This project is the starting point for the Security Profiles Operator (SPO), an out-of-tree Kubernetes enhancement which aims to make it easier for users to use SELinux, seccomp and AppArmor in Kubernetes clusters.

The kube-secrets-init is a Kubernetes mutating admission webhook, that mutates any K8s Pod that is using specially prefixed environment variables, directly or from Kubernetes as Secret or ConfigMap.

Validate code quality with a Terraform plan using JSON and Pytest

Convert Kubernetes YAML to Pulumi programs in Go, TypeScript, Python, C# and Java. Improve your Kubernetes development experience by taking advantage of strong types, compilation errors, full IDE support for features like autocomplete. Declare and manage the infrastructure in any cloud in the same program that manages your Kubernetes resources.

RDS Logs Optimizer module is a solution that significantly reduces the cost of storing RDS database logs in AWS.

Instead of CloudWatch, the module provides an alternative in a Lambda serverless function that sources database logs from an RDS DB instance (facilitated with MariaDB Audit Plugin - suitable for MariaDB or MySQL only) and puts them into a designed S3 bucket, sorting them on a yearly, monthly, daily, and even hourly rate. Lambda is triggered 4 times an hour (every 15 minutes), lambda run timestamps being saved in a DynamoDB table so as to make sure that only the latest logs are sourced and no logs are lost in the process. Finally, the sorted logs can be easily queried using Athena.

As a result, thanks to the RDS Logs Optimizer module, the overall costs of sourcing, keeping, and querying RDS DB instance audit logs can be decreased approximately tenfold.

A Private Terraform Registry

Inquery is a utility for Postgres that triggers webhooks when rows are inserted, updated, or deleted. It uses database triggers that send low-latency websocket messages to a Go application. This application then calls the configured webhook(s) with a JSON payload that includes specified values from the database row.

A tool that will navigate through all terraform directories (stacks) to run terraform plan to detect the current drift between the committed code and applied infrastructure.

A simple xDS server, distributing Kubernetes service endpoints to clients.

It is designed for gRPC.

copa is a CLI tool written in Go and based on buildkit that can be used to directly patch container images given the vulnerability scanning results from popular tools like Trivy.

Retool’s cloud-hosted product is backed by a single beefy 4 TB Postgres database running in Microsoft’s Azure cloud. Last fall, we migrated this database from Postgres version 9.6 to version 13 with minimal downtime.

How did we do it? To be frank, it wasn’t a completely straight path from point A to point B. In this post, we’ll tell the story and share tips to help you with a similar upgrade.