Top 15 Kubectl plugins for security engineers

We have grouped in [this article the list of Kubectl plugins](https://sysdig.com/blog/top-15-kubectl-plugins-for-security-engineers/) that we strongly feel will be very useful for anyone, especially security engineers.


* Stern plugin
* RBAC-tool
* Cilium Plugin
* Kube Policy Advisor
* Kubectl-ssm-secret
* Kubelogin
* Kubectl-whisper-secret
* Kubectl-capture
* Kubectl-trace
* Access-matrix
* Rolesum
* Cert-manager
* np-viewer
* ksniff
* Inspektor-Gadget

Any that you miss?

https://redd.it/114me28
@r_devops

Advice on requesting to move back to previous role?

Hi All -

Curious if anyone has been in a similar position. I recently (6 months ago) moved to a new team internally to my company, but it's just *ok*. I thought this would've been a good move career wise, but I feel like my old role is still a better fit for me.

Is it in bad faith to reach back out to my old manager? They were quite upset that I had left the team, and really wanted me to stay. This is all internal in the same region if that matters.

Thanks!

https://redd.it/114x1yy
@r_devops

Comparing deployment pipelines using templating with GitOps

Greetings.

I have a setup with templated value files for Helm charts, prior to install/upgrade. That way the configuration repository just needs global yaml value files used for any project with any structure of their values.

Using it for shared annotations, labels, tolerations etc.

I'm wondering if anyone has experience or suggestions for to go about that in context of GitOps with pull mode like Argo CD.

Would you keep templates and push rendered files to git, or are there options available that remove need for templating without too much duplication?

https://redd.it/114icda
@r_devops

Industry standard on Terraform drifts

TLDR: What is the industry standard on detecting and handling drifts in terraform source code? What are the advantages and disadvantages of having VMs adhere to source code?

https://redd.it/1150fgp
@r_devops

Alerting. Prometheus Alertmanager vs Grafana Alerts

When setting up alerting for your infrastructure, do you find it better to use Alertmanager or the native alerting in grafana?

https://redd.it/1152z00
@r_devops

tearraform

Where to keep up with lates formating of terra form like for aws ? what is the best tool to write terra form. It seems lots of git projects have dated examples.

https://redd.it/11559ul
@r_devops

Streamline Cloud Governance with Cloud Custodian

# Looking to take control of your cloud environment? Check out our latest blog post on unlocking the power of cloud governance with Cloud Custodian. Learn how this open-source tool can help you address security, compliance, and cost optimization in your cloud environment.

https://medium.com/@arshad.zameer/unlocking-the-power-of-cloud-governance-with-cloud-custodian-why-you-need-it-b09eb831396b

https://redd.it/115634g
@r_devops

Real Shell scripts - to learn?

Where can I find shell scripts of real projects for learning purposes, I've been upgrading myself with shell scripting and I want to see others scripts for better understanding.

https://redd.it/1156wiw
@r_devops

Alternative to virtual-box on M1 macs for chef

Hi DevOps experts, I am wondering what would be an alternative to VirtualBox that can be used with Chef to run `kitchen verify` commands?

https://redd.it/115a1kh
@r_devops

Secretless Broker — Thoughts?

Ran into this GitHub repo for a secretless broker but seems like it didn't really catch on: https://github.com/cyberark/secretless-broker#using-secretless-broker-with-conjur-open-source

Idea seems to be for an application to proxy requests through a "secrets broker" with access to secrets from a vault that can then make a response to a resource like database and return the response back to the application.

This way, the application itself never has access to the secrets.

https://redd.it/115b3ui
@r_devops

Building Better CI/CD Pipelines

Wrote down some thoughts on pipelines, talking about


* When to run pipelines
* Caching
* Docker in Docker


[https://www.infrastructureposts.com/p/e5-building-better-cicd-pipelines](https://www.infrastructureposts.com/p/e5-building-better-cicd-pipelines)

https://redd.it/115c5az
@r_devops

Hikaru 0.16.0b released

Hikaru 0.16.0b adds support for Kubernetes 24.x, 25.x, and 26.x, along with their associated Python clients.

Hikaru provides a variety of tooling to work with Kubernetes configs in Python, YAML, or JSON, allowing you to move smoothly between each of these representations, and can also use the Python representation to directly interact with Kubernetes. Hikaru helps you migrate from YAML, easily create watches, detect changes in configuration, and more. You can find out more Hikaru here at the PyPI page:

https://pypi.org/project/hikaru/

...at the Github repo:

https://github.com/haxsaw/hikaru

...or read the full doc at ReadTheDocs:

https://hikaru.readthedocs.io/en/latest/index.html

https://redd.it/115d4k2
@r_devops

Is it a good idea to just use all the tools from one vendor or mix and match?

So I really like the Hashicorp stuff and to me it seems to make a lot of sense that if I’m using some of their stuff and I want to do something else that they have tools for to use that. For example, I’m using packer to create images. It seems to make sense to use terraform over cloud formation if there is only slight benefits of cloudformation over terraform (not sure if there are)

Is there a benefit when looking for other DevOps that they’re all hashicorp or was or whatever vendor? Or is it better to mix and match?

https://redd.it/115cv22
@r_devops

Free, selfhosted CI/CD with artifact storage

I am planning to use Concourse CI to build my application. After building, I need somewhere to put it, so I can get a download link.

For GitHub, it's just a matter of uploading the artifact and it's done and ready. GitLab is the same. And guess what? You can host GitLab! Except you can't mirror GitHub to GitLab (Pull) without paying 20 USD/month...


Can someone guide me through this? I feel like I have looked everywhere and nothing suits my needs.

https://redd.it/115eszc
@r_devops

Devops learning path.

I am currently working in configuration management in an organization where my primary job is on Jenkins and Linux(I also have an internal Linux certification). Im currently learning GCP from basics as I had joined as a fresher and this is the first project. Also have some basic knowledge of Java and Shell scripting, Strong basic programming logic and SQL knowledge as well. We work as a sub-team to a separate devops team. I want to understand how I should approach to switch to a complete Devops role in the near future.

https://redd.it/115gx5e
@r_devops

Devops crash course options

Morning everyone,

I recently made a big career change after a long time in functionally "generalist" roles into the DevOps world. The position was taken with an understanding that this is new to me and with some time to acclimate. Primarily my understanding is this role will largely be in planning and procedure and less so in the implementation side.

There's a fairly signifcant opprotunity available in a project that will be "opening up" in 3-4 months, but taking it on will require me ramping up my timeline and doing a signifcant amount of independent learning on my part if I want to be remotely ready for the responsibility. My current competancy is largely in the Windows and and "light enterprise" world and the end game here will require a signifcant deep dive into what's going to be a mostly RHEL/OpenShift world. While I have some basic understanding of Linux and containers it's all limited home use and I'm treating myself as a total "rookie" for sake of training needs.

Long story short, there's a lot of courses out there and I'm looking for some advice in paring down the options a bit. If you found yourself stuck with some wide eyed dummy on your team and needed them to be semi-functional in a few months, any courses/cours providers out there you'd recommend? I won't be on an island where I'm going to need to know -everything- but realistially for me to be an actual functional member of this team I'll need to up my game signifcantly.

Cost is not unimportant but less so than quality and I'm willing to invest in paying for something that will be worth it. Anything with labs and hands on function is a major plus. I don't require any official certifications or whatnot, this is purely for my own want to improve and not necessarily a systemic barrier for employment at this time.

Appreciate any feedback, thank you!

https://redd.it/115grrf
@r_devops

Making software user-extendable (letting users add their own features inside popular SAAS tools)

This is an article about embedding a code-editor into user-facing SAAS so features can be created on-the-fly by users:
https://sellsitself.substack.com/p/making-software-user-extendable

https://redd.it/115jq3r
@r_devops

Chef template vs file?

I am still a little confused about the difference between the template resource and file resource in chef. Do they both essentially just copy a file over to the node, and if so, what are the main differences between the two?

https://redd.it/115lkjf
@r_devops

How do you organize your IaC with shared infrastructure and app infrastructure?

What are some of your practices for how IaC is organized and who is responsible for it? For example, shared/base infrastructure and infrastructure that is specific to an app. Is your app infrastructure in the same pipeline as the app or is it updated separately? Do devs have ownership over certain aspects of their application infrastructure or is that a separate team?

https://redd.it/115lxut
@r_devops

Is there any major benefit to having dev/stage deployments of Artifactory?

We're currently looking to self-host Artifactory in our AWS cloud using the AWS Partners solution: https://aws.amazon.com/solutions/partners/jfrog-artifactory-amazon-ec2/

JFrog is highly encouraging us to buy licenses for dev & stage in addition to prod deployments, and for high availability, this means 3 nodes per env, 9 licenses total...

I'm very curious how beneficial dev/stage deployments of Artifactory actually are? I definitely feel like I'm being upsold, but no one in my company has significant administration experience w/ Artifactory to know exactly how important these envs are? Opinions welcome :)

https://redd.it/115jg8w
@r_devops

What is the math behind networking?

I'm not a networking professional, but for no reason whatsoever, half of the reddit communities I try and ask (like Networking) won't let me post and instantaneously say I'm violating their rules even though it's physically impossible for anyone to have read them in the time it said I violated anything, so sorry that this doesn't directly relate to this community.

I know very little about queueing systems for operations research and network communications, but I have some experience in math the concepts, linear algebra, abstract algebra, calculus, statistics, etc which seems relevant to networking and building simulations.

Can anyone bridge the gap and explain some basic elements of how queuing systems relate to math, like calculus and linear algebra and how one might apply those mathematical areas to the study of optimal queueing systems and probability in networking?

https://redd.it/115wwds
@r_devops