Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Andrey Devyatkin
    @Andrey9kin
    Not sure if I shared it before https://aws-cost.academy/
    Mattias Hemmingsson
    @mattiashem
    Sounds good lets do talk "progressive delivery and ci/cd tools" Wednesday and then do "wazuh and IDS " next time ? @jlarfors Shall i send invite? And @/all any else want to jump in as well in the battle of CI / CD tools :-)
    1 reply
    Jacob Lärfors
    @jlarfors
    Would this also include talks on GitOps and tools like FluxCD/ArgoCD?
    So “Progressive delivery” to include deployment?
    Personally I think the topic is very relevant for CI... kinda changes the pipeline game
    Mattias Hemmingsson
    @mattiashem
    Yee we hade a talk before about gitops. But as you said "Game changer" :-) You can bring up anything you like during the talk no hard agendas
    Should a send a invite then ?
    Andrey Devyatkin
    @Andrey9kin
    @mattiashem yes please do
    November 10, 2020
    How to get root on Ubuntu 20.04 by pretending nobody’s /home
    Julien Bisconti
    @veggiemonk
    Andrey Devyatkin
    @Andrey9kin
    so is it a some kind of wrapper around argocd?
    Julien Bisconti
    @veggiemonk
    It seems like it, but with better default configuration
    Julien Bisconti
    @veggiemonk
    Mattias Hemmingsson
    @mattiashem
    Nice have a hackday so will start looking on devtron.ai looks nice.
    Julien Bisconti
    @veggiemonk

    Devops vs Security - where do they intersect?

    Cyber Security & Devops With Zaid Sabih & Brett Fisher

    OH:

    A: "Just use Terrible to deploy it."
    B: "What?"
    A: "Terraform and Ansible."
    B: "Oh. Yeah. Terrible."

    Mattias Hemmingsson
    @mattiashem
    hahah
    Nice to talk some IDS next time
    And how new tools are taking over :-)
    Julien Bisconti
    @veggiemonk
    Cool
    I heard Wazuh was quite popular.
    Julien Bisconti
    @veggiemonk
    Jacob Lärfors
    @jlarfors

    Hey! So I’ve been part of a team developing an open source tool for capturing as much data as possible to do with software development/release (test results, task management, ci pipelines, etc.). It is basically a data pipeline language in HCL with a graphql backend for data storing, querying, mutation, subscribing, notifications... At least I am super excited about this project, codenamed “bubbly”
    Andrey suggested that we could do an episode on this, and discuss similar tools like Eiffel or even tekton.

    Thoughts_

    12 replies
    Andrey Devyatkin
    @Andrey9kin
    1 reply
    Support not only vault but AWS Secrets Manager as well
    though useful for GitOps approach I wouldn’t pull secrets from Vault to k8s secrets since then auditing becomes harder
    it is better to have application to read it directly from vault (or using some startup script)
    making sure we have a tracable access log wiht actual id
    Jacob Lärfors
    @jlarfors
    “that would be an interesting show” <— maybe too interesting :D
    Mattias Hemmingsson
    @mattiashem
    Sounds great 👍 i can send invites. I want to hear more about that project
    I use this for getting vault secrets to my pods
    Andrey Devyatkin
    @Andrey9kin
    have you seen this one https://github.com/hashicorp/vault-k8s ?
    official mutating webhook from HashiCorp
    Mattias Hemmingsson
    @mattiashem
    Yeee but you get the secret as a secret then in the pod mounted as a file. And want them as env
    Andrey Devyatkin
    @Andrey9kin
    Understood
    Mattias Hemmingsson
    @mattiashem
    Doing 12 faktor and the nice part it's lock the secret to the precess so if you exec into the pod and do a env you only se the path to the secret
    Well the pod has access to pull it so you can curl and get the secret from the pod 😂
    Andrey Devyatkin
    @Andrey9kin
    Do not want to break it for you but /proc/$pid/environ ….
    In linux everything is a file
    though you need a root or sudo to read that one
    not sure if the same user can read one of its processes environ
    Mattias Hemmingsson
    @mattiashem
    Yeee it's not a protection. :-)