I wrote about remote attestation in confidential computing and what we are doing for confidential containers in the following blog. In this blog, I will take you through an example attestation workflow from Azure. …

In my previous blog, I touched up the subject of understanding a confidential computing solution. In this blog, I’ll dive deeper into the attestation process. …

If you are following the latest IT trends, you would have come across the mention of “confidential computing”. With the release of product offerings in this space from Intel, AMD, IBM, Microsoft, Google and many others, this promising technology is making way to real users. In this blog, we’ll look…

When we discuss security guardrails, it’s primarily about automated policies and monitoring, among other things. But have you ever thought about container runtimes as a potential security guardrail? Every container runtime has its pros and cons. When choosing container runtimes, we typically consider the use-cases. However, we shouldn’t rule out…

This article will briefly discuss what I typically use for debugging Kubernetes apps. I hope you will find it helpful. Using plain old “exec” $ kubectl exec -it -c <container> <pod-name> -- /bin/sh This approach will not work for the environments where “exec” is disabled or for container images without a shell. Let’s look…

I often create disposable Kubernetes and OpenShift clusters in my day-to-day development work. Mostly it’s on my bare metal server. However, sometimes I use public cloud providers as well. Creating disposable clusters improved my productivity compared to my earlier approach of cleaning up and reusing existing clusters. I have used…

Applying the principle of least privileges when developing Operators Let me start by asking you a few questions. Are you developing Operators for Kubernetes? Are you the kind of person who yearns for a safe environment to run everything as a privileged user (‘root’) during development? Is bypassing security checks…

If you are responsible for managing Red Hat OpenShift clusters, then there is a nifty opensource project (aptly named openshift-checks) that could be a good addition to your toolkit. The openshift-checks project is a collection of health-check scripts for an OpenShift cluster. Take a look at the project description and…

When transitioning workloads to Kubernetes, some of the following questions often cross our minds: How to satisfy conflicting workload requirements on the same Kubernetes cluster? Is it possible to lift and shift a few existing workloads to run on Kubernetes with phase-wise modernization? What kind of flexibility can be provided…