In the first blog of this series, we took a look at what Operator means in the Kubernetes context, as well as a working Hello World! example. In that example, we chose kubebuilder as our framework to implement the Operator pattern. Nevertheless, pretty much like everything else in the cloud native world, there are many, many more other implementation of the Operator pattern in the market, alongside kubebuilder. In this post, we will take a look at some of the most prominent ones, and in turn, …

With the recent announcement of the AWS Step Functions AWS SDK Service Integration, it felt like an appropriate time to delve into what Step Functions are, what the announcement really means and hopefully give readers some ideas of where they could potentially implement AWS Step Functions to improve their orchestration processes. The TLDR on the announcement Previously, when you wanted to interface with particular AWS services as part of your Step Function workflow, if the service didn’t …

In the recent years there has been a spike in Kubernetes adoption, especially by enterprises. As this trend continues, more and more organisations are going to be using Kubernetes to build internal platform and provide an abstraction layer which allows development teams / app teams to focus on real customer value through feature delivery. Out of the box, Kubernetes has a lot of good features like namespaces, RBAC, configMaps, networkPolicies, services and deployments that can be leveraged by …

One of the most noticeable consequences of Covid-19 is the massive increase in global reliance on technology to provide critical products and services. In the midst of a pandemic outbreak, it is not even safe for our most vulnerable members of society to venture to the bank to pay a bill, to the chemist to collect a prescription and even sometimes to the grocery shops. In many circumstances infected (and potentially infected) people are unable to leave their houses at all for weeks.

What’s Changed Docker has just announced updates to their services terms and here is the most important change that you need to be aware of: Commercial use of Docker Desktop in larger enterprises (more than 250 employees OR more than $10 million USD in annual revenue) requires a Docker Pro, Team or Business subscription for as little as $5 per user per month. Disclaimer: this post is not to be considered legal advice and is merely an opinion piece.

Preface We are going to talk about automating AWS Transit Gateway routing by using one of the most under-rated and under-used solutions from AWS - STNO. STNO stands for Serverless Transit Network Orchestrator, which should sound very descriptive for those, who have configured AWS Transit Gateway, and especially for those, who have tried automating this process. In this blog we will try to identify the problems connected to automating Transit Gateway configuration and see why STNO is a good …

Shhh Kubernetes.. it’s a Secret In part one of this series we looked at how to build a sound Secret Management strategy, we then looked at a few options available touching on the fact that cloud provider managed Secret Management solutions offered an advantage compaired to self-managed / self-hosted solution. Regardless of which Secret Management solution you choose, connecting and safely accessing secrets in a secure manner remains a fundamental problem with any solution.

What is Secret Management? Over the past 12 months, the focus of much of my work has been assisting organisations in identifying and implementing a solution around two of the most common questions we see pop up within organisations striving to establish strong DevOps practices. How to manage secrets within our organisation? How to securely consume these secrets in our Kubernetes environments? In this 2 part series, I want to outline the necessity of a secret management solution within any …

What is a disruption? Keen reader like yourself definitely noticed the word disruption in the word PodDisruptionBudget. What is a disruption? A disruption, for the purpose of this blog post, refers to an event when a pod needs to be killed and respawned. Disruptions are inevitable, and they would need to be handled delicately, otherwise we will have outage. Imagine when we have a service but none of the backing pods are available.

Why Terraform? This is a question I’ve been asked many times in my career, and my answer is always: It’s a great tool that is easy to use. It has many providers, including AWS, GCP, Azure, Kubernetes. It allows you to create reusable modules. I was challenged on my answer recently and I wanted to elaborate on why Terraform is a good approach, so I researched the topic into why someone would choose terraform over native tools.

Recently I have been working with the AWS EC2 Image Builder service for an Innablr client who was in need of a variety of hardened (or “Golden”) Windows images for use across their organisation. EC2 Image Builder is AWS’s competing service for Hashicorp’s Packer, with some nice features and some annoying ones too. In this blog post I’ll explain how to use the EC2 Image Builder service to build a Windows Server 2019 image with components provided by AWS and a custom …

As devops has expanded and more companies are moving to complex cloud based infrastructure, we find ourselves needing more and more abstractions to solve the same problems that devops was designed initially to solve, that is that developers can focus on developing. A common solution is to have dedicated teams that are responsible for implementing and maintaining these services, providing software and platforms ‘as a service’. There are many advantages to operating this way, including cost …

As organisations continue their business transform programs, Innablr empowers them by accelerating the adoption of innovative new cloud native technologies. The foundation of these new data-driven and business critical applications is Kubernetes, a container orchestration platform first developed at Google and now governed by the Cloud Native Computing Foundation (CNCF). Today, Innablr is proud to announce we have qualified as a Kubernetes Certified Service Provider (KCSP), the first local …

I was fortunate enough to attend Container Camp 2019 in Sydney in July. While there were a number of interesting presentations, it was the last couple sessions on security that really caught my attention. The first one from Aleksa Sarai @lordcyphar on securing container run time was quite informative.. and yet somewhat worrying! I promise Aleksa, I will always use user namespaces from now on! So what exactly was Aleksa talking about?

This Australia-based client is one of the world’s largest publicly listed wagering and gaming organisations. They offer subscription television, gaming and wagering, and drive fully integrated solutions that create passion and excitement in their millions of customers around the world. Their problem As part of their ‘cloud first’ strategy, our client had already chosen AWS to host their cloud platforms. But choosing a server and complying with all regulatory requirements are two very different …

One of the goals I had for this year was to pass the Certified Kubernetes Administrator (CKA) exam, which I have successfully achieved from the first attempt early August 2019 scoring 84%. I’ve been using Kubernetes over the past year throughout the different projects I’ve worked on. This has definitely gave me some extra confidence to sit the exam alongside the 3 weeks of preparation prior to that. Why get certified The demand for skills in Kubernetes has increased as …

AWS Service Catalog is a managed service by AWS to create and manage products (AWS service) centrally. Many case studies on managing infrastructure can be found in https://aws.amazon.com/servicecatalog/. But this blog will introduce how AWS Service Catalog can be used to create, update and terminate AWS Services. How I see AWS Service Catalog is, It’s a nice-looking GUI for AWS Cloudformation. S3 Url of AWS Cloudformation template can be passed as a parameter to AWS Service Catalog Product …

What are PhysicalResourceId and LogicalResourceId? Many of us use Cloudformation for deploying our infrastructure in AWS. We love it for it’s simplicity and transparency. Also Cloudformation is extensible and one of the ways how it can be extended is Custom Resources. Let’s talk about one of the intricacies of using Custom Cloudformation resources in connection to the PhysicalResourceId. When you deploy a Cloudformation stack, every resource you describe in the template gets a …

What is AWS Transit Gateway? AWS Transit Gateway is a managed service which provides a hub-and-spoke model to connect AWS VPCs and your datacentres over VPN. AWS Transit Gateway was made generally available in Sydney region just after the re:Invent 2018. Prior to AWS Transit Gateway As the AWS accounts grow or the number of VPCs increase, it became hard to manage the interconnection between VPCs as the only managed available solution was VPC Peering.