CatOps

2021-07-14 15:57:50 There is a saying that there are only two ways to learn something: to build it or to fix it.

Sam Lewis have built his own mesh VPN solution to learn better how those mesh VPNs work. And also because he could.

He put it all into a blog post. So, you can find some insights about mesh VPNs there. Probably, you won't even need to build your own.

In any case, this is not a tool you should get into production right away. Just an interesting read. No more, no less.

#networking #security #vpn Открыть/Комментировать

2021-07-13 12:25:35 Stargz Snapshotter is a non-core containerd project which allows you to lazy load container images and speed up start up time.

It works with stargz (seekable tar.gz) image format. Also, it has a converter that optimizes images for better loading (since you will need to communicate with a remote fs)

You can read more about stargz format in the buildkit documentation

#containers Открыть/Комментировать

2021-07-08 10:00:55 Kinda longread about optimizations of JS code in the environments, where JIT compilation is not available e.g. iOS, gaming consoles, serverless environments, etc.

The main idea is to run JS inside WebAssembly instance.

Wizer pre-initializer is used as an example here.

Even though, information from here might be not very useful for the people, who run JS in a "traditional" way I.e. in a browser. However, I personally think this is an interesting read for those who build JS-powered serverless services as well as those who deploy JS code to portable devices.

Also, it's important to mark that such an approach could be used for other run other runtimes like Python, Ruby, or Lua.

#programming Открыть/Комментировать

2021-07-05 10:24:54 A blog post by AWS about how to create a LIFO (last in first out) queue using DynamoDB and Lambda

AWS SQS provides FIFO (first in first out) queues out of the box. However, LIFO queues could be useful in throughput constrained environments like IoT, for example.

This article shows how to create a LIFO queue and an example worker using DynamoDB, Lambda, and SAM framework to deploy all these things.

#aws Открыть/Комментировать

2021-07-01 12:46:19 A post of irony :)

We have created an internal toolset to manage the lifecycle of Kubernetes clusters in my company. It allows us to create clusters, upgrade them, destroy, as well as manage some plugins like CNI, Ingress, and other core plugins as we call them.

Just yesterday, I had a thought that this could be one's business model - create an OSS-core tool to manage ready-to-use clusters and then sell support, or some enhancement plugins, or some additional functionality like automagical cluster upgrades.

And also yesterday, Flant has released the source code for their Deckhouse project! This is a project aimed to manage cluster lifecycle, and it was used in Flant internally for quite some time already.

Also, it looks like they're going to build the business around this tool as well. At least they have a website dedicated to it, but unfortunately not much info there. Unfortunately, I haven't found any blogposts or press releases about this tool in English. However, I did find a few reports on the Internet that people tried it out, and it works. At least, it creates a cluster.

I personally would say that this is too early to tell what the future of this tool would look like, but I like the general idea. I personally think that Kubernetes goes the same way Linux kernel went earlier: there is an OSS core and then there are tons of distributions managed by different companies. With RedHat being the first to jump on this train, of course.

So, brace yourself! More distro wars to come!


#kubernetes Открыть/Комментировать

2021-06-28 13:09:37 Speaking of Infrastructure as Software from the previous post

Kris Nova has created naml - a framework to replace Kubernetes YAML with Go.

Obviously, this project is in a very early stage. However, the industry is clearly moving in the direction of IaS with products like Pulumi, various CDKs, and this one.

So, it's a good time to start learning software engineering practices, if you haven't already.

#kubernetes #ias Открыть/Комментировать

2021-06-26 14:41:11 If you work with Open Policy Agent, you probably want to test the policies you write.

Lucky there is an ability to write test suites for Rego.

However, these tests suits are not always very obvious as well as Rego policies themselves. Here is an article by Dustin Specker on how to write tests for your policies. This article helped a lot me personally. And I hope it will be helpful for you too.

#opa #kubernetes #testing Открыть/Комментировать

2021-06-23 16:53:48 In addition to our last post.

An article on what happens if you push secrets into a public repository with some advices on how to mitigate that risk.

This article was sent to me by one of our subscribers. Big thanks for it! If you want to share interesting stuff as well, you can either send it to our chat or admins directly.

#security Открыть/Комментировать

2021-06-22 12:25:53 An experiment ran by Corey Quinn: what would happen once you pushed your AWS keys to a public repository.

He summarized it in a Twitter thread

tl;dr: AWS contacted him about leaked credentials and refused to close the case before he rotated the keys even though these keys had no permissions.

Also, there's an interesting reply from a person who is working in GitHub. GitHub have a monitoring for leaked credentials. However, they notify AWS directly rather than a customer in such occasions. The reason for that is a lot of false-positives at the time such monitoring was just introduced. So, they decided not to bother their customers in vain.

P.S. Last time I had to scan a repository for leaked credentials, I used TruffelHog tool it searches not only for AWS secrets, but actually for any high-entropy strings. Also, it works quite well even for large repositories.

#security #aws #github #toolz Открыть/Комментировать

2021-06-18 11:39:35 A few announcements from AWS, which I personally find interesting. Ofc, there are usually tons of AWS announcements.

1. AWS KMS multi-Region keys. So, now you can define global KMS keys and that's awesome! Previously, it was always cumbersome to create a cross-regional backup for encrypted data. Looking forward to trying it!

2. AWS Step Functions Workflow Studio. Now you can design a state machine in a visual editor.

3. AWS Proton became generally available. Proton is a tool or rather a toolchain that helps you to build a custom PaaS for your internal product teams on top of AWS.

And one more thing. Short manual on how to stop and RDS on schedule with a Lambda function. Could be interesting for those, who are willing to save some money in their non-production environments.

#aws Открыть/Комментировать