We are continuing our security marathon with some news about very popular NGINX Ingress for Kubernetes.
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes.
Exploiting these vulnerabilities can lead to unauthorized access to cluster secrets as well as remote code execution inside the ingress pod.
This vulnerability is fixed in Ingress NGINX Controller version 1.12.1 and 1.11.5, but if you cannot upgrade right now for whatever reason, Wiz has other recommendations on how to mitigate this.
P.S. Many thanks to the chat for sharing this story!
#security #kubernetes #nginx
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes.
Exploiting these vulnerabilities can lead to unauthorized access to cluster secrets as well as remote code execution inside the ingress pod.
This vulnerability is fixed in Ingress NGINX Controller version 1.12.1 and 1.11.5, but if you cannot upgrade right now for whatever reason, Wiz has other recommendations on how to mitigate this.
P.S. Many thanks to the chat for sharing this story!
#security #kubernetes #nginx
wiz.io
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.
❤8🔥3👍2😁1
A new issue of the CatOps Digest is here:
https://newsletter.catops.dev/p/catops-digest-2025-03-30
#digest #newsletter
https://newsletter.catops.dev/p/catops-digest-2025-03-30
#digest #newsletter
newsletter.catops.dev
CatOps Digest 2025-03-30
What was on CatOps in the last several weeks
❤4
For today's Donations Monday we have a fundraiser from Dzyga's Paw that they do together with 7 different units. My friend's brother serves in one of those units.
https://send.monobank.ua/jar/7CRy1e16Qk
Here's the description from Dzyga's Paw themselves.
Dzyga’s Paw Fund, in partnership with seven units, is launching a $300,000 fundraiser to provide them with 90 night drones — essential for precision and safety in night operations.
Donate now to support project Triad: https://dzygaspaw.com/triad-night-drones
We are bringing together two powerful forces: our international supporters and Ukrainians backing their brigades. No matter what they say, Ukraine is not tired. Our defenders fight on, and we stand with them. And our friends from all over the world are eager to help us with this mission.
Join our ambassador team to help reach this ambitious goal faster — start a smaller fundraiser! Write to us in DM, and we will provide you with all the information, visuals, and donation chart.
This war has lasted nearly 11 years, and the last three have been the most brutal. Against all odds, Ukraine continues to resist. It is our duty to ensure our defenders have the tools they need to win!
#donations #Ukraine
https://send.monobank.ua/jar/7CRy1e16Qk
Here's the description from Dzyga's Paw themselves.
Dzyga’s Paw Fund, in partnership with seven units, is launching a $300,000 fundraiser to provide them with 90 night drones — essential for precision and safety in night operations.
Donate now to support project Triad: https://dzygaspaw.com/triad-night-drones
We are bringing together two powerful forces: our international supporters and Ukrainians backing their brigades. No matter what they say, Ukraine is not tired. Our defenders fight on, and we stand with them. And our friends from all over the world are eager to help us with this mission.
Join our ambassador team to help reach this ambitious goal faster — start a smaller fundraiser! Write to us in DM, and we will provide you with all the information, visuals, and donation chart.
This war has lasted nearly 11 years, and the last three have been the most brutal. Against all odds, Ukraine continues to resist. It is our duty to ensure our defenders have the tools they need to win!
#donations #Ukraine
Lurking Variables is a story about contributing factors. Specifically, those factors that people do not take into account right away, or better said, are not instinctively taken into account.
Anyway, this is a good read about a very real problem of confirmation bias when handling incidents.
#sre #incidents
Anyway, this is a good read about a very real problem of confirmation bias when handling incidents.
#sre #incidents
read.thecoder.cafe
Lurking Variables: How Hidden Factors Can Mislead Your Analysis
Proactively segmenting data per influencing factors can help discover lurking variables before they lead to misinterpretations.
❤2
“5 Whys” is a fairly popular framework for searching for a contributing factors of an incident.
However, this framework has its own limitations. Here is an article that presents these limitations in a concise way.
#sre
However, this framework has its own limitations. Here is an article that presents these limitations in a concise way.
#sre
Uptime Labs
Beyond "5 Whys": A Better Way to Learn from Incidents - Uptime Labs
Disclaimers Before We Begin
Nothing I mention here is my original work. I’ve read, studied, and borrowed from experts in the field of safety. The only thing that is original is my own personal experience.
I’ve practiced and advocated for “5 Whys” for many…
Nothing I mention here is my original work. I’ve read, studied, and borrowed from experts in the field of safety. The only thing that is original is my own personal experience.
I’ve practiced and advocated for “5 Whys” for many…
❤1
Helm docs is a neat tool for generating documentation based on your
I recall, I wanted to write something similar back in a day, but I got bitten in the ass by YAML parsing 🙃
#kubernetes #helm
values.yaml file.I recall, I wanted to write something similar back in a day, but I got bitten in the ass by YAML parsing 🙃
#kubernetes #helm
GitHub
GitHub - norwoodj/helm-docs: A tool for automatically generating markdown documentation for helm charts
A tool for automatically generating markdown documentation for helm charts - norwoodj/helm-docs
👍6❤2😁2
Depending on your seniority and title, working with diagrams may take a big chunk of your day-to-day work.
Here's a collection of diagram creation tools, so you could pick something that suits your needs. Some of these
projects are quite famous - others not so much. I personally found some
interesting things there. It's not guaranteed that I will use them, but
still.
Also, speaking of diagrams, I can recommend this talk
from FOSDEM 2023. It's not a super-entertaining one, but it has some
good suggestions on how to draw your diagrams. The talk itself if
wrapped into Kubernetes, but those suggestions are universal.
#diagrams
Here's a collection of diagram creation tools, so you could pick something that suits your needs. Some of these
projects are quite famous - others not so much. I personally found some
interesting things there. It's not guaranteed that I will use them, but
still.
Also, speaking of diagrams, I can recommend this talk
from FOSDEM 2023. It's not a super-entertaining one, but it has some
good suggestions on how to draw your diagrams. The talk itself if
wrapped into Kubernetes, but those suggestions are universal.
#diagrams
Generativeprogrammer
Architecture Diagramming Tools, and the AI Gap
Turning Words Into Architecture — Where’s the AI Tool for That?
👍11
Saturday afternoon is the ideal time to listen to 3 hours of a discussion about AI in the new episode of our CatOps Voice Chat (in Ukrainian).
There are a lot of useful links in the description as well, so check it out!
You can find the new episode on:
- YouTube
- Substack
- Spotify
- Apple Podcasts
- RSS Feed
Hope you enjoy it!
#voice_chat #говорилка #ai
There are a lot of useful links in the description as well, so check it out!
You can find the new episode on:
- YouTube
- Substack
- Spotify
- Apple Podcasts
- RSS Feed
Hope you enjoy it!
#voice_chat #говорилка #ai
YouTube
Говорилка CatOps: AI
Всі розмови зараз про AI, от і ми обговорили цю тему. Вийшло аж 3 години.
Матеріали, що згадуються у випуску:
- https://cline.bot/
- https://replit.com/
- https://github.com/Aider-AI/aider
- https://github.com/joshuavial/aider.nvim
- https://github.com/exo…
Матеріали, що згадуються у випуску:
- https://cline.bot/
- https://replit.com/
- https://github.com/Aider-AI/aider
- https://github.com/joshuavial/aider.nvim
- https://github.com/exo…
🔥9
For today's Donations Monday I’d like to remind you about a fundraiser from Dzyga's Paw that they do together with 7 different units.
https://send.monobank.ua/jar/7CRy1e16Qk
Here's the description from Dzyga's Paw themselves.
Dzyga’s Paw Fund, in partnership with seven units, is launching a $300,000 fundraiser to provide them with 90 night drones — essential for precision and safety in night operations.
Donate now to support project Triad: https://dzygaspaw.com/triad-night-drones
We are bringing together two powerful forces: our international supporters and Ukrainians backing their brigades. No matter what they say, Ukraine is not tired. Our defenders fight on, and we stand with them. And our friends from all over the world are eager to help us with this mission.
Join our ambassador team to help reach this ambitious goal faster — start a smaller fundraiser! Write to us in DM, and we will provide you with all the information, visuals, and donation chart.
This war has lasted nearly 11 years, and the last three have been the most brutal. Against all odds, Ukraine continues to resist. It is our duty to ensure our defenders have the tools they need to win!
#donations #Ukraine
https://send.monobank.ua/jar/7CRy1e16Qk
Here's the description from Dzyga's Paw themselves.
Dzyga’s Paw Fund, in partnership with seven units, is launching a $300,000 fundraiser to provide them with 90 night drones — essential for precision and safety in night operations.
Donate now to support project Triad: https://dzygaspaw.com/triad-night-drones
We are bringing together two powerful forces: our international supporters and Ukrainians backing their brigades. No matter what they say, Ukraine is not tired. Our defenders fight on, and we stand with them. And our friends from all over the world are eager to help us with this mission.
Join our ambassador team to help reach this ambitious goal faster — start a smaller fundraiser! Write to us in DM, and we will provide you with all the information, visuals, and donation chart.
This war has lasted nearly 11 years, and the last three have been the most brutal. Against all odds, Ukraine continues to resist. It is our duty to ensure our defenders have the tools they need to win!
#donations #Ukraine
👍7
According to DOU, Python is the most popular programming language among the DevOps-related specialists who understand Ukrainian.
Pydantic is a popular library for configuration validation, including the configuration that comes from the environment. However, it can break the unit tests, if the required environment variables are not present.
However, you can create a fixture for your Pydantic configuration that patches the environment, so your tests are isolated. Here's an article that describes, how to do that.
#python #programming
Pydantic is a popular library for configuration validation, including the configuration that comes from the environment. However, it can break the unit tests, if the required environment variables are not present.
However, you can create a fixture for your Pydantic configuration that patches the environment, so your tests are isolated. Here's an article that describes, how to do that.
#python #programming
👍6
Firefly has release a State of IaC 2025 report. As usual, you can obtain it in exchange for your personal data 🙃
#iac #terraform
#iac #terraform
www.firefly.ai
Firefly | The Agentic Cloud Automation Platform
Firefly enables DevOps and Platform teams to codify, govern, and recover their cloud with AI-native automation built for scale, compliance, and resilience.
😁6
Recently, Git celebrated its 20th anniversary, and the pre-commit framework marked 11 years.
Interestingly, despite their longevity, these technologies are still not being used to their full potential — especially when it comes to leveraging git hooks.
To shed some light on this, I gave a talk about them (in Ukrainian): https://youtu.be/mqzyVg5WOMM
This is a natural continuation of my previous talk on the same topic, which I gave back in 2018 :)
Covered (and skipped) topics and link to the older talk in video description. Enjoy!
#git
Interestingly, despite their longevity, these technologies are still not being used to their full potential — especially when it comes to leveraging git hooks.
To shed some light on this, I gave a talk about them (in Ukrainian): https://youtu.be/mqzyVg5WOMM
This is a natural continuation of my previous talk on the same topic, which I gave back in 2018 :)
Covered (and skipped) topics and link to the older talk in video description. Enjoy!
#git
YouTube
Genesis DevOps Community | Pre-commit git хуки
Спікер: Максим Власов, DevOps/Platform Engineer в Star.
Слайди - https://tinyurl.com/gen-pre-commit
Про що доповідь:
- Поговоримо про те як економити свій час на рутинних перевірках (ака fail fast) і навчити цьому свою команду
- Як зафорсити правила навіть…
Слайди - https://tinyurl.com/gen-pre-commit
Про що доповідь:
- Поговоримо про те як економити свій час на рутинних перевірках (ака fail fast) і навчити цьому свою команду
- Як зафорсити правила навіть…
🔥15
For today's Donations Monday, I'd like to remind you about the UA Responders charity foundations who specialize in tactical medicine.
I know these folks personally, so I feel absolutely confident recommending them to you!
I know these folks personally, so I feel absolutely confident recommending them to you!
👍1
Debezium is a popular open source tool to implement the CDC (change data capture) pattern for various data sources.
This article provides some highlights of how it works for PostgreSQL as well as it covers some practical implications of working with Debezium like figuring out LSNs, failing over to a replica, and so on.
#databases
This article provides some highlights of how it works for PostgreSQL as well as it covers some practical implications of working with Debezium like figuring out LSNs, failing over to a replica, and so on.
#databases
Medium
Practical Notes in Change Data Capture with Debezium and Postgres
In this article, we will talk about some practical considerations when building a Change Data Capture (CDC) pipeline with Postgres and…
👍5
A very nice video by Confluent that introduces Apache Iceberg:
https://youtu.be/TsmhRZElPvM?si=JA5hcWCT1iOEKEkt
#data
https://youtu.be/TsmhRZElPvM?si=JA5hcWCT1iOEKEkt
#data
YouTube
Apache Iceberg: What It Is and Why Everyone’s Talking About It.
More Info: https://cnfl.io/4i2M17x | You’ve probably heard about Apache Iceberg™—after all, it’s been getting a lot of buzz. But what actually is it? And why are so many people excited about using it with streaming data?
In this lightboard, Tim Berglund…
In this lightboard, Tim Berglund…
👍6
As you may know, there was a KubeCon Europe recently in London.
I didn’t go there, but here a member of our community shares his thoughts about the conference on LinkedIn.
Also, if you understand Ukrainian and prefer the video format, you can also check out the video from Den Vasyliev as well.
#event #kubernetes
I didn’t go there, but here a member of our community shares his thoughts about the conference on LinkedIn.
Also, if you understand Ukrainian and prefer the video format, you can also check out the video from Den Vasyliev as well.
#event #kubernetes
❤10
You may have noticed a train of released AI stuff here and there. In recent times, everyone started rushing towards AI agents to vendor-lock you to their solutions even more.
And do you know why they are able to do it so relatively easily?
https://ampcode.com/how-to-build-an-agent
P.S. 400 lines of Go code. If you remove all
#ai
And do you know why they are able to do it so relatively easily?
https://ampcode.com/how-to-build-an-agent
P.S. 400 lines of Go code. If you remove all
if err != nil by using something like Python, it will be half or even fewer lines. Yep#ai
Ampcode
How to Build an Agent
Building a fully functional, code-editing agent in less than 400 lines.
🔥5
For today’s Donations Monday, I’d like to share with y’all a new fundraiser from Dzyga’s Paw - Save the Crabs 🦀
They are raising $110,000 to protect 15 Self-propelled artillery systems Krab with 15 Anti-Drone Systems.
#donations #Ukraine
They are raising $110,000 to protect 15 Self-propelled artillery systems Krab with 15 Anti-Drone Systems.
#donations #Ukraine
Long post due issue of the CatOps digest is here!
https://newsletter.catops.dev/p/catops-digest-2025-04-27
#digest #newsletter
https://newsletter.catops.dev/p/catops-digest-2025-04-27
#digest #newsletter
newsletter.catops.dev
CatOps Digest 2025-04-27
What was on CatOps...
Let's help Hospitallers rebuild their base to continue the work of one of the most outstanding volunteer medical battalions
https://send.monobank.ua/jar/2QrD4xoAsb
Other ways to support Hospitallers:
- https://www.hospitallers.life/needs-hospitallers
- https://www.hospitallers.org.uk/ways-to-help
#donations #Ukraine
https://send.monobank.ua/jar/2QrD4xoAsb
Other ways to support Hospitallers:
- https://www.hospitallers.life/needs-hospitallers
- https://www.hospitallers.org.uk/ways-to-help
#donations #Ukraine
❤6