secure nginx ingress controller behind cloud armor

let’s see how we can secure our nginx ingress controller behind an l7 https load balancer and cloud armor
read more →

sail sharp, 8 tips to optimize and secure your .net containers for kubernetes

let’s go through 8 tips to optimize and secure your .net containers for kubernetes, based on my contributions to the online boutique sample apps
read more →

chainguard nginx container image

let’s see what are the advantages of using a chainguard container image, with nginx
read more →

sigstore’s cosign and policy-controller with gke and kms

let’s see how we could sign our own private container images with sigstore’s cosign and then how to only allow them to be deployed in our gke cluster thanks to sigstore’s policy-controller
read more →

deploying gatekeeper policies as oci artifacts, the gitops way

let’s see how to deploy gatekeeper policies as oci artifacts, thanks to oras, google artifact registry and config sync
read more →

ci/gitops with oci artifact, github actions, google artifact registry and config sync

let’s see how to do the ci/gitops workflow with oci artifacts, github actions (using workload identity federation), google artifact registry and config sync (using workload identity)
read more →

ci/gitops with helm, github actions, google artifact registry and config sync

let’s see how to do the ci/gitops workflow with helm charts, github actions (using workload identity federation), google artifact registry and config sync (using workload identity)
read more →

ci/gitops with helm, github actions, github container registry and config sync

let’s see how to do the ci/gitops workflow with helm charts, github actions (using pat token), github container registry and config sync
read more →

gitops with oci artifacts and config sync

let’s see how to do gitops with oci artifacts, artifact registry and config sync
read more →

keyless gcp authentication from github actions with workload identity federation

let’s see how to use a keyless gcp authentication from github actions with workload identity federation
read more →

lessons learned from the log4shell cves

let’s see what we could learn on a kubernetes point of view from the log4shell cves
read more →

distroless asm proxy

let’s see how to improve our security feature by leveraging the distroless asm proxy image
read more →

crfa v2 with asm

let’s see how the new crfa v2 is leveraging asm
read more →

container scanning

let’s see how to scan your containers with gcp
read more →

mix both internal and external load balancers to expose your crfa services

let’s see how to setup both external and internal load balancers to expose your services in the same crfa cluster
read more →

ebpf and cilium, to bring more security and more networking capabilities in gke

let’s see ebpf and cilium on gke and how they are bringing more security and networking capabilities
read more →

fasten your seatbelt, and turn autopilot mode on

let’s see in actions the new gke’s autopilot mode
read more →

gitops on gke with config sync

let’s see gitops in actions with gke’s config sync
read more →

host helm charts and oci artifacts in google artifact registry

let’s see how we could host our own helm charts (and more generically, any oci artifacts) in google artifact registry
read more →

container linter for compliances and security

let’s see how to use open policy agent or dockle to check your containers on a security and compliances perspectives.
read more →

advanced continuous integration pipeline for containers

let’s setup an advanced continuous integration pipeline for containers
read more →

my capture the flag (ctf) and kubecon na 2020 experiences

let’s see what I have learned during my first kubecon conference as well as my first capture the flag (ctf) experience to improve my knowledge about security with containers and kubernetes.
read more →

online boutique demo

let’s see how to deploy the online boutique solution on gke, w/ or w/o workload identity
read more →

binary authorization on gke

let’s see how you can only run what you trust (tl;dr whitelisted registries and signed containers) on gke with binauthz
read more →

demo bank on gke

let’s see how to deploy the demo bank (aka bank of anthos) solution on gke, w/ or w/o workload identity
read more →

gcr cleaner

let’s see how to cleanup your gcr by deleting old container images
read more →

container native networking

let’s see how gcp brings unique and true container native networking with gke
read more →

application modernization at google next onair 2020

let’s see in details what is google next onair 2020 and more specifically what you should watch on an application modernization standpoint
read more →

cloud operations with gke

let’s see how to leverage google cloud operations (aka stackdriver) with gke
read more →

build and deploy a containerized app on gke with cloud build

let’s see how to use google cloud build to build and deploy a containerized app on gke
read more →

my first week with gcp

let’s share some learnings during my first week leveraging gcp, tools and services like linux on my pixelbook, gcloud cli, docker, git, service account, gcr, cloud run, app engine and kubernetes engine
read more →

hello, cloud native hugo blog!

let’s discuss why my new blog is a containerized hugo website hosted on kubernetes
read more →

container security context on kubernetes

let’s add more security context to your containers on kubernetes
read more →

my own custom and private azure pipelines agent as a docker container

let’s build a custom linux container image as an azure pipelines agent
read more →

buildah, a tool to facilitate building oci container images

let’s build your own oci container images with buildah
read more →

podman, a daemonless container engine

let’s have a look at podman, a daemonless container engine
read more →

flexible kured deployment with its helm chart

let’s be more flexible while deploying kured thanks to its helm chart
read more →

my bot just became a cloud native app

let’s leverage docker, helm, kubernetes and terraform to make your bot app more cloud native
read more →

scanning container images for vulnerabilities in acr with asc

let’s use azure security center (asc) to scan your containers in azure container registry (acr)
read more →

helm 3 is out

let’s go through the latest and greatest of helm 3
read more →

ignite 2019, what’s new with containers and kubernetes on azure?

let’s see what has been announced around the containers technologies at the microsoft ignite conference 2019
read more →

kubernetes network policies, how to secure the communications between your pods

let’s secure the communications between your pods with calico kubernetes network policies
read more →

ci/cd pipeline with azure devops to deploy any apps on kubernetes

let’s build and deploy a containerized app in kubernetes via azure pipelines
read more →

helm chart management in ci/cd with acr and azure devops

let’s do ci/cd with your own helm charts, acr and aks via azure pipelines
read more →

keda, event-driven containers for Kubernetes

let’s see what’s keda what it is in action
read more →

windows containers with kubernetes 1.14

let’s see what does mean the graduation of the windows nodes support in k8s as stable
read more →

deploying azure cognitive services as docker containers

let’s deploy azure cognitive services as docker containers
read more →

grafana dashboards to monitor your azure services

let’s use grafana dashboard for your azure services through azure monitor
read more →