Core Web Vitals WordPress performance is important for user experience, for search optimisation. Learn how to improve wordpress and recaptcha CWV.
Speedup wordpress by dequeing unused scripts and css. The Events Calendar is used as an example. Faster load, less parse, better core web vitals.
Latency, specifically DNS Latency, is a big factor in web page load time. Don’t over-focus on bandwidth, examine prefetch and latency to improve.
Web site performance. Search engines favour sped. Milliseconds matter. Performance is as important as the content, as important as the appearance.
Your web site uses new technology. Shake it down by using your Sitemap for Latency and load testing with locust and istio.
Cloud Native: embracing failures. Assume Strength in Numbers. Don’t spend large time on a single infinitely reliable thing, assume each component will fail.
CNAME. Invented in 1987, used in today’s SaaS. See how your domain can be shared with your partners.
Concerned about the new dockerhub rate limits? Run Kubernetes? Run CI? Deploy a pull-through cache simply to reduce the risk and impact.
Email. Port 25. Security. Spam. Its more complex than it used to be to be a good Internet citizen for email sending. Cloud edition.
Take WordPress. Modernise it. Make it cloud-native. Add tidb cloud-native database. Add stateless storage.
OpenID Connect, a powerful single-sign-on with strong security, and locking the user to the upstream ID means if their name changes you are insulated.
For audit, security, tracing, we want the origin IP logged. Load-balancers can mask this. Learn how to log the true client IP from nginx with lua, when that nginx is behind a load-balancer (reverse proxy)
Large legacy systems hold our data hostage. Tame their grip with REST-ful API’s and microservices. Fear no more on upgrades or even replacements.
Secure. Reliable. Economical. All three. We have embraced failures to create a reliable municipal hybrid cloud with unreliable components, economically.
Declarative. It becomes a way of life. We have chosen kustomize to safely build our inventory of YAML, including Istio and Cert-Manager. But, it has proven incredibly non-DRY. After some refactoring etc, I made a few Generators and Transformers to cover some…
Prevent accidents from happening on un-merged feature branches with GitFlow and kustomize.
Cloud Native Day Presentation.
The dangers that lurk inside your Kubernetes Cluster, what to watch out for.
Ever wondered why so many breaches happen due to secrets being checked in to source control?
Want to make it easy to commit them to git, and be secure at the same time?
TLS certificates, unlike wine, do not get better with age. Refresh them before they hit the end of their lifecycle.
Passwords. bits of plain text that end up everywhere in automated systems. etcd. A `secure` way to share secrets. The Internet. A place that everything is guaranteed to end up. This is a toxic brew, read on!
Wide open elasticsearch on the Internet. Its common. The user usually believes since they use private IP (NAT) they are protected. Wrong.
Static application security for nodejs and Gitlab CI without changing your containers. SAST the easy way using docker FROM.
Secrets get committed to git, forgotten, and then resurrected by the wrong people later.
Don’t let this happen to you, use sops.
And be declarative, use kustomize.
And do it with this cool new library I wrote.
Amplification attacks occur when a small request causes a larger response. NTP and DNS have both been prone to this, but now cloud logging? Read on!
Using fluent-bit annotations can increase the usefulness of your Kubernetes nginx-ingress logging. Create a custom regex parser.
The (memory) cost of all the security proxies can be higher than the thing they protect. Let’s look at Istio.
Google API keys. Powerful. Commonly used on websites. But able to cost you a lot of money. Learn how to protect them and your wallet.
Fluent-Bit log routing by namespace or by cluster. Route the logs from the right input(s) to the right outputs in fluent-bit in kubernetes.
Cloud. It achieves its elastic nature using Load Balancers and Proxies. The sad side affect of these is they remove the source IP. Let’s try to bring it back.
Ever wanted to apply Kubernetes secrets without displaying or persisting the secret value? Well now you can: Unix to the rescue!
Have you ever had a Pod in a Deployment that you wish would just pull the latest container image to see what’s up? Want to run the equivalent of `touch`? Read on!
Keeping your cool during an upgrade is important. Let the scheduler do its work, you’ll reconverge to happiness.
Like scalable storage? Like resilience, redundancy? Want to run your own Kubernetes cluster with great persistent disks? Let’s talk ceph!
Kubernetes technically doesn’t support dual-stack (ipv4 and ipv6 simultaneously). What if you want to run some CI job in there that requires a localhost ::1 to bind to? Read on!
Add the sha-hash of a configmap contents to its name as a design pattern and simplify your Deployment restarts, knowing they always have the right value and don’t die on error.
Cloud logging. How much space does a typical keep-alive take if you log it?
You would be shocked that 1 byte of log could be 32+ KiB of output space. Watch the entropy!
Want to see what ‘docker’ is doing on a Kubernetes node (logs, ps, images), or re-pull an image? Don’t want to ssh there? dink!
Could cloud logging be the next NTP amplification attack for a DDoS? A small input produces a larger output, the ingredients are there…
You are working with multiple clouds. But, you keep changing context and then accidentally applying something. Ooops. If only this could be simpler.Drop these two bits in your .bashrc. Now you can simply say ‘context foo’ and be in that context with…
Declarative vs Imperative. In a ‘declarative’ world I document the desired state, and it is the job of the system to ‘make it so’. In a declarative world you don’t need to worry about ‘how’, and you don’t need to worry about…
In a declarative world its all written down and checked into version control. No commands are used.
Sometimes you hit a wall and have to punt.
Here I show a simple workaround using `envsubst` for those times that declarative just doesn’t work.
Sometimes you need a debug container hanging around to check something from within your cluster. You cobble something together, make the ‘command’ be ‘sleep 3600’ or ‘tail -f /dev/null’ and call it a day. But they don’t terminate gracefully.
Let’s learn how to…
Are you lazy and use ‘-k’ to curl all the time when using Let’s Encrypt staging? Or worse, use snake-oil? Or even worse, use just http for ‘test’? Let me show you how to fix that, simply.
Cloud Native means being resilient to unexpected changes, to achieving high availability through embracing failures rather than designing them out.
Google has added ‘preemptible’ nodes to their Google Cloud, available to their managed Kubernetes. These nodes are a lot cheaper, but there’s a…
Cloud Native implies a continuum. A declarative world that has no special event that occurs when it is started or finished.
Non cloud-native applications often have ‘start’ or ‘upgrade’ tasks that need performing. Things that need to be done ‘one’ or ‘first’…