Many companies operating from their own data centers started migrating their applications to the cloud, and it has become an obvious choice for many startups to create cloud-native applications. This is most important because of the speed of time to market and cost-efficiency in addition to many other benefits of the cloud.
As a solution architect, you need to ask relevant questions to gather the required information from customers. The solution you build based on this information from the customer lays the foundation for future design solutions and migrations.
This article covers questions (and the reasons behind them) that you…
Tools to use for Helm Chart Testing from Development to Release
Helm Chart is a package management software to write Kubernetes templates and package it as a chart with all its dependencies. A single chart can be used to deploy nginx, memcache or any full stack web application. You can deploy any application chart just by running the following command.
helm install my-release bitnami/nginx
This article does not cover detailed information about Helm Chart development instead Helm chart has very good documentation which you can go through to learn more about it.
I am going to cover how to test…
It’s all about how you develop and deploy applications instead of where you are deploying the application to — be it public cloud or private data center. Application designed in this way can best make use of offers provided by the cloud. The first step in that direction is building micro-service based applications and run them in containerized and orchestrated platforms like Kubernetes.
Following are the design principals one should consider while creating Cloud applications.
Applications are created as micro-service so one can make use of best language, frameworks and tools suitable for different applications. …
How Groupon deployed hundreds of services using Kubernetes, Helm Chart, and Krane
At Groupon, our Cloud Migration strategy required us to move our services to a Kubernetes-based cloud platform. This article describes how we moved to Kubernetes, the problems we faced, and how we solved them using different tools and technologies.
We wanted a centralized solution that is modular, reusable, consistent, manageable, and versioned so the service team can use it without worrying about its underlying implementation.
We have 500+ microservices of varying tech flavors. If each individual service maintains their own Kubernetes templates for deployment then it will be…
I have already posted article on Envelope Encryption and how it works. Please take a look at that article.
This article covers how can we encrypt/decrypt large amount of data by Envelope Encryption using AWS CLI.
This hands-on exercise requires AWS account and AWS CLI. You can get more information about installation and configuration of AWS CLI from here
Generate Customer Master Key
We have AWS CLI setup by now so first step is to create AWS CMK (Customer Master key) using KMS. We have got our Customer Master Key which we will be using for encryption.
aws kms create-key…
Traditionally applications used to store security keys used for data encryption/decryption in application config files. Drawback of storing it in config files is risk involved if not stored and managed properly.
AWS Key Management Service (KMS) is fully managed service offering which AWS itself is using to encrypt/decrypt data at rest for different AWS services like S3, EBS, RDS, etc…
AWS KMS is highly available key management service to access, store, audit secret keys called CMKs (Customer Master Keys).
There are two types of CMKs (Customer Master Keys).
AWS Managed CMKs