Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Andrey Devyatkin
    @Andrey9kin
    Number 20 is out
    Jacob Lärfors
    @jlarfors
    Hey guys, sadly I have to decline today's session... I have a lot of work (build up before xmas) and so I have to prioritise myself a little bit :) Hope it's not a problem, I'd love to join another time and have a great one!
    Andrey Devyatkin
    @Andrey9kin
    no worries
    Life happens
    Julien Bisconti
    @veggiemonk
    The ikea deliveries is coming in 10 min, I'll will be late
    Julien Bisconti
    @veggiemonk
    it's delivered! Those guys were so fast
    Julien Bisconti
    @veggiemonk
    Andrey Devyatkin
    @Andrey9kin
    just announced during the keynote https://aws.amazon.com/fis/
    Julien Bisconti
    @veggiemonk
    Talking about Chaos Engineering, I've done a few talk about it: One of the earliest is https://www.youtube.com/watch?v=ukc5mvZkxDI with Sylvain (author of Chaos Toolkit)
    Andrey Devyatkin
    @Andrey9kin
    that is cool
    will add it to the show notes
    Henrik René Høegh
    @HenrikHoegh_twitter
    Hi. Me and Jonas (a colleague) are creating an open source tool on GitHub. Mostly to try and set s proper project up, and because a customer of ours need it. Its done in our free time, and we would love some feedback. It's still work in progress, but the major functionality is more or less in place.
    https://github.com/jonasvinther/medusa
    If you have time, let us know what you think vault experts 🤓
    Andrey Devyatkin
    @Andrey9kin
    so the problem that you are trying to solve initial population of Vault with secrets?
    just trying to understand what is it for
    Henrik René Høegh
    @HenrikHoegh_twitter
    Import and export of data. Recursively. So yaml or JSON becomes the format that defines your vault data, also as an backup. We will add the possibility to encrypt the output later on, but you can just pipe it to PGP or alike. Also you can export a section of your data, and import that to another vault. Or to the same vault in a different place.
    Andrey Devyatkin
    @Andrey9kin
    could be an interesting option for back up. Though then you have your secrets in a couple of places and have more stuff to protect
    Henrik René Høegh
    @HenrikHoegh_twitter
    A running vault instance shouldn't be your single point of throuth. At least have a backup or better encrypted files from which you can recreate it from.
    Jacob Lärfors
    @jlarfors
    Really funny that my colleague has done something similar at his company, and I implemented something for fun over summer but never intended it to be production ready. I’d be interested in trying when the situation arises.
    One immediate use case I can see: when creating the infra where Vault will run (so you don’t have vault yet) it would be cool to spin up a temp vault instance that can be bootstrapped in this way, but used with packer/terraform/etc more as an API than long term secrets storage
    Andrey Devyatkin
    @Andrey9kin
    You can do DR cluster if you got Vault Enterprise or point in time recovery if using DynamoDB as a backend...
    So such script would be useful for people runnung on prem
    but usually people wiht infra on prem has money to spend and they might already have Vault Enterprise
    but if they don’t then it might be legit case for them
    Mattias Hemmingsson
    @mattiashem
    Cool i have a tool that convert values.yaml from helm to a json and then upload it to vault as a init state :-)
    Everyone has the same problem and solve it..
    Jacob Lärfors
    @jlarfors
    And all the solutions are quite different 😅welcome to “DevOps” 😆
    Andrey Devyatkin
    @Andrey9kin
    how often would you recreate vault secrets?
    Mattias Hemmingsson
    @mattiashem
    Its check if there are any secrets and if not its add them as a base. Then super simple for devs to edit a secret ...
    If they are to add s new its hars to get it correct ...
    Julien Bisconti
    @veggiemonk
    What do you think of this meshing of networking on k8s with wireguard ? https://www.youtube.com/watch?v=iPz_DAOOCKA
    project kilo: https://github.com/squat/kilo
    I was thinking of doing something like tailscale at home... Or have a VPN proxy server that can handle 1000Mbits/sec
    Andrey Devyatkin
    @Andrey9kin
    i think problems
    you define the problem and then start to think solutions
    Julien Bisconti
    @veggiemonk
    This is old but gold: https://www.youtube.com/watch?v=D7LgjSOWCxg. IPTables Tips and Tricks: More Than Just ACCEPT or DROP
    why GCP lost to Azure^
    Julien Bisconti
    @veggiemonk
    Awesome!
    Andrey Devyatkin
    @Andrey9kin
    Chrome extrension to hide all i-passed-certification posts by Anton https://github.com/antonbabenko/you-have-passed-the-certification
    Jacob Lärfors
    @jlarfors
    Haha, nice of Anton to make such a useful plugin :)
    Google's cloud services lost $14.6bn over three years – and CEO Sundar Pichai likes that trajectory