Posted on

Manage Configurable Data In Kubernetes

When doing containerization, often there is a need to have some configurations manageable from outside the container. After a container has booted with certain pre-configured data, it is necessary to have a way by which this data can be modified at runtime, if needed. For instance, we may have different configurations for different deployment environments and we may want to use the correct set of configurations for a target environment without re-creating the container.

Kubernetes provides ConfigMap to help configure data externally. This follows the design paradigm - "separation of config from code." The ConfigMap API makes the application portable. The configuration can be changed without redeploying the application.

Posted on

Docker Without Root Privileges

Docker as Root

Docker runs its containers as root. But does your workload really needs root permissions? The answer is rarely. Still, your containers, by default, continue to run as a root-user. This could have serious security concerns. A process that runs inside the container as root is in fact a process running as root on the host itself. This provides an opportunity for a malicious attempt to gain unrestricted access to the host itself.

You can check it by yourself, just use the following command on any image that you commonly use:

Posted on

Secure File Transfer With AWS

A very common use case for enterprise applications is to make secure file transfers with external entities like customers and suppliers. These file transfers not only need to be secure but also cost-effective. Traditionally, enterprises have been using Secure-Shell File Transfer Protocol (SFTP) servers to meet such ends. But running these servers is an overhead and often not cost-effective.

Amazon Web Services have launched a new service recently, known as AWS Transfer for SFTP. Let us delve deeper into this service, see what it offers, and how is it better than running your own file transfer servers.