Write tests against structured configuration data using the Open Policy Agent Rego query language
https://github.com/open-policy-agent/conftest
https://github.com/open-policy-agent/conftest
GitHub
GitHub - open-policy-agent/conftest: Write tests against structured configuration data using the Open Policy Agent Rego query language
Write tests against structured configuration data using the Open Policy Agent Rego query language - open-policy-agent/conftest
π4
In the fast-paced world of Kubernetes and container orchestration, monitoring and metrics play a pivotal role in ensuring the health, efficiency, and reliability of applications. The article provides an insightful exploration into the criticality of pod metrics within the Kubernetes ecosystem
https://komodor.com/blog/harnessing-the-power-of-metrics-four-essential-use-cases-for-pod-metrics/
https://komodor.com/blog/harnessing-the-power-of-metrics-four-essential-use-cases-for-pod-metrics/
Komodor
Harnessing the Power of Metrics: Four Essential Use Cases for Pod Metrics
In this article, we will explore four essential use cases for pod metrics and their significance in driving operational excellence.
π5
The introduction of Kubernetes Gateway API v1.0 marks a significant milestone, promising to enhance how developers and cluster operators manage and expose their services. The article dives deep into the nuances of this new API version, comparing it with the traditional Ingress controllers and highlighting its potential to redefine traffic routing within Kubernetes clusters. F
https://dev.to/apisix/kubernetes-gateway-api-v10-should-you-switch-45c0
https://dev.to/apisix/kubernetes-gateway-api-v10-should-you-switch-45c0
DEV Community
Kubernetes Gateway API v1.0: Should You Switch?
It has been over a month since the Kubernetes Gateway API made its v1.0 release, signifying...
π4
Blog post addresses a critical aspect of container securityβthe ReadOnlyRootFilesystem flag. This insightful article elucidates the concept of making the root filesystem of a container read-only to prevent unauthorized modifications, which can be a common vector for security breaches.
https://alexandre-vazquez.com/readonlyrootfilesystem/
https://alexandre-vazquez.com/readonlyrootfilesystem/
Alexandre Vazquez
Enhancing Container Security: The Vital Role Of ReadOnlyRootFilesystem
Enhance container security with ReadOnlyRootFilesystem, a potent tool safeguarding your applications. Understand how ReadOnlyRootFilesystem limits write access to containers, bolstering their integrity amidst software development's dynamic landscape. Exploreβ¦
π7
This article explores the underutilized Postgres feature of HOT (Heap Only Tuple) updates and the strategic use of fill factor to enhance database performance. It delves into how HOT updates allow for modifications within the same table page, bypassing index updates and reducing system load.
https://www.crunchydata.com/blog/postgres-performance-boost-hot-updates-and-fill-factor
https://www.crunchydata.com/blog/postgres-performance-boost-hot-updates-and-fill-factor
Crunchy Data
Postgres Performance Boost: HOT Updates and Fill Factor | Crunchy Data Blog
Elizabeth reviews HOT updates, what they are, how they work, and how you can put them to use for a performance improvement.
π5
A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines).
https://github.com/bank-vaults/bank-vaults
https://github.com/bank-vaults/bank-vaults
GitHub
GitHub - bank-vaults/bank-vaults: A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secretβ¦
A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines). - bank-vaults/bank-vaults
π5
Hyperscale OpenShift - clusters with hosted control planes
https://github.com/openshift/hypershift
https://github.com/openshift/hypershift
GitHub
GitHub - openshift/hypershift: Hyperscale OpenShift - clusters with hosted control planes
Hyperscale OpenShift - clusters with hosted control planes - openshift/hypershift
π3
In this article, the author delves into a critical vulnerability discovered in Argo CD, a popular continuous delivery tool for Kubernetes. The vulnerability poses significant security risks, potentially allowing unauthorized access and manipulation of deployment configurations. Their detailed analysis explains the nature of the vulnerability, its potential impact, and recommended mitigation strategies to secure your Argo CD implementations.
https://cycode.com/blog/revealing-argo-cd-critical-vulnerability/
https://cycode.com/blog/revealing-argo-cd-critical-vulnerability/
Cycode
Redis or Not - Revealing a Critical Vulnerability in Argo CD Kubernetes Controller - Cycode
Cycode Researchers have uncovered a new vulnerability, CVE-2024-31989, with a critical score of 9.1. The vulnerability affects Kubernetes clusters equipped with Argo CD
π±6π₯3π’2
Good guide for k8s side containers
https://komodor.com/learn/kubernetes-sidecar-containers-practical-guide-with-examples/
https://komodor.com/learn/kubernetes-sidecar-containers-practical-guide-with-examples/
Komodor
Kubernetes Sidecar Containers: Practical Guide with Examples
A Kubernetes sidecar is a design pattern that allows developers to extend or enhance the main container in a pod.
π6
In this article, I show you two examples of how to convert a sample Microsoft Azure-based Terraform template to AWS using Amazon Bedrock, a fully managed service for building generative AI applications on AWS.
https://aws.amazon.com/blogs/infrastructure-and-automation/save-time-converting-terraform-templates-to-aws-using-amazon-bedrock
https://aws.amazon.com/blogs/infrastructure-and-automation/save-time-converting-terraform-templates-to-aws-using-amazon-bedrock
Amazon
Save time converting Terraform templates to AWS using Amazon Bedrock | Amazon Web Services
Learn how to use Amazon Bedrock to convert your non-AWS Terraform templates to the AWS Cloud in just a few steps, giving you back valuable time for more impactful, higher-value tasks in your organization.
π4
Interesting idea - Images as code
https://www.chainguard.dev/unchained/images-as-code-the-pursuit-of-declarative-image-builds
https://www.chainguard.dev/unchained/images-as-code-the-pursuit-of-declarative-image-builds
www.chainguard.dev
Images as Code: The pursuit of declarative image builds
Chainguard's CTO Matt Moore describes the process of creating a declarative container image build for Chainguard Images.
π5
Optimize Docker images in the right way
https://bhupesh.me/publishing-my-first-ever-dockerfile-optimization-ugit/
https://bhupesh.me/publishing-my-first-ever-dockerfile-optimization-ugit/
Bhupesh Varshney
How I reduced the size of my very first published docker image by 40% - A lesson in dockerizing shell scripts
My learnings from publishing my first ever Dockerfile for ugit (a shell script based tool to undo git command) and writing the most optimized dockerfile for it.
π6β€βπ₯3β€3
Artificial Intelligence Infrastructure-as-Code Generator.
https://github.com/gofireflyio/aiac
https://github.com/gofireflyio/aiac
GitHub
GitHub - gofireflyio/aiac: Artificial Intelligence Infrastructure-as-Code Generator.
Artificial Intelligence Infrastructure-as-Code Generator. - gofireflyio/aiac
π5π₯3π2
Test and compare different service mesh
https://dev.to/pragmagic/testing-service-mesh-performance-in-multi-cluster-scenario-istio-vs-kuma-vs-nsm-4agj
https://dev.to/pragmagic/testing-service-mesh-performance-in-multi-cluster-scenario-istio-vs-kuma-vs-nsm-4agj
DEV Community
Testing Service Mesh Performance in Multi-Cluster Scenario: Istio vs Kuma vs NSM
Introduction This article may be useful for those who are aware of service meshes and...
π3