Posts

  • Implementing VSCode-based (Code-Server) on Cloud with AWS CDK

    As I stated in the previous post “A Cloud IDE for the masses”, in this post I will explain you how to deploy Code-Server on AWS. But to make it more interesting, I’m going to use AWS Cloud Development Kit (AWS CDK), it is a framework to model and provision your cloud applications and resources using knew programming language (TypeScript, Python, Java, etc.), no more YAML or Json.

    We are going to deploy Code-Server (a NodeJS web app) into an EC2 instance, using Ubuntu AMI and provisioning all package through a bash scripts (UserData), as in the below diagram depict it.

  • A Cloud IDE for the masses

    Nowadays, you likely are involved in development/devops tasks for the cloud and you are using a Cloud-based IDE (Integrated Development Environment) to accomplish your job, but if you don’t have any or you are not happy with yours, then this blog post will explain you how to get one, opensource and in a few minutes.

  • Sidecar Proxy: The Security Building Block

    Just as a HTTP reverse proxy is sitting in front of a web application and a sidecar is attached to a motorcycle; a sidecar proxy is attached to a main application to extend or add functionality. A Sidecar Proxy is an application design pattern which abstracts certain features, such as inter-service communications, monitoring and security, away from the main application to ease its maintainability, resilience and scalability of the application as a whole.

    In this post I will show you how to use the Sidecar Pattern to address security challenges in the Cloud Native Applications.

  • Building an affordable remote DevOps desktop on AWS - Part2 (custom AMI with Packer)

    In the previous post Building an affordable remote DevOps desktop on AWS I shown you how to build a cheaper remote DevOps Desktop on AWS, now I’ll explain you how to do that in approximately 3 minutes, instead of 25 minutes, using Hashicorp Packer to pre-bake an AWS AMI.

  • Building an affordable remote DevOps desktop on AWS

    If you’re going to work 100% remotely or are just tired of carrying a heavy laptop while commuting, why not spin up a DevOps Desktop PC in a public cloud and work from anywhere you want? So, if you like the idea, this post for you. In this post I’ll explain you how to build your own Remote DevOps Desktop on AWS and configure your thinner Local PC to connect to remote one.

  • GitHub Pages and Jekyll on Windows 10

    I have a Blog hosted on Github Pages created with Jekyll from Linux. That works perfectly and can publish posts frequently, but now I would like to do the same but from Windows 10 laptop (older Surface 3 Pro, 4GB RAM, 64GB SSD). The aim of this post is explain you how to prepare and configure Windows 10 to publish post in a new or existing static site created with Jekyll.

    To do that I’m going to follow the Jekyll on Windows guide, basically I’ll download, install and configure a Ruby+Devkit version in Windows 10.

  • Simple Windows 10 Environment for DevOps Engineers

    If you are working as a DevOps Engineer and want to automate the creation of your infrastructure on AWS from Windows 10, then you should install and configure a minimalist toolset to do Infrastructure as Code (IaC) tasks. Since I’m using an older Surface 3 Pro (Windows 10 with 4GB RAM and 64GB SSD), I’m going to focus on Terraform coding, leaving out Docker, K8s, Jenkins, etc. for another article.

  • Minimum Viable Security for a Kubernetised Webapp: HTTP Basic Auth on TLS - Part2

    In the “Minimum Viable Security for a Kubernetised Webapp: TLS everywhere - Part1” I used the Affordable K8s’ Terraform scripts to create a K8s Cluster with the Jetstack Cert-Manager and the NGINX Ingress Controller pre-installed, now I want to improve the security of a Webapp hosted in that Cluster according the Minimum Viable Security (MVSec) and Pareto Principle or 80/20 rule.

    In this post I’ll explain how to enable and configure HTTP Basic Authentication over TLS in the Weave Scope webapp running in the recently created K8s Cluster.

  • DevOps is to SDLC as MLOps is to Machine Learning Applications

    If you have read the previous post about Security along the Container-based SDLC, then you have noted that DevOps and Security practices should be applied and embeded along SDLC. Before we had to understand the entire software production process and sub-processes in order to apply these DevOps and Security practices. Well, in this post I’ll explain how to apply DevOps practices along Machine Learning Software Applications Development Life Cycle (ML-SDLC) and I’ll share a set of tools focusing to implement MLOps.


    Data Science (& ML) Life Cycle

  • Minimum Viable Security for a Kubernetised Webapp: TLS everywhere - Part1

    Minimum Viable Security (MVSec) is a concept borrowed from the Minimum Viable Product (MVP) concept about the Product Development Strategy and from the Pareto Principle or 80/20 rule. The MVP concept applied to IT Security means the product (application) will contain only the minimum amount (20%) of effort invested in order to prove the viability (80%) of an idea (acceptable security).

    The purpose of this post is to explain how to implement TLS everywhere to become MVSec (roughly 80% of security with 20% of working) for a Kubernetised Webapp hosted on AWS.


    Minimum Viable Security for a Kubernetised Webapp: TLS everywhere with NGINX Ingress Controller, Cert-Manager and Let's Encrypt