application security. Vault secures, stores and securely manages access to tokens, passwords, certificates and encryption keys for dynamic environments like the cloud, containers and Kubernetes.

In this tutorial, I will show how to deploy a Vault server instance to OpenShift, enable and configure Kubernetes authentication, use the Vault Agent for integration between Vault and Kubernetes, and configure application access to the secrets engine. Alternatively, you can use IBM Secrets Manager, a cloud managed and compliant service of Vault.

This tutorial is assuming you have access to an…


This tutorial explains how to start to air gap and secure an OpenShift or Kubernetes cluster and physically isolate your cluster using a Virtual Private Cloud (VPC). Using an air gapped cluster is one of the first things you will do to secure your container deployments. …


In this tutorial, you will mount a remote Object Storage bucket using s3fs onto your local machine as a local directory. This practice is known as Filesystem in Userspace or FUSE. In this tutorial I used a MacOS (to be precise I used a MacOS Catalina version 10.15, MacBook Pro) and an Ubuntu environment at Labs.CognitiveClass.ai.

Filesystem in Userspace (FUSE) lets non-privileged users create a file system in their user space. The FUSE project consists of two components: a FUSE kernel module that is part of the Linux kernel since version 2.6.14, and the libfuse userspace library. The libfuse…


If you are an Application Developer, DevOps engineer, Site Reliability Engineer (SRE) or otherwise interested in Cloud Native and application modernization, you will see a lot of action in the fields of security, automation and devops areas on Cloud Native. Venture Capital is investing heavily in devops automation and security, recruiters are aggressively hunting down talent, new job openings are being posted every day, new startups are funded, open source projects and Kubernetes extensions launched with no end.

There are also a lot of really boring companies and technologies, capitalizing on the surge in adoption of cloud native without inspiring…


Red Hat OpenShift Container Platform (RHOCP) is an Enterprise level extension of Kubernetes that is able to run hybrid and multi-cloud clusters on any provider. You can think of OpenShift as a universal Kubernetes operating system.

One of the build and deployment strategies on OpenShift is the Docker build strategy. A build is the process of transforming source code into a runnable image. The deployment uses the runnable image to deploy an application to a runtime environment.

To define the build process OpenShift uses a BuildConfig. The Docker build strategy invokes the docker build command, and it expects a repository…


By default all files created inside a container are stored on a writable container layer. That means that:

  • If the container no longer exists, the data is lost,
  • The container’s writable layer is tightly coupled to the host machine, and
  • To manage the file system, you need a storage driver that provides a union file system, using the Linux kernel. This extra abstraction reduces performance compared to `data volumes` which write directly to the filesystem.

Docker provides two options to store files in the host machine: `volumes` and `bind mounts`. …


Short-URL: http://ibm.biz/sonarqube-lab

Security is an intimidating topic. Some parts of security are really advanced and hard, but there is a few very simple best practices to follow to secure your application. One of those is to include a tool in your DevOps pipeline, to automatically scan for vulnerabilities in your code each time you build. OpenSCAP is one such project, and SonarQube is another. Such a code scan is part of what is called Static Application Security Testing (SAST).

SonarQube is a leading automatic code review tool to detect bugs, vulnerabilities and code smells in your code. To run…


Apache Kafka is a distributed messaging system using a pub-sub or publish and subscribe model to process and store streams of records. This article sets up a managed Kafka instance and creates a Java Spring Boot application to produce and consume event streams.

If you’re interested to read about Java: Get Messaging with Spring AMQP and RabbitMQ see my earlier article here.

Steps:

  • Apache Kafka
  • Create a Managed Kafka Instance
  • Create a Topic
  • Create a new Spring Boot Application
  • Add the Spring Properties File
  • Add a Spring Boot Controller for Kafka,
  • Test the Producer and Consumer

Using the Web Console

Apache Kafka


This is part 3 in a series to build a full mobile app using the Ionic Framework. In this article, I will add basic support for Progressive Web Apps (PWA) using a Service Worker for caching and proxying network requests, and I add support for live data via a Wordpress API that handles asynchronous requests with RxJS Observables.

Previous articles:

  • Create a Full Mobile App (1) with Ionic4 (here),
  • Create a Full Mobile App (2): Add CRUD, Components and Services using Ionic5, Angular8 and TypeScript (here),
  • Create a Full Mobile App (3): Enable PWA, Add RxJS Observable and Service Worker…

This is a sequel to an earlier article called Create a Full Mobile App with Ionic4 (Part 1).

This article is part 2 and adds CRUD functionality to Create, Read, Update and Delete articles from a feed. This part uses components to define views, services to manage data and interact with a remote API, toggle the component between Read and Update or Create, two-way data binding, and @Input and @Output decorators.

Part 1 implemented a tabs based navigation with a header and header menu, sub headers, an authentication service with login and logout functionality, using a Guard and LocalStorage with…

remko de knikker

Cloud Native Developer Advocate @IBMDeveloper for Cloud Native, Containers, Kubernetes, Security and DevOps. Dutch NYer, dad, humanist with empathy for paradox.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store