Linuxera

Writing CLIs in Go with Cobra

Writing CLIs in Go using Cobra A few months ago, I was working with my colleague Alberto in a CLI. The language of choice was Go and I manage to learn a thing or two. In today’s post we will see a very basic skeleton for a CLI written in Go. This will certainly help me in the future as a template for the next CLI, and maybe it helps you too!...

OpenShift 4 User Certificates

User Certificates in OpenShift 4 Attention The information described in this blog post may not be a supported configuration for OpenShift 4. Please, refer to the official docs for supported documentation. In this blog we will see how we can create OpenShift Users using client certificates and how to configure the API Server, so we can create client certificates using custom CAs. The information described in this blog was last tested with OpenShift 4....

Working with Pod Security Standards

Working with Pod Security Standards In Kubernetes v1.25 Pod Security admission has moved to stable, replacing Pod Security Policy admission. This feature has been in beta and enabled by default since Kubernetes v1.23 in this post we are going to cover what’s new with Pod Security Admission (PSA) and how it affects the workloads being deployed in our clusters. Note For this post I’ll be running a Kubernetes v1.25 cluster. If you want to try this in your own environment you can use your favorite tool to get a K8s cluster up and running, I’ll be using kcli....

Capabilities and Seccomp Profiles on Kubernetes

Capabilities and Seccomp Profiles on Kubernetes In a previous post we talked about Linux Capabilities and Secure Compute Profiles, in this post we are going to see how we can leverage them on Kubernetes. We will need a Kubernetes cluster, I’m going to use kcli in order to get one. Below command will deploy a Kubernetes cluster on VMs: NOTE: You can create a parameters file with the cluster configuration as well....

Container Security - Linux Capabilities and Secure Compute Profiles

Container Security - Linux Capabilities and Secure Compute Profiles In this post we are going to see two security mechanisms used in Linux Containers in order to provide a security layer for our workloads. We will see how Linux Capabilities and Secure Compute Profiles can be used for limiting the attack surface for our containers. The first part of the blog post will be an introduction to Linux Capabilities and Secure Compute Profiles, second part will show how these technologies work through the use of demos....