# DevOps 1. [Home](https://www.agilicus.com/) 2. [Blog](https://www.agilicus.com/blog/) 3. DevOps ![about-agilicus](https://www.agilicus.com/www/9f15eb3a-about-hero-01.svg)# DevOps: How We Build ## Overview DevOps. Comining development practices with Operations practices. Shifting things left. Moving to a more continuous cycle of integration and delivery. DevOps has spawned a culture. A set of tools. It is highly complementary with Agile, of which Agilicus is a strong proponent. https://youtu.be/dti7Wii4hyk - [![Core Web Vitals WordPress Improve Recaptcha Performance](https://www.agilicus.com/www/1e5c7a4e-page-speed.png "Core Web Vitals Wordpress Improve Recaptcha Performance 1")](https://www.agilicus.com/core-web-vitals-wordpress-improve-recaptcha-performance/)## [Core Web Vitals WordPress Improve Recaptcha Performance](https://www.agilicus.com/core-web-vitals-wordpress-improve-recaptcha-performance/) Core Web Vitals Wordpress performance is important for user experience, for search optimisation. Learn how to improve wordpress and recaptcha CWV. - [![Speedup WordPress By Dequeue Unused Scripts](https://www.agilicus.com/www/1e5c7a4e-page-speed.png "Speedup Wordpress By Dequeue Unused Scripts 2")](https://www.agilicus.com/speedup-wordpress-dequeue-scripts/)## [Speedup WordPress By Dequeue Unused Scripts](https://www.agilicus.com/speedup-wordpress-dequeue-scripts/) Speedup wordpress by dequeing unused scripts and css. The Events Calendar is used as an example. Faster load, less parse, better core web vitals. - [![Its Always DNS: Latency In Web Load Time](https://www.agilicus.com/www/be2be8e8-load-time-by-type.png "Its Always DNS: Latency In Web Load Time 3")](https://www.agilicus.com/dns-latency-website-load/)## [Its Always DNS: Latency In Web Load Time](https://www.agilicus.com/dns-latency-website-load/) Latency, specifically DNS Latency, is a big factor in web page load time. Don't over-focus on bandwidth, examine prefetch and latency to improve. - [![The Quest For Web Site Performance Perfection](https://www.agilicus.com/www/a1b79a60-gtmetrix-report.png "The Quest For Web Site Performance Perfection 4")](https://www.agilicus.com/the-quest-for-web-site-performance-perfection/)## [The Quest For Web Site Performance Perfection](https://www.agilicus.com/the-quest-for-web-site-performance-perfection/) Web site performance. Search engines favour sped. Milliseconds matter. Performance is as important as the content, as important as the appearance. - [![Latency And Load Testing Your Web Site With Locust and Istio](https://www.agilicus.com/www/86cde8af-locust-response-chart.png "Latency And Load Testing Your Web Site With Locust and Istio 5")](https://www.agilicus.com/latency-and-load-testing-web-site/)## [Latency And Load Testing Your Web Site With Locust and Istio](https://www.agilicus.com/latency-and-load-testing-web-site/) Your web site uses new technology. Shake it down by using your Sitemap for Latency and load testing with locust and istio. - [![Embrace Failures: find the start times of Kubernetes pods](https://www.agilicus.com/www/587ec691-quiz.png "Embrace Failures: find the start times of Kubernetes pods 6")](https://www.agilicus.com/embrace-failure-kubernetes-pod-restart-times/)## [Embrace Failures: find the start times of Kubernetes pods](https://www.agilicus.com/embrace-failure-kubernetes-pod-restart-times/) Cloud Native: embracing failures. Assume Strength in Numbers. Don't spend large time on a single infinitely reliable thing, assume each component will fail. - [![Internet Redirect & Alias: The CNAME](https://www.agilicus.com/www/cd1e4db6-cname-lookup.png "Internet Redirect & Alias: The CNAME 7")](https://www.agilicus.com/about-dns-cname/)## [Internet Redirect & Alias: The CNAME](https://www.agilicus.com/about-dns-cname/) CNAME. Invented in 1987, used in today's SaaS. See how your domain can be shared with your partners. - [![Dockerhub and pull limits: cache some insurance](https://www.agilicus.com/www/85b9e8aa-dockerhub-limits.png "Dockerhub and pull limits: cache some insurance 8")](https://www.agilicus.com/dockerhub-pull-limit-cache-insurance/)## [Dockerhub and pull limits: cache some insurance](https://www.agilicus.com/dockerhub-pull-limit-cache-insurance/) Concerned about the new dockerhub rate limits? Run Kubernetes? Run CI? Deploy a pull-through cache simply to reduce the risk and impact. - [![The deep rabbit hole of email in cloud](https://www.agilicus.com/www/4443e2a3-image.png "The deep rabbit hole of email in cloud 9")](https://www.agilicus.com/email-aws-ses-saml-sso/)## [The deep rabbit hole of email in cloud](https://www.agilicus.com/email-aws-ses-saml-sso/) Email. Port 25. Security. Spam. Its more complex than it used to be to be a good Internet citizen for email sending. Cloud edition. - [![Delicious Dogfood: Cloud Native WordPress](https://www.agilicus.com/www/c6566fab-wordpress-cloud.png "Delicious Dogfood: Cloud Native Wordpress 10")](https://www.agilicus.com/cloud-native-wordpress/)## [Delicious Dogfood: Cloud Native WordPress](https://www.agilicus.com/cloud-native-wordpress/) Take Wordpress. Modernise it. Make it cloud-native. Add tidb cloud-native database. Add stateless storage. - [![Finding your Google ID and reclaiming your Gitlab account](https://storage.googleapis.com/agilicus/www/2020/09/gitlab-google-id.png "Finding your Google ID and reclaiming your Gitlab account 11")](https://www.agilicus.com/finding-your-google-id-and-reclaiming-your-gitlab-account/)## [Finding your Google ID and reclaiming your Gitlab account](https://www.agilicus.com/finding-your-google-id-and-reclaiming-your-gitlab-account/) OpenID Connect, a powerful single-sign-on with strong security, and locking the user to the upstream ID means if their name changes you are insulated. - [![Logging real remote address with Nginx and Lua](https://storage.googleapis.com/agilicus/www/2020/04/proxy-ip.png "Logging real remote address with Nginx and Lua 12")](https://www.agilicus.com/logging-real-remote-address-with-nginx-and-lua/)## [Logging real remote address with Nginx and Lua](https://www.agilicus.com/logging-real-remote-address-with-nginx-and-lua/) For audit, security, tracing, we want the origin IP logged. Load-balancers can mask this. Learn how to log the true client IP from nginx with lua, when that nginx is behind a load-balancer (reverse proxy) - [![Tame the legacy beast with API’s](https://storage.googleapis.com/agilicus/www/2019/12/c3eca963-image.png "Tame the legacy beast with API's 13")](https://www.agilicus.com/tame-the-legacy-beast-api/)## [Tame the legacy beast with API’s](https://www.agilicus.com/tame-the-legacy-beast-api/) Large legacy systems hold our data hostage. Tame their grip with REST-ful API's and microservices. Fear no more on upgrades or even replacements. - [![Creating the reliable cloud with unreliable components](https://storage.googleapis.com/agilicus/www/2019/11/923962c3-image.png "Creating the reliable cloud with unreliable components 14")](https://www.agilicus.com/creating-the-reliable-cloud-with-unreliable-components/)## [Creating the reliable cloud with unreliable components](https://www.agilicus.com/creating-the-reliable-cloud-with-unreliable-components/) Secure. Reliable. Economical. All three. We have embraced failures to create a reliable municipal hybrid cloud with unreliable components, economically. - [![Kustomizing Kustomize: Releasing Our Tools](https://storage.googleapis.com/agilicus/www/2019/05/831a410a-good-bad-cloud.png "Kustomizing Kustomize: Releasing Our Tools 15")](https://www.agilicus.com/kustomize-plugin-examples/)## [Kustomizing Kustomize: Releasing Our Tools](https://www.agilicus.com/kustomize-plugin-examples/) Declarative. It becomes a way of life. We have chosen kustomize to safely build our inventory of YAML, including Istio and Cert-Manager. But, it has proven incredibly non-DRY. After some refactoring etc, I made a few Generators and Transformers to cover some of the most common cases. And, today, for the low low price of $0, you can snoop around and use them, via our Github page. It turned out that (as you might expect) the main driver was errors.… - [![Declarative GitFlow: restrict kustomize to master branch](https://storage.googleapis.com/agilicus/www/2019/06/3e6ab34f-kustomize-apply-branch.png "Declarative GitFlow: restrict kustomize to master branch 16")](https://www.agilicus.com/declarative-gitflow-restrict-kustomize-to-master-branch/)## [Declarative GitFlow: restrict kustomize to master branch](https://www.agilicus.com/declarative-gitflow-restrict-kustomize-to-master-branch/) Prevent accidents from happening on un-merged feature branches with GitFlow and kustomize. - [![Defense in Depth: Securing your new Kubernetes cluster from the challenges that lurk within](https://www.agilicus.com/www/fe59cae6-cloud-native-day-defense-in-depth.png "Defense in Depth: Securing your new Kubernetes cluster from the challenges that lurk within 17")](https://www.agilicus.com/defense-in-depth-securing-your-new-kubernetes-cluster-from-the-challenges-that-lurk-within/)## [Defense in Depth: Securing your new Kubernetes cluster from the challenges that lurk within](https://www.agilicus.com/defense-in-depth-securing-your-new-kubernetes-cluster-from-the-challenges-that-lurk-within/) Cloud Native Day Presentation. The dangers that lurk inside your Kubernetes Cluster, what to watch out for. - [![Cloud Security Blasphemy: Secrets in git](https://storage.googleapis.com/agilicus/www/2019/04/7e189e36-luggage.png "Cloud Security Blasphemy: Secrets in git 18")](https://www.agilicus.com/cloud-security-blasphemy-secrets-in-git/)## [Cloud Security Blasphemy: Secrets in git](https://www.agilicus.com/cloud-security-blasphemy-secrets-in-git/) Ever wondered why so many breaches happen due to secrets being checked in to source control? Want to make it easy to commit them to git, and be secure at the same time? Read On! - [![Keep your certificates young and fresh](https://storage.googleapis.com/agilicus/www/2019/05/c6ecd2d8-image.png "Keep your certificates young and fresh 19")](https://www.agilicus.com/keep-your-certificates-young-and-fresh/)## [Keep your certificates young and fresh](https://www.agilicus.com/keep-your-certificates-young-and-fresh/) TLS certificates, unlike wine, do not get better with age. Refresh them before they hit the end of their lifecycle. - [![That’s the kind of password an idiot uses on luggage: cloud security](https://storage.googleapis.com/agilicus/www/2019/04/7e189e36-luggage.png "That’s the kind of password an idiot uses on luggage: cloud security 20")](https://www.agilicus.com/thats-the-kind-of-password-an-idiot-uses-on-luggage-cloud-security/)## [That’s the kind of password an idiot uses on luggage: cloud security](https://www.agilicus.com/thats-the-kind-of-password-an-idiot-uses-on-luggage-cloud-security/) Passwords. bits of plain text that end up everywhere in automated systems. etcd. A `secure` way to share secrets. The Internet. A place that everything is guaranteed to end up. This is a toxic brew, read on! - [![The naked cloud: elasticsearch is stretch but doesn’t cover security](https://storage.googleapis.com/agilicus/www/2019/04/70c78388-naked-david.png "The naked cloud: elasticsearch is stretch but doesn’t cover security 21")](https://www.agilicus.com/the-naked-cloud-elasticsearch-is-stretch-but-doesnt-cover-security/)## [The naked cloud: elasticsearch is stretch but doesn’t cover security](https://www.agilicus.com/the-naked-cloud-elasticsearch-is-stretch-but-doesnt-cover-security/) Wide open elasticsearch on the Internet. Its common. The user usually believes since they use private IP (NAT) they are protected. Wrong. - [![Static Application Security for Nodejs (with Gitlab CI)](https://storage.googleapis.com/agilicus/www/2019/04/be01c866-node-sast.png "Static Application Security for Nodejs (with Gitlab CI) 22")](https://www.agilicus.com/static-application-security-testing-sast-and-nodejs-with-gitlab-ci/)## [Static Application Security for Nodejs (with Gitlab CI)](https://www.agilicus.com/static-application-security-testing-sast-and-nodejs-with-gitlab-ci/) Static application security for nodejs and Gitlab CI without changing your containers. SAST the easy way using docker FROM. - [![Safely secure secrets: a sops plugin for kustomize](https://storage.googleapis.com/agilicus/www/2019/04/3d9b86f9-sops.png "Safely secure secrets: a sops plugin for kustomize 23")](https://www.agilicus.com/safely-secure-secrets-a-sops-plugin-for-kustomize/)## [Safely secure secrets: a sops plugin for kustomize](https://www.agilicus.com/safely-secure-secrets-a-sops-plugin-for-kustomize/) Secrets get committed to git, forgotten, and then resurrected by the wrong people later. Don't let this happen to you, use sops. And be declarative, use kustomize. And do it with this cool new library I wrote. - [![They got in via the logging! remote exploits and DDoS using the security logs](https://storage.googleapis.com/agilicus/www/2019/04/673e1e0d-ntp-ddos.png "They got in via the logging! remote exploits and DDoS using the security logs 24")](https://www.agilicus.com/they-got-in-via-the-logging-remote-exploits-and-ddos-using-the-security-logs/)## [They got in via the logging! remote exploits and DDoS using the security logs](https://www.agilicus.com/they-got-in-via-the-logging-remote-exploits-and-ddos-using-the-security-logs/) Amplification attacks occur when a small request causes a larger response. NTP and DNS have both been prone to this, but now cloud logging? Read on! - [![Increasing the usefulness of your Kubernetes Ingress logging](https://storage.googleapis.com/agilicus/www/2019/04/b87049a4-fb-es.png "Increasing the usefulness of your Kubernetes Ingress logging 25")](https://www.agilicus.com/increasing-the-usefulness-of-your-kubernetes-ingress-logging/)## [Increasing the usefulness of your Kubernetes Ingress logging](https://www.agilicus.com/increasing-the-usefulness-of-your-kubernetes-ingress-logging/) Using fluent-bit annotations can increase the usefulness of your Kubernetes nginx-ingress logging. Create a custom regex parser. - [![When your security tools cost more than the thing they protect](https://storage.googleapis.com/agilicus/www/2019/04/6280652d-fat-security-guard.png "When your security tools cost more than the thing they protect 26")](https://www.agilicus.com/when-your-security-tools-cost-more-than-the-thing-they-protect/)## [When your security tools cost more than the thing they protect](https://www.agilicus.com/when-your-security-tools-cost-more-than-the-thing-they-protect/) The (memory) cost of all the security proxies can be higher than the thing they protect. Let's look at Istio. - [![Protect your API key (and your credit rating)](https://storage.googleapis.com/agilicus/www/2019/04/c335453b-api-key.png "Protect your API key (and your credit rating) 27")](https://www.agilicus.com/protect-your-api-key-and-your-credit-rating/)## [Protect your API key (and your credit rating)](https://www.agilicus.com/protect-your-api-key-and-your-credit-rating/) Google API keys. Powerful. Commonly used on websites. But able to cost you a lot of money. Learn how to protect them and your wallet. - [![Fluent-Bit log routing by namespace in Kubernetes](https://www.agilicus.com/www/24b75d11-fluent-bit-log-routing-kubernetes.png "Fluent-Bit log routing by namespace in Kubernetes 28")](https://www.agilicus.com/routing-to-multiple-outputs-by-kubernetes-namespace-in-fluent-bit/)## [Fluent-Bit log routing by namespace in Kubernetes](https://www.agilicus.com/routing-to-multiple-outputs-by-kubernetes-namespace-in-fluent-bit/) Fluent-Bit log routing by namespace or by cluster. Route the logs from the right input(s) to the right outputs in fluent-bit in kubernetes. - [![What a wicked NAT we weave: detangling the cloud](https://storage.googleapis.com/agilicus/www/2019/04/a6ad8b96-tangled-wires.jpg "What a wicked NAT we weave: detangling the cloud 29")](https://www.agilicus.com/what-a-wicked-nat-we-weave-detangling-the-cloud/)## [What a wicked NAT we weave: detangling the cloud](https://www.agilicus.com/what-a-wicked-nat-we-weave-detangling-the-cloud/) Cloud. It achieves its elastic nature using Load Balancers and Proxies. The sad side affect of these is they remove the source IP. Let's try to bring it back. - [![Unix to the Rescue](https://www.agilicus.com/www/55398c74-friends.webp "Unix to the Rescue 30")](https://www.agilicus.com/unix-to-the-rescue/)## [Unix to the Rescue](https://www.agilicus.com/unix-to-the-rescue/) Ever wanted to apply Kubernetes secrets without displaying or persisting the secret value? Well now you can: Unix to the rescue! [Next Page→](/blog/devops/?query-20-page=2)