TL;DR: In this blog post, we talk about a solution which gives platform users a succinct view about which Gatekeeper constraints are violated by using Prometheus & Grafana.

Andy Knapp and Murat Celep has worked together on this blog post.

The files/scripts used in this article can be found here: https://github.com/mcelep/opa-scorecard

Application teams that just start to use Kubernetes might find it a bit difficult to get into it as Kubernetes is a quiet complex & large ecosystem (see CNCF ecosystem landscape). Moreover, although Kubernetes is starting to mature, it’s still being developed very actively and it keeps getting new…


In this blog post, we will talk about the whole lifecycle of Kubernetes Network Policies covering topics such as creation, editing, governance, debugging and we will also share best practices and insights which can create better user experiences when dealing with Network Policies.

Andy Knapp has reviewed this article and suggested some changes. Thanks a lot Andy!

Enter Network Policies

As Kubernetes adaption continues to grow in large enterprises, security relevant aspects of Kubernetes such as Network Policies, which lets you control what network resources are allowed to be accessed from/to Pods, become more important.

Kubernetes is a very powerful platform and with…


This blog post is about an experiment to automate creation of Kubernetes Network Policies based on actual network traffic captured from applications running on a Kubernetes cluster.

All the code referred in this blog post can be found here.

We worked on this blog post with a VMware colleague: Assaf Sauer.

But why?

Network Policies are used for allowing/blocking network traffic of applications running on Kubernetes clusters. Enterprises which process critical customer data such as financial institutions(Banks, Insurances,etc. …


VMware Tanzu Mission Control is a centralized management platform for consistently operating and securing your Kubernetes infrastructure and modern applications across multiple teams and clouds.

In this blog post, we will look into how Data protection can be enabled for Kubernetes clusters that are managed by VMware Tanzu Misson Control. In the rest of this article, we will refer to VMware Tanzu Mission Control as TMC.

TMC uses Velero as the backup/restore tool and currently(as of 20.11.2020) AWS is the only public cloud provider that is supported for uploading the backup data. Velero is used for both kubernetes resource backup…


velero icon
velero icon

Velero(formerly known as Heptio Ark) is arguably the most popular backup/restore solution for Kubernetes. It was created by Heptio and Velero continues to be actively developed as an open source project. Here is the github project and this is the official website.

In this blog post, we will present different options to backup/restore Kubernetes clusters running on vSphere with Velero and we will use S3 API based Object Store.

NOTE: All the files used in this article can be found on https://github.com/mcelep/blog/tree/master/velero-1

Dependencies

You need a S3 API compatible object storage to use Velero. If you have already have a AWS(Amazon…


Kubernetes(K8S) has established itself as the go-to platform for container based workloads and many companies have either already started or going to start soon migrating their workloads onto Kubernetes.

Kubernetes offers so many capabilities out of box, and it exposes many infrastructure related controls to developers. Developers, who are not used to dealing with those infrastructure level concerns, might struggle to grasp all those new controls and abstractions which are not at their disposal. Trainings(such as ones on here) will certainly help to bring developers up to speed with K8S but if we want to really ensure that our applications…


Recently, we’ve (me and my teammate Markus) worked with a customer on a Kubernetes monitoring solution where we had to fulfill the following requirements:

  1. Deploy Prometheus with easy life-cycling in mind. What I mean by easy life-cycling is upgrading Prometheus instances with minimal effort and have reproducible deployments
  2. Have an initial set of alerting rules in place to cover basic platform & app monitoring needs
  3. Forward alerts to IBM’s Tivoli Netcool/OMNIbus with a label that uniquely identifies the source of the alert

In this article, we will talk about how we came up with a design to fulfill these requirements…

Murat Celep

Murat currently works at VMware Tanzu Labs. Ex-Red Hatter. These days he focuses on Kubernetes, CI/CD, PaaS, CaaS, Cloud-native Software.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store