Hi there, it has been a long time since I haven’t written on my blog. And I was thinking a lot about that, every month I used to think: “oh shit.. another month passed and I didn’t write anything”. During my summer holidays I decided to give a new look to my blog, I decided to switch to Hugo and move from GitHub Pages to Cloudflare (but considering the latest events I don’t know if it’s been a good choice…). ...
In the vast and dynamic ecosystem of software development, security is a fundamental pillar that ensures the reliability and integrity of digital products. In particular, with the growing adoption of containers, the need to validate the authenticity and integrity of Docker images has become crucial. This is where Cosign comes into play, a tool developed by the Sigstore project, designed to simplify the signing and verification of Docker images. This practice ensures that the code you are about to deploy is exactly what was intended, free from malicious alterations. In this article, we will dive into the world of Cosign, exploring how it works, how it can be used to sign a Docker image, and why it is an essential element for improving software supply chain security. I will also illustrate a practical example, showing how I integrated Cosign into a GitHub pipeline to automate the image signing process. For a detailed view and access to the source code, I invite you to visit my GitHub repository. ...
The procedure described here is no longer supported. The kubernetes package has changed repository. For more information, please refer to the official documentation. In a world where containerization is becoming increasingly central, having a solid understanding of how to configure Kubernetes is essential. In this article, I’ll guide you step by step through installing a Kubernetes cluster using containerd as the runtime. And if you’re wondering, “Why containerd?”, the answer is simple: it’s lightweight, efficient, and perfectly integrated with Kubernetes. ...
What is an RPC? RPC, short for Remote Procedure Call, is a protocol that allows one piece of software to request a service exposed by another piece of software. These two pieces of software can reside on the same machine or on different machines, even across different networks. In essence, an RPC call consists of invoking a function or procedure hosted on a server, a separate device, or inside a container. When an RPC call is made, the underlying system handles the entire communication process between the two devices, making the remote procedure virtually indistinguishable from a local one from the developer’s perspective. ...
In the course of my work with AWS ECR (Elastic Container Registry), I ran into a problem: The repository access key expires every six hours. Working with a non-AWS Kubernetes test cluster, I had to constantly update these credentials manually, a repetitive and tedious process. From this experience came the idea to create a tool that automated this process: k8s-aws-ecr-secret-updater. This tool is a Kubernetes cronjob, designed to automatically update the AWS ECR repository access credentials. ...