Articles tagged devops
Approaches to keep sending OTP over SMS... for now
Table of Contents Approaches to keep sending OTP over SMS… for now SMS/Voice is too SIMple Hooked on telephony Which regions? How many messages? How reliable? From you or Okta? How secure? How many people? Designing a DIY Hook Handling failover to Okta Vendors Telephony providers Consultants Services What Next? Approaches to keep sending OTP over SMS… for now “SMS has long played an important role as a universally applicable method of verifying a user’s...
JHipster Microservices on AWS with Amazon Elastic Kubernetes Service
In this tutorial, you’ll use JHipster to build a microservice stack and deploy it to Amazon Elastic Kubernetes Service (EKS). The microservices will use Java and Spring Boot for resource servers and Vue for the frontend. The server-side applications will use Spring’s Reactive technology stack. The microservice will include multiple databases and database types: PostgresSQL, MongoDB, and Neo4j. You’ll secure the service using OAuth 2.0 and OpenID Connect (OIDC), with Okta as the OIDC provider....
Kubernetes Microservices on Azure with Cosmos DB
In this tutorial, you’ll learn how to deploy a JHipster-based reactive microservice to Azure Kubernetes Service (AKS). You’ll use Azure’s Cosmos DB as a persistent store for one of the services. For security, you’ll use Okta as an OAuth 2.0 and OpenID Connect (OIDC) provider. You’ll also securely encrypt all secrets in the project configuration files using Kubernetes secrets and kubeseal. This tutorial focuses on deploying an already generated project to Azure AKS. It does...
How Can DevOps Engineers Use Okta?
What is DevOps? DevOps is one of those buzzwords. Ask three DevOps professionals what it means, and you might get four different answers. Most will agree that DevOps usually describes a mix of tools and techniques combining aspects of systems administration, software development, IT, release engineering, security, and often QA. At its best, DevOps synergizes the strengths of these fields to reduce toil through automation and improve software quality through continuous testing and deployment, and...
How to Secure Your Kubernetes Clusters With Best Practices
Kubernetes has become an unavoidable part of a software infrastructure these days. If you are an enterprise or medium/large company, chances are you are already running Kubernetes clusters for your workloads. If you are a DevOps engineer, there is a good chance you are maintaining either an on-prem Kubernetes cluster or a PaaS like Amazon EKS, Microsoft AKS, or GKE. But regardless of how you run your Kubernetes clusters, you need to make sure that...
How to Secure Your Kubernetes Cluster with OpenID Connect and RBAC
A Kubernetes (k8s) cluster comprises worker machines called nodes and a control plane consisting of the API server, scheduler, etcd, controller manager, and in the case of a PaaS (platform as a service), the cloud controller manager. The containers deployed to the cluster run in pods on the worker nodes. At the same time, the control plane takes care of scheduling, responding to requests, and managing the cluster. When you communicate with a Kubernetes cluster,...
Kubernetes To The Cloud With AWS: Deploying a Node.js App to EKS
Since 2013 when it was released to the public, Docker has become an industry-standard tool for development teams to package applications into small executable containers. A year later, Kubernetes was released by Google to manage large amounts of containers, and provide features for high availability (HA) and auto-scaling. While Kubernetes adds many benefits to your container management, you might find the process of setting up Kubernetes within your on-premise infrastructure quite challenging, especially on the...
Spreading Some Okta Love to the DevOps World
Hello Oktaverse! So finally, I have landed at Okta on my second attempt 😉. I’m so excited about this new chapter in my career journey and can’t wait to see what’s in store. But first, introductions. Who am I I’m from the south of India, a village in Kerala to be specific, but I grew up in Chennai since my parents moved there looking for work when I was 12. I like to call myself...
From Ops To Advocacy
Hi, I’m edunham, and I’m an infra person. Our buzzwords include DevOps, Cloud Operations, and Site Reliability Engineering, though if you ask any two of us about the difference between those terms, you’ll get at least three answers. Whatever name it’s wearing, doing ops well requires not only the “how” of changing systems, but also the “why” of making the right changes. Although I’ve always loved helping spread the information that my colleagues need in...
Secure Access to AWS EKS Clusters for Admins
In this tutorial, we will leverage OpenID Connect (OIDC) to allow our DevOps team to securely access their EKS clusters on AWS. We use Role Based Access Control (RBAC)] to enforce the least privilege required without the need to configure AWS IAM roles. 😎 We’ll highlight the steps to manually enable an OIDC provider on your EKS clusters. At the end of this tutorial, we’ll point to resources you can leverage to automate all those...
Tutorial: Chef and Account Automation with Okta
Tip: This tutorial is part of our series on integrating Okta with popular infrastructure as a code solution. If you’re not into Chef, check out our Ansible, Puppet, and Terraform tutorials. Chef cookbooks are a great way to manage infrastructure at scale. However, like other configuration management tools, Chef works best when cookbooks don’t change often. This is easy to accomplish in typical server setup and configuration tasks like install Nginx and tweak conf file....
Tutorial: Ansible and Account Automation with Okta
Tip: This tutorial is part of our series on how to integrate Okta with popular Infrastructure as a Code solution. If you’re not into Ansible, check out our Puppet and Terraform tutorials. I love using Ansible to deploy and manage configuration at scale. However, like any other configuration management solution, Ansible works best when playbooks don’t change often. This is easy to accomplish when you manage only server artifacts and binaries, but it can get...
Tutorial: Puppet and Account Automation with Okta
If you use Puppet to automate configuration management across dynamic server fleets, there’s a question about identity & access management – how do you get accounts and credentials on the machines? A common practice is to push SSH Keys for every admin user to every server. This has major security implications, however. What happens when an administrator leaves the company? It is usually up to someone to clear out those keys on each machine, oftentimes...
How to Support .NET Core SameSite + OAuth Apps on Linux
Google’s recent approach to SameSite cookie attributes caused a bit of confusion among developers. Especially in cases where handling redirects is necessary. After doing some research in the topic I’d like this article to be a guide on how to handle SameSite cookie attributes properly in production. This guide can serve as the basis for deploying an application to any Linux based environment—such as AWS Elastic Beanstalk, Google Cloud App Engine—or any VPS Linux deployment....
Install .NET Core Apps on Linux in 5 Minutes
As a big fan of open source, I’m loving the fact that .NET Core is cross-platform. It opens up endless possibilities, from hobby projects, experiments, and proofs of concept, to massive high-load production applications that run on cost-effective infrastructure with high security and scalability. I usually get the simplest and cheapest $5/month Ubuntu-based virtual private server (VPS) from any cloud platform provider instead of the more complex and expensive container instances or cloud computing services....
Deploy a .NET Container with Azure DevOps
When I began programming (in the ’80s), computers weren’t equipped with a network card by default. The internet was almost unknown and modems were slow and noisy. The software was installed from stacks of flexible floppy disks. Today, computing resources are virtual. The internet is vital and there is an URL for everything. We live in the *aaS (* as a Service) era, where if you want something, there is likely one or more something...
10x Your Development with the Azure CLI
Back in the days of DOS, software developers couldn’t count much on fancy tools. There were no graphical interfaces, and everything was purely text-based. I remember using brief as an editor for my C source files (C++ didn’t exist yet), and compiling the code from the command line with the Aztec C compiler. The most advanced concept of a non-trivial software project was based on makefiles. The idea of grabbing a mouse and moving it...
Announcing the New Okta Developer Certification
Over the past few months, I have been working on a side project that I am really excited about. If you know me well, you probably know I enjoy using my side projects to help other teams meet their goals (and if you don’t, I am a Senior Security H@X0R at Okta. Check out my blog posts here.) So, when the Okta certification team asked me to help them build a cool developer certification experience,...
Grep for System Admins: Using Grep to Automate Daily Tasks
Photo by Lucas Sankey on Unsplash If you work with computers as a programmer or system administrator, you probably spend a lot of time staring into the command-line interface! And if you’re used to the command line, you have probably come across the grep command. So what exactly is grep? And how do I use it, and use it better? In this post, we’ll cover some of the most useful grep options and techniques to...
Using Okta Advanced Server Access & Terraform to Automate Identity & Infrastructure as Code
Many Okta customers who leverage Advanced Server Access to secure and automate identity across their dynamic infrastructure fleets use HashiCorp Terraform to declare and provision resources across AWS, GCP, and Azure. One customer built their own Terraform Provider as a wrapper to the Advanced Server Access API, which we recently had certified by the team at HashiCorp. You can read more about the announcement on the Okta blog. In this example, we’re going to showcase...
Configure Okta Advanced Server Access (ASA) for GCP + Jenkins Service Account
In this tutorial, we’ll configure Okta Advanced Server Access (aka ‘ASA’) so our DevOps team can securely access Virtual Machines (aka ‘VMs’) on Google Cloud Platform (aka ‘GCP’). We’ll also configure a service account so our Jenkins instance can connect to other VMs to run remote commands. This tutorial highlights the steps you should complete to manually deploy those servers on GCP and enroll them in ASA. At the end of this tutorial, we’ll point...
Why Every Developer Needs to be a Generalist
Context, as they say, is king. The age-old question of exactly what a software developer should focus on learning has been crossing my mind a lot lately. More than ever, our technology is evolving at a furious pace - and the coding world is definitely feeling the pressure. It can be overwhelming to choose where to pay attention and what to dismiss as a passing fad. So what are you to do? Let’s look at...
Container Security: A Developer Guide
Have you ever spent hours trying to figure out why your newly-installed database, web server, or Python library won’t work? If this sounds familiar, you likely understand the joy of software containers. Forget all those fruitless Stack Exchange searches trying to solve your configuration and dependency problems. Just install a container platform and pull an image. Looking to bootstrap an instant LAMP stack? You can save yourself the time and run sudo docker run -p...
Is GitHub Package Registry the npm Killer?
GitHub recently announced a new feature, GitHub Package Registry, currently in beta. It’s designed to allow GitHub users to publish and distribute packages of their software directly on GitHub instead of relying on an external system. At a glance, GitHub Package Registry has the following features and benefits. Supports multiple package clients: npm, Maven, NuGet, RubyGems, and Docker images Supports public and private packages Supports pre-release packages Can use webhooks and GitHub Actions to customize...
The Top 5 DevOps Automation Tools .NET Developers Should Know
Not too long ago, deployments were done by hand - manually pushed to a physical server somewhere in a building your company owned. The software engineering world has come a long way since then, and we have more options than ever get our code and data live, automatically. Here are a few tools every C#/.NET developer should know that can help with that process, vetted by some of the best software leaders in the business....
Build a Command Line Application with Node.js
Command line applications (CLI) are often the core tools for automating tasks, such as deploying production applications, running tests, building reports, migrating data, DevOps, and the list goes on and on. If you find yourself doing the same things over and over again, chances are you can automate those steps with a script and save yourself a lot of time! Node.js is a great solution for writing CLI apps. Node.js itself has built-in libraries for...
Use AWS CloudFormation to Automate Static Site Deployment with S3
Getting started with CloudFormation can be intimidating, but once you get the hang of it, automating tasks is easy. While CloudFormation might seem like overkill for something as simple as deploying a static site (for example you could just copy HTML files to a S3 bucket using the Amazon Console or from the CLI), if your shop uses continuous integration and you have multiple deployments happening at the same time, it’s more efficient for you...
A Developer's Guide To Docker - Docker Compose
Good developers care as much about efficiency as they do about writing clean code. Containerization can add efficiency to both your workflow and your application, and has thus become all the rage among modern dev. And, as a good developer, you know that manually creating containers from images using docker run ... or even using the Dockerfile to create containers is less than ideal. How would you like to have one command that tells Docker...
A Developer's Guide To Docker - The Dockerfile
Creating a consistent environment for development, testing, staging, and production is one of the big benefits of using containers. Not only do containers make the entire environment portable, they remove environment-specific problems, like, “Why does it work in test, but not in production?” Usually, it’s a package or framework that’s installed on the test machine that is not on the production server. Containers carry all those dependencies with them, minimizing the possibility for those problems....
A Developer's Guide To Docker - A Gentle Introduction
It works on my machine. We’ve all heard it. Most of us have said it. It’s been impossible to get around it… until now. Not only can adding Docker to your development environment solve that issue, but it can make it drop-dead simple to onboard new developers, keep a team working forward and allow everyone on the team use their desired tools! Why Containers? “Aren’t containers just lightweight Virtual Machines?” That’s the question I get...