Infrasights

Overview Developing a continuous delivery (CI/CD) pipeline is an essential component of contemporary software development. By setting up services to build, test, and deploy an application automatically, we can create a streamlined and dependable deployment process. The CI/CD pipeline we design can automatically rebuild, retest, and redeploy an updated version whenever modifications are made to the application's code. This enables us to quickly deliver high-quality updates to our users, resulting in a more efficient software development process. Objectives To achieve a reliable deployment process for an application on Kubernetes Engine with Spinnaker, a number of steps must be taken. First, the environment must be set up by creating a Kubernetes Engine cluster and configuring the necessary identity and user management. Then, the sample application is obtained and a Git repository is established before uploading the code to Google Cloud Source Repository. Using Helm, Spinnaker is dep...

  Overview Anthos Service Mesh's security features are designed to prevent unauthorized access and data breaches by ensuring that all communication between workloads is securely authenticated and encrypted, thereby mitigating the risks posed by insiders. A specific method called PERMISSIVE mode mTLS (a type of mutual authentication in which two parties in a connection authenticate each other using the TLS protocol) is used to enable mutual authentication between services, which means that plaintext (unencrypted information pending input into encryption algorithms) and mTLS traffic can both be accepted from clients. This allows for a gradual adoption of mTLS. To enhance security further, STRICT mode mTLS is enabled across our service mesh, which ensures that only mTLS traffic is allowed to access Istio-injected services.  Here's an example configuration we explore that demonstrates the authentication options available through Istio. Objectives Enforcing a higher level of securi...