This week's articles
Authorizing Microservice APIs With OPA and Kuma
#opa, #kubernetes, #build
You can hook up Kuma to OPA, so that then whenever an external request comes in, Kuma will send the agent an authorization query that says, "Hey, is this API call authorized or not?". OPA returns that authorization decision and Kuma is responsible for enforcing it.
Annotating Kubernetes Services for Humans
#kubernetes, #explain
Much like implementing observability within microservice systems, you often don't realize that you need human service discovery until it's too late. Don't wait until something is on fire in production to start wishing you had implemented better metrics and also documented how to get in touch with the part of your organization that looks after it.
|
|
Tools
kube-burner
Kube-burner is a tool aimed at stressing Kubernetes clusters by creating or deleting a high quantity of objects. You can also refer to the companion blog post.
PurpleCloud
Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure alongside Azure AD and Azure Domain Services.
fossa-action
Find license compliance and security issues in your applications with FOSSA in Github Actions, using FOSSA CLI V2.
censor-shell
Censors or hides shell / Bash / console output based on defined patterns - great for hiding secrets in demos.
rbac-lookup
Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster.
|
|
From the cloud providers
Access Approval
Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.
A peek behind Colossus, Google's file system
A deeper look at the storage infrastructure behind your VMs, specifically the Colossus file system, and how it helps enable massive scalability and data durability for Google services as well as your applications.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|