Blog & Articles on ContainerInfra - Managed Service Provider

Using GoReleaser with GitLab: Multi-Arch Builds, Cosign, and SBOM Generation

Sun, 26 Jan 2025 00:00:00 +0000

In modern software development, multi-architecture support is becoming a standard requirement. Whether you’re targeting ARM64 environments, like Apple’s M1/M2 chips, or traditional AMD64 infrastructure, automating multi-architecture builds ensures consistent deployment across different platforms. At ContainerInfra, we use GoReleaser and GitLab CI to automate the creation of Docker images and binaries for both AMD64 and ARM64. This setup supports macOS and Linux systems, allowing our developers to work across multiple environments without the need for manual configuration or additional tools.

The thousand piece puzzle: Supply Chain Security for Kubernetes Clusters

Thu, 09 Jan 2025 00:00:00 +0000

In today’s interconnected software landscape, supply chain security has evolved from an afterthought to a mission-critical priority. High-profile incidents, such as the SolarWinds breach, have demonstrated how a single vulnerability can cascade through the entire software development pipeline—affecting everything from code commits to production environments. The consequences of these attacks can be devastating, not only for the businesses targeted but also for their customers and stakeholders, underscoring the urgent need for a proactive, defense-in-depth approach to securing every link in the chain.

Using ModSecurity to protect your endpoints in Kubernetes

Thu, 02 Jan 2025 00:00:00 +0000

What is ModSecurity? ModSecurity is an open-source, cross-platform web application firewall (WAF) engine that provides a robust security layer for your web applications. Initially developed for Apache, ModSecurity now supports IIS and Nginx, offering flexible and powerful protection against various web-based attacks. It acts as an intrusion detection and prevention engine, analyzing HTTP traffic and blocking malicious requests before they reach your application. Originally developed and sponsored by Trustwave, it has been transfered to the OWASP foundation earlier this year.

The Impact of Misconfigured Kubernetes Clusters on Business Continuity

Thu, 07 Nov 2024 00:00:00 +0000

Kubernetes has quickly become the industry standard for managing applications in the cloud. What was once seen as a complex technology is now part of the basics for companies looking to grow and scale their digital operations. These days, setting up a Kubernetes cluster is fairly straightforward, and many teams can get up and running in no time. However, just because it’s easy to set up doesn’t mean it’s always done right.

Automating DNS Management in Kubernetes with External-DNS and Cloudflare

Wed, 09 Oct 2024 00:00:00 +0000

Automating DNS Management with External-DNS, FluxCD, and Cloudflare Managing DNS records can invole a lot of manual work. If you’ve ever had to manually copy and paste IP addresses to create DNS records, or tried to rely on wildcard entries that point to a single load balancer IP or CNAME, you know the pain. It often goes something like this: you run kubectl to grab the load balancer IP, then hop over to your Terraform DNS repo, make the necessary changes, create a Merge Request, wait for the review, and only after all that, you finally get the DNS record updated.

Whitepaper: Implementing the 2+1 Backup Strategy for Kubernetes Environments

Wed, 21 Aug 2024 00:00:00 +0000

We are happy to bring you our latest Whitepaper: Implementing the 2+1 Backup Strategy for Kubernetes Environments!

In this whitepaper we talk about how you can utilize open-source tooling to implement a 2+1 back-up strategy, providing multiple layers of redundancy, significantly reducing the risk of total data loss and ensuring business continuity.

The Hidden Risks of Docker images: Unmaintained Software Components

Sat, 03 Aug 2024 00:00:00 +0000

As an early adopter of Docker, I’ve witnessed its amazing growth from the early days. I started with using Docker Swarm, and in 2018, I even wrote several blog posts on using Docker Swarm and how to use logspout to collect logs from Docker Swarm containers. In those posts, I explained how to deploy a global container on every node in a Swarm mode cluster to forward logs to a remote Logstash endpoint.

ContainerInfra joins the Dutch Cloud Community

Mon, 29 Jul 2024 00:00:00 +0000

On behalf of Jeroen Veldhorst and myself, I am pleased to announce that as of July, we have become a member of the Dutch Cloud Community (DCC)! This is an important milestone for our company, and we would like to share why this is such a valuable step, fully aligned with our mission.

Introducing the kube-pg-upgrade CLI

Sat, 22 Jun 2024 00:00:00 +0000

As software and DevOps engineers, spinning up new PostgreSQL deployments for various applications, clusters, and environments is a straightforward task. However, these deployments inevitably require updates over time. Not all PostgreSQL deployments are managed by an operator, and upgrading these instances can involve significant manual effort.

Automating code review with reviewdog

Sat, 31 Jul 2021 00:00:00 +0000

Your time spend on code review should be optimized as much as possible. Automation is something that can help you with this, and detecting security bugs within go code can be done using tools such as gosec. This post looks into configuring reviewdog to assist in Gitlab Merge Request reviews using tools such as gosec.