Open Policy Agent, Part I — The Introduction

Recently I was looking for a way to implement access control for microservices. I needed a solution that would allow defining complex authorization rules that could be enforced across many services. After searching the web, I discovered a very promising Open Policy Agent project that seems to be the right tool for the job. In this series of three blog posts, I am going to introduce Open Policy Agent to you and highlight how it can help you.

Continue reading “Open Policy Agent, Part I — The Introduction”

Say “Hello” to Buildah, Podman, and Skopeo

Are you still doing all your Linux container management using an insecure, bloated daemon? Well, don’t feel bad. I was too until recently. Now I’m finding myself saying goodbye to my beloved Docker daemon, and saying hello to Buildah, Podman, and Skopeo. In this article, we’ll explore the exciting new world of rootless and daemon-less Linux container tools.

Continue reading “Say “Hello” to Buildah, Podman, and Skopeo”

Achieving the promise of Microservices, one contract at a time

So many organizations are jumping on the Microservices bandwagon. The amount of hype makes the phenomenon nearly impossible to ignore. According to InfoQ, Microservices and their respective frameworks are in the “Late Majority” stage, meaning that even those industries and enterprises which are slow to adopt new tech are using them. That said, many of those same organizations are struggling to attain the promises that have been espoused by companies like Google or Twitter around Microservices.

Continue reading “Achieving the promise of Microservices, one contract at a time”

Configuring Envoy to Auto-Discover Pods on Kubernetes

This blog was originally published on Ales Nosek – The Software Practitioner.

Pods on Kubernetes are ephemeral and can be created and destroyed at any time. In order for Envoy to load balance the traffic across pods, Envoy needs to be able to track the IP addresses of the pods over time. In this blog post, I am going to show you how to leverage Envoy’s Strict DNS discovery in combination with a headless service in Kubernetes to accomplish this.

Continue reading “Configuring Envoy to Auto-Discover Pods on Kubernetes”