Don’t let this happen unless it is really necessary — By default, a token which identifies the default ServiceAccount is mounted in a Pod’s container. This token allows the container to communicate with the API Server. There is not much that the application can do but being able to authenticate against the API Server is already too much especially if…

Security considerations : policies enforcement — TL;DR In the previous article we enhanced the Deployment specifications of the webhooks app from the audit results we got from a couple of security tools. In this article we will discuss about policy enforcement tools whose purpose is to ensure misconfigured specifications cannot be created in the cluster. Articles in this series Presentation of…

kubeadm, k3s, k0s… you choose — This quick post introduces 3 small shell scripts you can use to set up a Kubernetes cluster on your local machine in a couple of minutes. Only 2 prerequisites you need to install first: kubectl to communicate with the cluster from your host machine Multipass, a tool that allows you…

Security considerations : fixing misconfigurations — TL;DR In the previous post of the series we introduced some security tools used to audit a cluster and/or the applications running inside of it. We will now use the results of some of those tools to fix configuration issues and ensure the application’s specifications follow some of the best security…

Security considerations : security related tools — TL;DR In the previous posts of the series we introduced the webhooks application, deployed it on a Kubernetes cluster using Helm or Acorn and implemented a simple observability stack. Now it’s time to explore some security considerations and see how we can ensure (at least to some extent) that the application’s…

When the webhooks app meets Acorn — TL;DR In a previous article we explained how the webhooks application can be deployed in a Kubernetes cluster using Helm / Helmfile. In this article we will explain how this application can be run, packaged and distributed with Acorn, an application deployment framework for Kubernetes. Articles in this series Presentation of the webhooks.app Running the…

Observability using the Loki stack — TL;DR In the previous article we explained how to use GitOps with Argo CD to set up the Continuous Deployment part of the CI/CD pipeline. We will now deploy the Loki stack to get application logs and metrics. Articles in this series Presentation of the webhooks.app Running the application on a local one-node Kubernetes using…

Continuous Deployment using GitOps with Argo CD — TL;DR In the previous article we deployed the webhooks application into a Kubernetes cluster managed by Civo. We will now get closer to the application workflow and use GitOps to set up the Continuous Deployment part of the CI/CD pipeline. Articles in this series Presentation of the webhooks.app Running the application on a local one-node…