Container Security - Linux Capabilities and Secure Compute Profiles

Container Security - Linux Capabilities and Secure Compute Profiles In this post we are going to see two security mechanisms used in Linux Containers in order to provide a security layer for our workloads. We will see how Linux Capabilities and Secure Compute Profiles can be used for limiting the attack surface for our containers. The first part of the blog post will be an introduction to Linux Capabilities and Secure Compute Profiles, second part will show how these technologies work through the use of demos....

Published on March 27, 2021 · Last updated on March 27, 2021 · 15 min · Mario

Containers under the Hood

Containers are Linux You probably already heard this expression, in today’s post we are going to desmitify container technologies by decomposing them part by part and describing which Linux technologies make containers possible. We can describe a container as an isolated process running on a host. In order to isolate the process the container runtimes leverage Linux kernel technologies such as: namespaces, chroots, cgroups, etc. plus security layers like SELinux....

Published on March 25, 2021 · Last updated on March 25, 2021 · 12 min · Mario

Integrating our Operators with OLM

Introduction This post is a continuation of our previous blog Writing Operators using the Operator Framework SDK. We will continue working on the operator created on the previous blog, if you want to be able to follow this blog, you will need to run the steps from the previous blog. Operator Lifecycle Manager The Operator Lifecycle Manager is an open source toolkit to manage Operators in an effective, automated and scalable way....

Published on September 16, 2020 · Last updated on September 16, 2020 · 5 min · Mario

Enabling Prometheus Metrics on your Applications

Instrumenting your Applications We usually see systems being monitored by Ops teams, in fact, there are lots of valuable metrics that help Ops teams understand how the infrastructure they are managing is doing, but when it comes to applications monitoring, we don’t see those being monitored that carefully most of the time. Sometimes that ends up in application crashes that might be prevented with a proper monitoring strategy. In this blog post we are going to see how we can instrument our applications using Prometheus metrics libraries....

Published on August 11, 2019 · Last updated on August 11, 2019 · 7 min · Mario

Using OpenShift OAuth Proxy to secure your Applications on OpenShift

What is OAuth Proxy A reverse proxy and static file server that provides authentication and authorization to an OpenShift OAuth server or Kubernetes master supporting the 1.6+ remote authorization endpoints to validate access to content. It is intended for use withing OpenShift clusters to make it easy to run both end-user and infrastructure services that do not provider their own authentication. [Source] Securing an Application with OAuth Proxy In this blog post we are going to deploy OAuth Proxy in front of a simple application....

Published on July 30, 2019 · Last updated on August 31, 2022 · 5 min · Mario