Beschreibung
For one of our clients, we are looking for a freelance Tufin consultant (m/f).Description:
The client launched a project for firewall management last year to restructure responsibilities in this area. Part of this project is to secure internal Kubernetes cluster communication with the use and management of network security policies.
Tufin provides a tool to automatically detect network communication (in the learning mode) inside a Kubernetes cluster and generate corresponding Kubernetes Network Policies. It is the goal of this task to ease the process for development teams to define suitable network policies by generating minimalistic network policies per namespace upon request and push these generated network policies into a suitable feature branch of a Git repository so that Development teams can merge these generated network policies into their master branch as needed.
Task:
• Creation of a design document for the implementation reviewed and approved by the client
• Implement Process Integration between Tufin Kubernetes Network Security Module and Development Repository using Tufin REST APIs that meets the following requirements
o Namespace Owners must be able to switch on learning mode for a cluster for a configurable time (up to 60 minutes)
o Several Namespace Owners must be able to switch on Learning Mode in parallel
o Learning Mode is automatically switched off when no Namespace Owner has switched on Learning Mode
o When the configured Learning Mode interval for a namespace has ended a namespace specific network policy is generated and pushed to a predefined Git Repository
o A namespace owner can define a Git repository and branch to which generated network policies in yaml format can be pushed
o Access tokens to push network policies to the git branch must be stored securely
o Network policies that are already configured in the namespace should not be discovered again
• In the design document the client expects to find detailed description of the application architecture, the installations process and operations manual. The document will be sent to the client via mail and signed off or rejected until finished- Implementation of the design in a suitable programming language (preferably Java, to be determined in the design document ). The consultant will write source code, test it and check it into a version control system (implementation and design are well-known and precise terms in conjunction with software development)
• Maintain source code in the client’s Version Control System (Azure DevOps) for the implementation on a continuous basis. Access to a suitable repository will be provided by the client
• Configuration of a CI/CD pipeline in Azure DevOps for automated build and deployment to a suitable runtime environment (defined in the design document)
• Knowledge transfer of the application architecture, the operations details of the software and the installation process and Handover to the client line organization. The knowledge transfer will be organized by the client. The knowledge will be conducted as Microsoft Teams sessions. The handover consists of going through the existing documents, clarifying open questions. Afterwards the handover will be signed off by the client- Project Closure documentation. The consultant will prepare a checklist of all activities planned including completion date, present it to the client and the client will sign-off
Project start: March 2021
Project location: Remote
Project duration: 3+ months