sigstore’s cosign and policy-controller with gke and kms
let’s see how we could sign our own private container images with sigstore’s cosign and then how to only allow them to be deployed in our gke cluster thanks to sigstore’s policy-controller
validating admission policies, the future of kubernetes policies
let’s see how to use the new validating admission policies feature in kubernetes 1.26+ and what it brings for the future of kubernetes policies
use google cloud memorystore (redis) with the online boutique sample
let’s see how to use google cloud memorystore (redis) with the online boutique sample.
online boutique’s helm chart, illustrate advanced scenarios with service mesh and gitops
let’s see how we could deploy advanced scenarios of the online boutique sample via its helm chart with service mesh and gitops, in order to improve its security posture
grpc health probes with kubernetes 1.24+
let’s see how we could leverage the new kubernetes 1.24+ grpc health probes features with the onlineboutique sample apps
use google cloud spanner with the online boutique sample
let’s see how to use google cloud spanner with the online boutique sample.
deploying gatekeeper policies as oci artifacts, the gitops way
let’s see how to deploy gatekeeper policies as oci artifacts, thanks to oras, google artifact registry and config sync
ci/gitops with oci artifact, github actions, google artifact registry and config sync
let’s see how to do the ci/gitops workflow with oci artifacts, github actions (using workload identity federation), google artifact registry and config sync (using workload identity)
ci/gitops with helm, github actions, google artifact registry and config sync
let’s see how to do the ci/gitops workflow with helm charts, github actions (using workload identity federation), google artifact registry and config sync (using workload identity)
ci/gitops with helm, github actions, github container registry and config sync
let’s see how to do the ci/gitops workflow with helm charts, github actions (using pat token), github container registry and config sync
seamlessly encrypt traffic from any apps in your mesh to memorystore (redis)
let’s see how to use anthos service mesh to seamlessly encrypt traffic between any apps and memorystore (redis).
gitops with oci artifacts and config sync
let’s see how to do gitops with oci artifacts, artifact registry and config sync
gitops with config controller
let’s see with config controller how we could set up a gitops approach to actually deploy kubernetes manifests
config controller in action
let’s see with config controller how we could build a secure platform allowing to deploy gcp resources via kubernetes manifests
keyless gcp authentication from github actions with workload identity federation
let’s see how to use a keyless gcp authentication from github actions with workload identity federation
istio tls origination to secure memorystore (redis) access
let’s see how we could secure the access of memorystore (redis) via istio tls origination, without changing any code in the application
gke and anthos in 2021, a year of innovations
let’s see what was announced and released around gke and anthos in 2021
lessons learned from the log4shell cves
let’s see what we could learn on a kubernetes point of view from the log4shell cves
distroless asm proxy
let’s see how to improve our security feature by leveraging the distroless asm proxy image
opa gatekeeper and policy controller during continuous integration (ci) pipelines
let’s see how to shift left on security by catching opa gatekeeper policy violations during continuous integration (ci) pipelines.
secure your apps and your cluster with anthos service mesh
let’s see how you could protect and secure both your apps and your cluster with anthos service mesh (asm)
mix both internal and external load balancers to expose your crfa services
let’s see how to setup both external and internal load balancers to expose your services in the same crfa cluster
cloud armor to protect your apps deployed on gke
let’s see how you could protect your apps deployed on gke against denial of service and web attacks
ebpf and cilium, to bring more security and more networking capabilities in gke
let’s see ebpf and cilium on gke and how they are bringing more security and networking capabilities
opa gatekeeper with policy controller
let’s see in actions how we could easily leverage opa gatekeeper on any kubernetes cluster via policy controller
fasten your seatbelt, and turn autopilot mode on
let’s see in actions the new gke’s autopilot mode
vertical pod autoscaler
let’s discuss about the vertical pod autoscaler and how it could help setting your Kubernetes resources request and limits.
advanced continuous integration pipeline for containers
let’s setup an advanced continuous integration pipeline for containers
google professional cloud architect certification
let’s see which resources I used to prepare my google professional cloud architect certification
online boutique demo
let’s see how to deploy the online boutique solution on gke, w/ or w/o workload identity
binary authorization on gke
let’s see how you can only run what you trust (tl;dr whitelisted registries and signed containers) on gke with binauthz
demo bank on gke
let’s see how to deploy the demo bank (aka bank of anthos) solution on gke, w/ or w/o workload identity
confidential computing with gke
let’s see how easy it is to enable confidential computing on a gke cluster
cloud adoption framework with gcp
let’s go through resources such as the google cloud adoption framework, cloud center of excellence, the google cloud setup checklist and best practices for enterprise organizations and eventually the google cloud security foundations guide
gke’s service account
let’s discuss about how to deal with gke’s service account and few tips to improve your security posture, especially with fine-grained identity and authorization for applications with workload identity
zero trust security model with google’s beyondcorp
let’s see how google shared best practices and technologies about its own zero trust security model, beyondcorp
container native networking
let’s see how gcp brings unique and true container native networking with gke
application modernization at google next onair 2020
let’s see in details what is google next onair 2020 and more specifically what you should watch on an application modernization standpoint
cloud operations with gke
let’s see how to leverage google cloud operations (aka stackdriver) with gke
build and deploy a containerized app on gke with cloud build
let’s see how to use google cloud build to build and deploy a containerized app on gke
my second week with gcp
let’s share some learnings during my second week leveraging gcp, focused on gke
my first week with gcp
let’s share some learnings during my first week leveraging gcp, tools and services like linux on my pixelbook, gcloud cli, docker, git, service account, gcr, cloud run, app engine and kubernetes engine
hello, cloud native hugo blog!
let’s discuss why my new blog is a containerized hugo website hosted on kubernetes