TeKanAid

Dark

Table of Contents
HashiCorp Vault 101 - Certified Vault Associate
Get started with HashiCorp Vault and prepare for your Vault Associate Exam
Terraform 101 - Certified Terraform Associate
Learn all you need to know to ace the Terraform Associate Exam and go beyond the certification

Microservices Applications'​ Life Cycle


Check out these three demos that take us through the life cycle of microservices applications.

containersfalcomicroservicesSysdigsysdigTechnology
Created: July 8, 2019 | Updated: January 27, 2023

Software is at the heart of innovation for today’s enterprises, transforming every business into a software business. Organizations including the world’s largest global companies are making a shift from monolithic applications to highly distributed, cloud-native microservices. This is made possible by the modern cloud, container, and orchestration technologies, such as AWS, Docker, and Kubernetes. In this article, we show 3 demos that take us through the life cycle of microservices applications.

The Challenge

The key challenge that enterprises face as they shift to highly distributed, orchestrated environments is a loss of visibility needed to understand and solve issues in this new dynamic environment. The Sysdig Cloud-Native Visibility and Security Platform closes the cloud-native visibility gap, giving a consistent way to manage the risk, health, and performance of systems, applications and microservices within and across clouds.

With Sysdig, the world’s largest enterprises solve a broad array of use cases for cloud-native environments to deliver 3x faster cloud-native transformation, a 67% increase in DevOps efficiency, and a 95% reduction in risk.

The Demos

Build Run Respond Cycle

Below we have 3 demos that enable DevOps, security professionals, and service owners to reliably Build, Run, and Respond to critical issues with Kubernetes and containers in production. We trace the container lifecycle of applications through these 3 phases (Build, Run, and Respond).

Demo 1 [Build]: CI/CD Jenkins Pipeline with Sysdig Secure Scanning

This is the first demo in our 3-demo series. In this Build phase, we want to make sure that container images are scanned and free from vulnerabilities. We also need to include image scanning as a stage in our Jenkins or any other CI/CD pipeline. This ensures that developers are shifting security to the left and building with security in mind. If the image scanning fails, it fails early on in the development cycle so developers can respond appropriately and update their code and libraries used. We will work with a microservices app called the hipster app. It is developed by Google and it is very helpful in demonstrating an application that runs on a microservices framework. Below is a diagram showing the workflow that we use as part of this demo.

CI/CD Diagram with Sysdig Secure Image Scanning

Demo 1 [Build]: CI/CD Jenkins Pipeline with Sysdig Secure Scanning

Demo 2 [Run]: Performance Monitoring with Sysdig Monitor

In this demo, we move on to the Run phase. We talk about running our application. and specifically, discuss the need to monitor our application's performance. Once again we work with the hipster app to demonstrate an application that runs on a microservices framework. First, we delete one of the deployments and see how Sysdig Monitor alerts us of HTTP 500 errors that show up. Then we'll dig deeper by analyzing a Sysdig capture that was taken from the alert to get to the root cause.

Demo 2 [Run]: Performance Monitoring with Sysdig Monitor

Demo 3 [Respond]: Runtime Security with Sysdig Secure (MITRE ATT&CK)

In this final demo, we take a look at the Respond phase. The discussion is now about how to Respond to runtime security incidents. Sysdig created a mapping of Sysdig Falco policy rules to the MITRE ATT&CK matrix. The MITRE ATT&CK matrix is a framework that adversaries use in their attack chain. We assume the role of a hacker in this demo and run a few attacks against our environment. Sysdig Secure detects these attacks and defends against them. Finally, we analyze the forensics and dig deeper into the commands and the content of the malicious script that was run in our environment.

Demo 3 [Respond]: Runtime Security with Sysdig Secure (MITRE ATT&CK)

Conclusion

In this article and through the accompanying demos, we followed the life cycle of a microservices application through its 3 phases (Build, Run, and Respond). As enterprises move from legacy monolithic applications to adopt a microservices framework, there are new challenges that arise. It's essential to have the right strategy and tools to help with these challenges. Sysdig manages the risk, health, performance, and security of systems and applications enabling organizations to be confident in their move to modernize their business operations.

References

Other Posts
Terraform for Beginners - A Beginner's Guide to Automating Cloud Infrastructure
Terraform vs Ansible - Demo the Differences - Part 2
Terraform vs Ansible - Learn the Differences - Part 1
HashiCorp Vault Backup and Restore Raft Snapshots from Kubernetes to AWS S3
AWS Lambda - Terraform Configuration Example with API Gateway
Securing the Future - DevSecOps Trends for 2023
36 Top DevOps Questions to Get You Started in 2023
Terraform to Create a Ubuntu 22.04 VM in VMware vSphere ESXi
HashiCorp Packer to Build a Ubuntu 22.04 Image Template in VMware vSphere
Migrate Secrets from AWS Secrets Manager to HashiCorp Vault with Python, Docker, and GitLab
Migrate Secrets from AWS Secrets Manager to HashiCorp Vault with Terraform
env0 - A Terraform Cloud Alternative
Terraform Import Example - AWS EC2 Instance
DevOps Engineer NOT on Linux? You're MISSING OUT!
HashiCorp Vault API Tutorial and Pro Tips
HashiCorp Vault Tutorial for Beginners
Create a Pihole Docker Ad Blocker with Ansible and Terraform
Terraform vSphere Windows Example to Join an AD Domain
Build a Kubernetes k3s Cluster in vSphere with Terraform and Packer
HashiCorp Packer to Build a Ubuntu 20.04 Image Template in VMware
Consul-Template to Automate Certificate Management for HashiCorp Vault PKI
HashiCorp Vault PKI Secrets Engine Demo for Certificate Management
Jenkins, Vault, Terraform, Ansible, and Consul Delivering an End-to-End CI/CD Pipeline
Secret Zero Problem Solved for HashiCorp Vault
Hashicorp Packer, Terraform, and Ansible to Set Up Jenkins
Hashicorp Vault Azure Secrets Engine - Secure Your Azure Resources
HashiCorp Waypoint - Will it Replace Your CI/CD?
HashiCorp Boundary - Make Sure Your Human To Machine Access Is Secure
HashiCorp Packer for VMware Ubuntu Templates and Terraform for building VMs
HashiCorp Packer VMware Windows Templates and Terraform for VMs
Webblog App Part 4 – HashiStack – Nomad Consul Vault Terraform
Webblog App Part 3 - Consul Connect Service Mesh
Webblog App Part 2 - Secrets Development Phases with Vault
Webblog App Part 1 - Infrastructure as Code with Terraform
Microservices Applications'​ Life Cycle
HashiCorp Vault 201 - Vault for Apps in Kubernetes
Learn how to use HashiCorp Vault for your applications in Kubernetes