mccricardo

Trivy

In software, a vulnerability is a weakness or a glitch that can be targeted with the intent of exploiting the system. When done by a bad actor, that exploitation aims at making us look bad, making our projects look bad, making our companies look bad. That can translate into a loss of credibility (and revenue) and, in some extreme cases, can be the “death” of a company. Shift left security refers to moving security sooner in the development process....

Getting certified

Certifications serve as an indication that a certain level of competence was achieved and many successful professionals seek them in order to reap several rewards. In some fields they’re mandatory and while in others they’re not, they usually come with several benefits attached. Credibility Certifications establish a certain level of proficiency that helps cement credibility. It is proof that we know what we’re doing. More so, it’s an external validation of our skills from a credible source....

Fancy a stab at CKA?

The Certified Kubernetes Administrator (CKA) is a certification created by the Cloud Native Computing Foundation (CNCF) with the purpose “to provide assurance that CKAs have the skills, knowledge, and competency to perform the responsibilities of Kubernetes administrators”. It’s a proctored, performance-based test which means there are several tasks that need to be done, from a command line, to solve multiple issues. Having recently passed the exam myself, a few tips and tricks could be helpful....

Kubernetes gone bust. Now what?

We’ve been operating a few Kubernetes clusters. Someone trips over, falls on a keyboard, and deletes several services. We need to (quickly!) get those back online. We have several options to get things back to how they were: we have everything in version control - pipelines or GitOps reconcilers will take care of it; restore ectd backup - all Kubernetes objects are stored on etcd. Periodically backing up the etcd cluster data can be a lifesaver under disaster scenarios; use specific Kubernetes backup tools - for example Velero....

How Kyverno helps with policy management

The proliferation of the cloud and Kubernetes made it “easier” to provision new environments dynamically, democratizing the access to resources that can be used, for example, for testing. That comes with its own set of challenges; dynamically provisioning Roles and RoleBindings being some of them. If we think of a new “environment” as a namespace in Kubernetes, each of them will have its own Roles and RoleBindings and we would like for them to be managed dynamically....