Nirmata Blog
134 FOLLOWERS
Visit the Nirmata blog to learn about the use of Kubernetes anywhere and Kubernetes deployment for enterprise-wide apps management in the cloud. Nirmata provides a platform for development and operations of cloud services. With the Nirmata Platform, an application is designed as a set of loosely coupled cloud services. Each cloud service has pluggable modules for common features such as..
Nirmata Blog
2w ago
A new Kubernetes vulnerability, CVE-2024-7646, has recently been identified and demands urgent attention from security professionals and DevOps teams. This vulnerability severely threatens the security of systems using the widely adopted ingress-nginx controller, potentially allowing attackers to bypass annotation validation and gain unauthorized access to...
The post Addressing the Latest Kubernetes NGINX Ingress Controller CVE-2024-7646 Vulnerability first appeared on Nirmata ..read more
Nirmata Blog
3w ago
Introduction As organizations increasingly turn to Kubernetes to deploy and manage containerized applications, they face unique challenges in efficiently allocating resources. The dynamic nature of Kubernetes often leads to inefficient defaults, underperforming applications, and inflated cloud bills. While Kubernetes and the CNCF ecosystem provide...
The post Kubernetes Policy Driven Resource Optimization with Kyverno first appeared on Nirmata ..read more
Nirmata Blog
1M ago
Background The rapid adoption of cloud-native technologies, including containers, microservices, and Kubernetes, has transformed how organizations develop and deploy applications. These technologies offer numerous benefits, such as increased scalability, flexibility, and speed. However, they also introduce new security challenges, requiring organizations to rethink their security...
The post From Gatekeepers to Enablers: The Transformation of Security Teams in Cloud-Native Environments first appeared on Nirmata ..read more
Nirmata Blog
1M ago
The AWS ECS Landscape Amazon Web Services (AWS) Elastic Container Service (ECS) is a highly scalable, high-performance container orchestration service that supports Docker containers. ECS is not just a tool but a comprehensive solution that simplifies the deployment, management, and scaling of containerized applications, providing...
The post Strengthening AWS ECS Security with Nirmata’s Best Practices Policy Enforcement first appeared on Nirmata ..read more
Nirmata Blog
1M ago
In the wake of Broadcom’s acquisition of VMware, many organizations are accelerating their migration to the cloud to sidestep potential price hikes and maintain cost efficiency. This transition, however, is far from straightforward. Businesses must decide which workloads should remain in virtual machines (VMs) and...
The post Navigating the Post-VMware Era: Accelerating Cloud Migration with Nirmata Policy Manager first appeared on Nirmata ..read more
Nirmata Blog
1M ago
The Don’t Repeat Yourself (DRY) principle of software development advocates avoiding repetition of code that is likely to change. Replacing similar code with reusable abstractions makes software easier to maintain, and avoids bugs.
In this post, I will show you a couple of ways to apply the DRY principle in Kyverno policies, which are written in YAML.
DRY Using Variables
Kyverno policies can declare and reuse variables. Consider this policy that mutates various container types in a Pod, to add a memory request if one is not specified. The policy rule iterates over a list of contai ..read more
Nirmata Blog
2M ago
Guest Contributors: Benoit Schipper (HCS), Marcel Booms (HCS)
OpenShift’s Built-In Security Features
OpenShift is renowned for its robust out-of-the-box security features, including Role-Based Access Control (RBAC), built-in network policies, and default admission controllers. These features collectively establish a secure default state for OpenShift clusters. However, it is crucial to recognize that security is a dynamic and evolving process. There are always areas for improvement, particularly in addressing specific organizational requirements, supply chain security, and continuous complian ..read more
Nirmata Blog
2M ago
Image by Tumisu from Pixabay
Kyverno, an open source CNCF policy engine created by Nirmata, has seen rapid adoption as it helps enterprises ensure the security, compliance, and governance of their Kubernetes clusters and cloud-native infrastructure and applications. However, using open-source Kyverno in mission-critical environments poses several challenges that can hinder operational efficiency and security. Often platform teams end up spending a lot of time keeping up with various Kyverno releases and are burdened with ensuring Kyverno meets their security and compliance requi ..read more
Nirmata Blog
2M ago
What is a Policy Exception
Often, only some policies and rules the security or platform team defines are universally applicable. Sometimes, a developer needs an exception from a specific policy or rule for a particular application or namespace, such as for debugging or doing a PoC. Without a policy exception, the only options are to turn off the policy or exclude the namespace, requiring policy modifications. This is where Kyverno’s PolicyException becomes useful. PolicyException is a custom resource in Kyverno that allows bypassing specific policies and rules. You can define a policy excepti ..read more
Nirmata Blog
2M ago
Policy-as-Code (PaC) is revolutionizing the way organizations manage and enforce policies. PaC involves writing policies in code, which can be automatically enforced, managed, and audited using software development practices. By defining policies as code, organizations can ensure consistency, scalability, and reliability in their infrastructure and applications. Enforcing policies can enhance the overall security posture by eliminating misconfigurations and preventing insecure settings.
What is Policy-as-Code?
Policy-as-Code is the practice of defining and managing policies through code rathe ..read more