Category Archives: Security

AWS: Web Application Firewall overview, configuration, and its monitoring
0 (0)

19 July 2021

AWS WAF (Web Application Firewall) is an AWS service for monitoring incoming traffic to secure a web application for suspicious activity like SQL injections. Can be attached to an AWS Application LoadBalancer, AWS CloudFront distribution, Amazon API Gateway, and AWS AppSync GraphQL API. In case of finding any request that sits WAF’s rules, it will… Read More »

Loading

AWS: CloudTrail overview and integration with CloudWatch and Opsgenie
0 (0)

15 July 2021

AWS CloudTrail is a service for auditing AWS accounts events and is enabled by default. It saves all actions that were done by a user, IAM role, or an AWS service via AWS Console, AWS CLI, or AWS SDK. CloudTrail will write information about every API call, log in to the system, services events, and… Read More »

Loading

ArgoCD: Okta integration, and user groups
0 (0)

17 May 2021

In the previous post ArgoCD: users, access, and RBAC we’ve checked how to manage users and their permissions in ArgoCD, now let’s add an SSO authentification. The idea is that we don’t add user accounts locally in the ArgoCD’s ConfigMap, but instead will use our Okta users databases and Okta will perform their authentication. And… Read More »

Loading

ArgoCD: a Helm chart deployment, and working with Helm Secrets via AWS KMS
0 (0)

22 November 2020

In the previous post ArgoCD: an overview, SSL configuration, and an application deploy we did a quick overview on how to work with the ArgoCD in general, and now let’s try to deploy a Helm chart. The most interesting part of this is how to enable the Helm Secrets. Had some pain with this, but… Read More »

Loading

Kubernetes: ServiceAccounts, JWT-tokens, authentication, and RBAC authorization
0 (0)

22 November 2020

For the authentification and authorization, Kubernetes has such notions as User Accounts and Service Accounts. User Accounts – common user profiles used to access a cluster from the outside, while Service Accounts are used to grant access from inside of the cluster. ServiceAccounts are intended to provide an identity for a Kubernetes Pod to be… Read More »

Loading

Git: git clone – fatal: unable to fork and RSA key fingerprint
0 (0)

23 October 2020

We have a Docker image with Git client installed. The task is to automatically clone a repository when running a container from this image. git clone – fatal: unable to fork When running the git clone command in a container from this Docker image it fails with the “unable to fork” error: [simterm] / #… Read More »

Loading

Helm: helm-secrets – sensitive data encryption with AWS KMS and use it with Jenkins
0 (0)

16 May 2020

So, as a follow-up to the Helm: Kubernetes package manager – an overview, getting started post – let’s discuss about sensitive data in our Helm charts. What I want is to store a chart files in a repository, but even if such a repo will be a private Github repo – I still don’t want… Read More »

Loading

Kubernetes: part 5 — RBAC authorization with a Role and RoleBinding example
0 (0)

26 March 2020

The next task is to add a new user who will have access to check pods state and watch logs – any other operations must be prohibited. AWS EKS uses AWS IAM for authentification in a Kubernetes cluster (check the Kubernetes: part 4 – AWS EKS authentification, aws-iam-authenticator and AWS IAM post for details), bot… Read More »

Loading

Linux: gnome-keyring setup as Freedesktop SecretService
0 (0)

26 February 2020

Currently, I’m using KeePass as passwords, RSA-keys, and as the Freedesktop SecretService, see the KeePass: an MFA TOTP codes, a browser’s passwords, SSH keys passwords storage configuration and Secret Service integration post. The first issue I faced with during such a setup is the fact that KeePass’ database is synced between my computers (it’s database… Read More »

Loading