DevOps on Teddy Ferdinand

For an effective security posture

Mon, 01 Feb 2021 06:57:00 +0000

I’ve been working in the IT field for more than 10 years now and I’ve worked with a lot of “security” teams within the companies I’ve been in. I’ve been a security guy (Cloud Security Architect) for a little over a year now.

During these years, I often noticed a blocking posture of the security teams, sometimes even disconnected from the field, leading to slowdowns and tensions in the projects.

Cyberpunk 2077: Analysis of an agile method failure

Thu, 24 Dec 2020 06:20:00 +0000

On December 10th, one of the most anticipated games of the year was released: Cyberpunk 2077.

Personally, I enjoy playing it, but it’s not the case for everyone.

With an outside look of an IT professional, I suggest you see today the “mistakes” that I think were made in this project, and how some mistakes could have been avoided. This article is not about the game itself, but rather about the organizational and technical aspects.

Create a local Kubernetes cluster with Vagrant

Tue, 15 Sep 2020 07:00:57 +0000

Testing Kubernetes is quite easy thanks to solutions such as Minikube.

However, when you want to test cluster-specific features, such as load balancing or failover, it is not necessarily suitable anymore.

It is possible to build your Kubernetes infrastructure on servers, or by using managed services from a cloud provider (Kapsule at Scaleway, AKS at Azure, GKE at GCP or EKS at AWS for example).

Nevertheless, these solutions cost money. When you just want to test functionalities or self-training, it’s not necessarily appropriate.

AWS IAM: Between dream and nightmare

Sun, 16 Aug 2020 04:51:07 +0000

I have been using AWS professionally for over 4 years now.

To be a bit old-fashioned, when I started on AWS, the following services and features did not exist:

The ALB/NLB
ACM
ElasticSearch Service
Lambda inside a VPC or with the duration of more than 5 minutes
ECS/EKS/ECR

During these 4 years, I had the opportunity to do a lot of IAM, essential to deploy secure solutions on Amazon.

IAM and least privilege

Identity and Access Management (IAM) is the AWS service that defines users or roles and their associated permissions.

Turn your AWS DevSecOps Pipeline into bunker - Part 1

Thu, 18 Jun 2020 20:02:35 +0000

This post was co-authored by Victor Grenu. Who is working as Cloud Architect

Introduction

In this series, we will talk about the emergence of the DevSecOps movement, and more especially, what are the benefits of introducing a DevSecOps approach on your existing CI/CD Pipelines.

CI/CD Pipeline

To give you some context, you will find in the diagram below a standard CI/CD Pipeline.

DevSecWhat?

DevSecOps could be defined as a shift from a central internal security team to the inclusion of security practices into the existing DevOps teams: DevSecOps

Accelerate the test of your lambda functions with Docker

Mon, 27 Apr 2020 06:00:00 +0000

Lambda is a very powerful AWS tool. Executing scripts in serverless mode drastically reduces the cost and complexity of managing a scalable infrastructure, however, testing its functions directly on Lambda can sometimes be frustrating as it requires round trips between the development station and the AWS environment.

There are testing features built into the AWS toolkit for the most popular editors (for Microsoft Visual Studio Code / PyCharm, for example), however, this restricts the possible editors and creates an adherence that is not particularly desirable.

The difficulty of implementing DevOps in a company

Mon, 13 Jan 2020 08:17:36 +0000

“DevOps”, that word, one can no longer see an IT job offer for infrastructure or development positions without it being mentioned. Many companies are turning to DevOps, ideas and concepts are mixed, the target is often blurred, while the objectives are clear, leading this transformation is therefore far from being an easy task.

This article is written in collaboration with Pierre Galdon, a SysOps engineer friend with whom I worked for several years.

Small migration guide from Traefik 1 to Traefik 2

Mon, 06 Jan 2020 06:03:56 +0000

I recently moved the front of this blog from Traefik 1 to Traefik 2, and to say the least, it’s no picnic.

My Traefik use case

I use Traefik as a load balancer/reverse proxy front in a Kubernetes infrastructure. My use is very basic. Depending on certain path and/or domain, I redirect to separate pods. In the case below, I will consider that I have only one pod, this blog. I also manage my certificates with Traefik via Let’s Encrypt.

Understanding the success of the "Serverless" model

Thu, 19 Dec 2019 12:30:30 +0000

Anyone who has ever done infrastructure on a cloud provider has already heard of the serverless model, behind this name is actually hiding many aspects. Let’s take a look…

The serverless model: logical evolution of containers?

For several years now, we have been talking about containers. A revolution over the last 5 years, containers (and orchestrators) have profoundly changed the approach to infrastructure, allowing applications composed of microservices to be deployed more and more simply and quickly. I won’t talk about this evolution here.

Terraform VS CloudFormation: Which tool to deploy on AWS?

Fri, 13 Dec 2019 11:00:00 +0000

Terraform or CloudFormation, the two tools are often pitted against each other, asking DevOps to decide and choose one tool or the other. However, from my point of view, these two tools do not necessarily address the same needs.

Asking the question of one’s exact need

Before knowing which tool to go to, it is important to know the exact need to be addressed:

Do I want to deploy only on AWS?
Do I need to interface with existing tools (especially CI/CD)?
Do I want to host the deployment solution myself or depend on a managed service?
Do I already use other tools from the HashiCorp ecosystem (Nomad, Packer, Consul or Vault for example)?

Indeed, with these questions you can already target the tool you want to use more easily.

Chaos day, a tool to bring Devs and Ops closer together?

Tue, 09 Jul 2019 07:50:10 +0000

I’ve been with my current employer for several years, and I’ve noticed, as with other employers, that there are unfortunately divisions between developers (Devs) and production engineers (Ops).

A different role in IT

Can you really blame people with different jobs, training, expectations and goals for having difficulty understanding each other?

Be careful, I’m not throwing stones at either side, but I have to admit that the roles of the two parties are not the same, even though dev and ops are complementary in order to have an efficient and effective production, while being innovative.