Forwarded from Mops DevOps
Six critical blindspots while securing Argo CD
🔹 Use a dedicated project for the control plane
🔹 Argo resources are for Argo admins only
🔹 Delete the “default” project
🔹 Block ClusterRoleBindings in (most) projects
🔹 Narrow roles on remote clusters
🔹 Have a CVE response plan ready
👉 https://bit.ly/3bTjh4V
#argocd #security
🔹 Use a dedicated project for the control plane
🔹 Argo resources are for Argo admins only
🔹 Delete the “default” project
🔹 Block ClusterRoleBindings in (most) projects
🔹 Narrow roles on remote clusters
🔹 Have a CVE response plan ready
👉 https://bit.ly/3bTjh4V
#argocd #security
Forwarded from Sysadmin Tools 🇺🇦
Videos from Monitorama PDX 2022
https://vimeo.com/channels/1798229
#monitoring #monitorama #ovservability
https://vimeo.com/channels/1798229
#monitoring #monitorama #ovservability
Forwarded from /usr/bin
Пара статей про настройки безопасности Docker
Вы узнаете как:
- настроить nologin shell
- отключить возможность повышения привилегий
- отключить сетевую доступность между контейнерами
- ограничение использования ресурсов
и многое другое.
👉 Advanced Docker Security
👉 Advanced Docker Security Part II
Вы узнаете как:
- настроить nologin shell
- отключить возможность повышения привилегий
- отключить сетевую доступность между контейнерами
- ограничение использования ресурсов
и многое другое.
👉 Advanced Docker Security
👉 Advanced Docker Security Part II
Forwarded from /usr/bin
Unix Commands, Pipes, and Processes
How to combine Unix commands with pipes and manage running programs. Читать дальше.
How to combine Unix commands with pipes and manage running programs. Читать дальше.
Forwarded from Полезняшки от "Разбора Полетов"
How Terrabook works
https://terrabook.io/
https://terrabook.io/
Forwarded from DevOps&SRE Library
Unpacking Observability: The Path to OpenTelemetry
https://storiesfromtheherd.com/unpacking-observability-the-path-to-opentelemetry-399f40fd8c4
https://storiesfromtheherd.com/unpacking-observability-the-path-to-opentelemetry-399f40fd8c4
Forwarded from Мониторим ИТ
How to find traces in Tempo with Elasticsearch and Grafana
Grafana Tempo, the recently announced distributed tracing backend, relies on integrations with other data sources for trace discovery. Tempo’s job is to store massive amounts of traces, place them in object storage, and retrieve them by ID. Logs and other data sources allow users to quickly and more powerfully jump directly to traces than ever before. Читать дальше.
Grafana Tempo, the recently announced distributed tracing backend, relies on integrations with other data sources for trace discovery. Tempo’s job is to store massive amounts of traces, place them in object storage, and retrieve them by ID. Logs and other data sources allow users to quickly and more powerfully jump directly to traces than ever before. Читать дальше.
Grafana Labs
How to find traces in Tempo with Elasticsearch and Grafana | Grafana Labs
Here's how to use Elasticsearch for trace discovery in Tempo, a fantastic new tool for mass trace ingestion.
Forwarded from DevOps&SRE Library
Forwarded from DevOps&SRE Library
Howie: The Post-Incident Guide
The guide you’re about to read will provide you with an explanation of how to get the most out of your incidents. This process has been developed by a number of leading experts in the field and shows the steps to conduct an in-depth investigation.https://www.jeli.io/howie-the-post-incident-guide
Forwarded from DevOps&SRE Library
Safe schema updates - Strangling the monolith
https://octopus.com/blog/safe-schema-updates-8-strangling-the-monolith
https://octopus.com/blog/safe-schema-updates-8-strangling-the-monolith
Forwarded from DevOps&SRE Library
Guide to Using Terraform in CI/CD
How to configure, how to run, and what to mind for when using Terraform in CI/CDhttps://serhii.vasylenko.info/2021/11/24/guide-to-using-terraform-in-ci/cd
Forwarded from DevOps&SRE Library
SLICK: Adopting SLOs for improved reliability
https://engineering.fb.com/2021/12/13/production-engineering/slick
https://engineering.fb.com/2021/12/13/production-engineering/slick
Forwarded from DevOps&SRE Library
Uptime Kuma — Open Source Uptime Monitoring
https://ashishsecdev.medium.com/uptime-kuma-open-source-monitoring-tool-460ef5b7a64c
https://ashishsecdev.medium.com/uptime-kuma-open-source-monitoring-tool-460ef5b7a64c
Forwarded from DevOps&SRE Library
End-to-End Prometheus Alerting Example with Replicated
https://www.replicated.com/blog/end-to-end-prometheus-alerting-example-with-replicated
https://www.replicated.com/blog/end-to-end-prometheus-alerting-example-with-replicated
Forwarded from DevOps&SRE Library
How we handle 80TB and 5M page views a month for under $400
https://blog.polyhaven.com/how-we-handle-80tb-and-5m-page-views-a-month-for-under-400
https://blog.polyhaven.com/how-we-handle-80tb-and-5m-page-views-a-month-for-under-400
Forwarded from DevOps&SRE Library
Kubernetes Vault Integration via Sidecar Agent Injector vs. CSI Provider
A detailed comparison of two HashiCorp-supported methods for HashiCorp Vault and Kubernetes integration.https://www.hashicorp.com/blog/kubernetes-vault-integration-via-sidecar-agent-injector-vs-csi-provider
Forwarded from DevOps&SRE Library
Terraform Best Practices
This document is an attempt to systematically describe best practices using Terraform and provide recommendations for the most frequent problems Terraform users experience.https://www.terraform-best-practices.com