Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Andrey Devyatkin
    @Andrey9kin
    making sure we have a tracable access log wiht actual id
    Jacob Lärfors
    @jlarfors
    “that would be an interesting show” <— maybe too interesting :D
    Julien Bisconti
    @veggiemonk
    https://podcasthosting.org/podcast-statistics/
    Andrey Devyatkin
    @Andrey9kin
    https://github.com/eiffel-community/eiffel/blob/master/introduction/introduction.md
    Mattias Hemmingsson
    @mattiashem
    Sounds great 👍 i can send invites. I want to hear more about that project
    https://banzaicloud.com/blog/inject-secrets-into-pods-vault-revisited/
    I use this for getting vault secrets to my pods
    Andrey Devyatkin
    @Andrey9kin
    have you seen this one https://github.com/hashicorp/vault-k8s ?
    official mutating webhook from HashiCorp
    Mattias Hemmingsson
    @mattiashem
    Yeee but you get the secret as a secret then in the pod mounted as a file. And want them as env
    Andrey Devyatkin
    @Andrey9kin
    Understood
    Mattias Hemmingsson
    @mattiashem
    Doing 12 faktor and the nice part it's lock the secret to the precess so if you exec into the pod and do a env you only se the path to the secret
    Well the pod has access to pull it so you can curl and get the secret from the pod 😂
    Andrey Devyatkin
    @Andrey9kin
    Do not want to break it for you but /proc/$pid/environ ….
    In linux everything is a file
    though you need a root or sudo to read that one
    not sure if the same user can read one of its processes environ
    Mattias Hemmingsson
    @mattiashem
    Yeee it's not a protection. :-)
    Andrey Devyatkin
    @Andrey9kin
    Number 20 is out
    Jacob Lärfors
    @jlarfors
    Hey guys, sadly I have to decline today's session... I have a lot of work (build up before xmas) and so I have to prioritise myself a little bit :) Hope it's not a problem, I'd love to join another time and have a great one!
    Andrey Devyatkin
    @Andrey9kin
    no worries
    Life happens
    Julien Bisconti
    @veggiemonk
    The ikea deliveries is coming in 10 min, I'll will be late
    Julien Bisconti
    @veggiemonk
    it's delivered! Those guys were so fast
    Julien Bisconti
    @veggiemonk
    https://aws.amazon.com/message/11201/
    Andrey Devyatkin
    @Andrey9kin
    just announced during the keynote https://aws.amazon.com/fis/
    Julien Bisconti
    @veggiemonk
    Talking about Chaos Engineering, I've done a few talk about it: One of the earliest is https://www.youtube.com/watch?v=ukc5mvZkxDI with Sylvain (author of Chaos Toolkit)
    Andrey Devyatkin
    @Andrey9kin
    that is cool
    will add it to the show notes
    Henrik René Høegh
    @HenrikHoegh_twitter
    Hi. Me and Jonas (a colleague) are creating an open source tool on GitHub. Mostly to try and set s proper project up, and because a customer of ours need it. Its done in our free time, and we would love some feedback. It's still work in progress, but the major functionality is more or less in place.
    https://github.com/jonasvinther/medusa
    If you have time, let us know what you think vault experts 🤓
    Andrey Devyatkin
    @Andrey9kin
    so the problem that you are trying to solve initial population of Vault with secrets?
    just trying to understand what is it for
    Henrik René Høegh
    @HenrikHoegh_twitter
    Import and export of data. Recursively. So yaml or JSON becomes the format that defines your vault data, also as an backup. We will add the possibility to encrypt the output later on, but you can just pipe it to PGP or alike. Also you can export a section of your data, and import that to another vault. Or to the same vault in a different place.
    Andrey Devyatkin
    @Andrey9kin
    could be an interesting option for back up. Though then you have your secrets in a couple of places and have more stuff to protect
    Henrik René Høegh
    @HenrikHoegh_twitter
    A running vault instance shouldn't be your single point of throuth. At least have a backup or better encrypted files from which you can recreate it from.
    Jacob Lärfors
    @jlarfors
    Really funny that my colleague has done something similar at his company, and I implemented something for fun over summer but never intended it to be production ready. I’d be interested in trying when the situation arises.
    One immediate use case I can see: when creating the infra where Vault will run (so you don’t have vault yet) it would be cool to spin up a temp vault instance that can be bootstrapped in this way, but used with packer/terraform/etc more as an API than long term secrets storage
    Andrey Devyatkin
    @Andrey9kin
    You can do DR cluster if you got Vault Enterprise or point in time recovery if using DynamoDB as a backend...
    So such script would be useful for people runnung on prem
    but usually people wiht infra on prem has money to spend and they might already have Vault Enterprise
    but if they don’t then it might be legit case for them
    Mattias Hemmingsson
    @mattiashem
    Cool i have a tool that convert values.yaml from helm to a json and then upload it to vault as a init state :-)
    Everyone has the same problem and solve it..
    Jacob Lärfors
    @jlarfors
    And all the solutions are quite different 😅welcome to “DevOps” 😆
    Andrey Devyatkin
    @Andrey9kin
    how often would you recreate vault secrets?
    Mattias Hemmingsson
    @mattiashem
    Its check if there are any secrets and if not its add them as a base. Then super simple for devs to edit a secret ...
    If they are to add s new its hars to get it correct ...
    Julien Bisconti
    @veggiemonk
    What do you think of this meshing of networking on k8s with wireguard ? https://www.youtube.com/watch?v=iPz_DAOOCKA
    project kilo: https://github.com/squat/kilo
    I was thinking of doing something like tailscale at home... Or have a VPN proxy server that can handle 1000Mbits/sec
    Andrey Devyatkin
    @Andrey9kin
    i think problems