Declarative. It becomes a way of life. We have chosen kustomize to safely build our inventory of YAML, including Istio and Cert-Manager. But, it has proven incredibly non-DRY. After some refactoring etc, I made a few Generators and Transformers to cover some… Read More »Kustomizing Kustomize: Releasing Our Tools
Ever wondered why so many breaches happen due to secrets being checked in to source control?
Want to make it easy to commit them to git, and be secure at the same time?
Your shiny new cloud instances might be tarnished by the reputation of the last tenant.
Use Shodan to check, and Greynoise to see if its above the norm.
And above all, don’t panic!
Passwords. bits of plain text that end up everywhere in automated systems. etcd. A `secure` way to share secrets. The Internet. A place that everything is guaranteed to end up. This is a toxic brew, read on!
Wide open elasticsearch on the Internet. Its common. The user usually believes since they use private IP (NAT) they are protected. Wrong.
Bad code can come in through our own import statements and software process. Do you run an egress firewall to protect the world from yourself?
Use your desktop chrome to find software with security flaws on the sites you visit. And then fix (if your own) or notify (if not). Be part of the security solution.
Secrets get committed to git, forgotten, and then resurrected by the wrong people later.
Don’t let this happen to you, use sops.
And be declarative, use kustomize.
And do it with this cool new library I wrote.
Amplification attacks occur when a small request causes a larger response. NTP and DNS have both been prone to this, but now cloud logging? Read on!
Software is eating the world. The software supply chain is very complex to understand and manage. One slip up upstream, and that code is in your image very rapidly. Continuous!
Cloud. It achieves its elastic nature using Load Balancers and Proxies. The sad side affect of these is they remove the source IP. Let’s try to bring it back.
Have you ever had a Pod in a Deployment that you wish would just pull the latest container image to see what’s up? Want to run the equivalent of `touch`? Read on!
Like scalable storage? Like resilience, redundancy? Want to run your own Kubernetes cluster with great persistent disks? Let’s talk ceph!
Kubernetes technically doesn’t support dual-stack (ipv4 and ipv6 simultaneously). What if you want to run some CI job in there that requires a localhost ::1 to bind to? Read on!