DGov Site Reliability Engineering
Overview
Initial goal is reducing cost/effort to run a security focused Internal Developer Platform with a small team.
General approach to secure development and infrastructure management
Aligned with CISA Secure By Design Principles - make sure all code and infra is managed in git repos, per repo try to implement the following:
- Code repos should have codeql + supply chain security (dependabot) + secrets + grype (containers) reporting configured (preference Helm / Terraform IaC artifacts)
- Infrastructure manifests should have Trivy misconfiguration reporting configured
- Deployments should be from infra repos (ideally proxied through self-hosted runners using AWS instance roles / Azure managed identities to avoid credential handling and minimise internet exposure of admin interfaces)
- If deployments still manual/external, introspection and automated commits from a tool like terraformer required to ensure drift detection and full visibility of assets.
Training on Cloud Native Infrastructure & Application Development
Aim to medium term (e.g. 1-2 years) go for a formal certification like Certified Kubernetes Administrator (CKA) + Certified Kubernetes Application Developer (CKAD) + Certified Kubernetes Security Specialist (CKS) Exam Bundle - Linux Foundation - Training .
Free courses:
- Introduction to Cloud Infrastructure Technologies (LFS151) | Linux Foundation Training
- Introduction to Kubernetes (LFS158) | Linux Foundation
Tools / tutorials to help with training
- GitHub CodeSpaces - for secure local dev Quickstart for GitHub Codespaces - GitHub Docs
- Skaffold + minikube - for building app manifests to deploy to k8s Skaffold Quickstart
- AWS Cluster API - for building target k8s environments Getting Started - Kubernetes Cluster API Provider AWS
- Terrform AWS Services - for building supporting infra in AWS Manage AWS RDS instances | Terraform | HashiCorp Developer