Do you want to keep a check on your Kubernetes production-grade environment for the following activities:

  1. Who logged in to your Kubernetes Cluster?
  2. Which service account or user accessed what resource(s) in the cluster?
  3. Who created the secrets or config maps?
  4. Who read the secrets from ETCD, and many more?

Then enforcing audit policy in Kubernetes is the right choice for you.

Typical Kubernetes environment

Kubernetes without Audit Policy

Once enabled, the audit records begin their lifecycle inside the kube-apiserver component. Each request on each stage of its execution generates an audit event, which is then pre-processed according to a certain policy and written to a backend…


Kubernetes (k8s) is an amazing technology and I’m loving it.

Kubernetes comes in various forms from vanilla Kubernetes to turnkey solutions like RedHat OpenShift. In fact, you can provision a single-node Kubernetes(k8s) cluster using Minikube on your local machine.

In this article, I will show you how we can leverage the Virtual Machines (VM’s) provided by Google Cloud to make a Kubernetes Cluster.


SonarQube is a static code analysis tool that helps to scan your source code for quality, code coverage, and vulnerability issues.

SonarQube

In this article, I will show you how you can provision and run highly available and scalable SonarQube server as a Docker Container using the AWS (Amazon Web Services) ECS (Elastic Container Services) service.

(Please note this is not a Fargate solution but a node group based one as SonarQube does not support serverless technology yet because of its limitation while writing to underlying volumes)

The entire setup is done using AWS Cloud Formation template as Infrastructure as Code…


When it comes to architecting and creating an AWS S3 or Amazon’s Simple Storage Service bucket in any organization especially in large corporations usually we start with a single S3 bucket or rather with a limited number of S3 buckets depending upon the various Business Units (BU) or Verticals says Finance, Manufacturing, etc in a company.

It is always a good practice to limit the S3 bucket for various good reasons and keep the data centralized.

Especially for a growing company like Startups, if we start restricting the number of buckets from the beginning itself then it will be very…


Deno

Deno is a secure runtime for JavaScript and TypeScript. It is developed by the same person who developed NodeJS runtime as well, Ryan Dahl. Deno uses the V8 engine and is built in Rust.

Deno is secure by default which means no access to the network, file system or environment, etc unless specified explicitly while running the program.

Deno also supports TypeScript out of the box and all the standard modules are imported and cached locally from an HTTP server unlike in NodeJS where it maintains in node_modules, and if a program requires a specific module, then Node traverses the…


JWT (or JSON Web Tokens) are an open, industry standard RFC 7519 method for representing claims securely between two parties.

JWT logo

It carries a lot of information in the encoded form in a HTTP/HTTPS request after a successful authentication. For instance, when we talk about multi-tenant cloud, a JWT can contain a domain/tenant information, JWT expiration details and/or subject in its body part. But wait? What does a body part looks like in a JWT Payload structure.

JWT payload structure:-


Do you want to protect your code from Vulnerabilities? Or generate the report for your compliance team in your office before they provide sign off for the pre-production or production release?

Continuous Integration, Continous Delivery

A code scan plays a vital role in detecting the memory leakages, vulnerabilities, and/or other possibilities of a cyber attack by scanning our code in detail. It also plays as a compliance standard in large MNC’s before rolling out any production release of a software product.

There are many tools in the market both open source & proprietary that will do our job. …


Have you ever wonder while writing your first post on Medium that how you would be able to add a basic code snippet? By default, there is no dedicated option given on UI on Medium in order to format a piece of code like code snippet (or probably enclosed within a grey readable background).

I too have faced this issue while posting my articles which required the code in it.

To add a code snippet on a Medium post is very simple and just a matter of shortcut keys you need to use after selecting your code text on Medium…

Vinod Kumar Nair

Cloud Architect | Loves Kubernetes | Blogger

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store