- Let's make Cloud ☁️
- Posts
- Let's make Cloud #17: CI/CD security risks and threats, upgrade an EKS cluster with a blue/green or canary strategy, the ultimate DevSecOps tools and methodologies library
Let's make Cloud #17: CI/CD security risks and threats, upgrade an EKS cluster with a blue/green or canary strategy, the ultimate DevSecOps tools and methodologies library
CI/CD security risks and threats, upgrade an EKS cluster with a blue/green or canary strategy, the ultimate DevSecOps tools and methodologies library
Hello CloudMakers!
As I write this, I am in the midst of a flurry of activities, which include participating as a speaker in the upcoming "Incontro DevOps Italia" (DevOps Summit Italy) in Bologna (Italy) tomorrow, and attending the WebDay event next Thursday, March 16th, in Milan (Italy), where I will be involved in an AWS Community Meeting. As an AWS DevTools Community Builder, I'm excited to be a part of this gathering and share my experiences and insights with fellow developers. If you are around, let's have coffee!
Today we shall see:
CI/CD security risks and threats
upgrade an EKS cluster with a blue/green or canary strategy
the ultimate DevSecOps tools and methodologies library
Enjoy!
CI/CD: Necessary for modern software development, yet it carries a lot of risk
Continuous integration and continuous delivery (CI/CD) has become a very important part of software development. It allows us developers to quickly create and update applications using automation for everything from building to testing to deploying systems. However, because CI/CD brings together so many different elements of the software development process, it also expands the attack surface and can be a prime target for attackers. It's crucial to keep CI/CD pipelines secure to protect against these threats.
Blue/Green or Canary Amazon EKS clusters migration for stateless ArgoCD workloads
If you're using Amazon EKS to manage your Kubernetes clusters, upgrading your clusters is crucial to keep up with the latest features and APIs.
You can rely on the in-place rolling upgrade managed by AWS, that respects any Pod Disruption Budget you've set up. Or, you can decide to do a Blue/Green or Canary upgrade, creating a new cluster and migrating your workloads from the old cluster to the new one. With this approach, you can define your infrastructure as code to create a load balancer and target groups, and use the AWS load balancer controller to associate your services with them dynamically.
[Regardless of which upgrade strategy you choose, it's essential to test the migration before deploying it in a production environment. You need to make sure that your nodes, add-ons, and controllers are compatible with the new Kubernetes version, and you may need to update your workloads to fit the newly released version.]
Ultimate DevSecOps library
This repository is a comprehensive collection of various tools that are specifically designed for engineers interested in implementing DevSecOps in their organizations. It includes a wide range of topics, such as threat modelling, static and dynamic application security testing, orchestration, supply chain and dependency management, infrastructure as code, container and Kubernetes security, cloud security, chaos engineering, and policy as code. Worth a look!
Thank you for reading my newsletter!
If you liked it, please invite your friends to subscribe!
If you were forwarded this newsletter and liked it, you can subscribe for free here:
Have you read an article you liked and want to share it? Send it to me and you might see it published in this newsletter!
Interested in old issues? You can find them here!