Erik Osterman (Cloud Posse) on LinkedIn: Upgrade Argo CD to Fix Security Issue. Argo CD has released a critical… (2024)

This content isn’t available here

Access this content and more in the LinkedIn app

Join us to talk shop! 🙌 Get your #DevOps questions answered. SweetOps "office hours" are held via #Zoom - every Wednesday at 11:30 am PST (GMT-8). Register here →

AWS EKS Now Supports Auto Scaling CoreDNS. It’s not CoreDNSThere’s no way it’s CoreDNSIt was CoreDNSIt's surprising this feature took so long. It doesn't matter what kind of node redundancy you have, when CoreDNS is the single pod of failure. Anyways, Amazon EKS now offers native autoscaling for CoreDNS Pods. The managed autoscaling capability, available with the CoreDNS EKS add-on, makes setup and operation simpler. It's compatible with CoreDNS v1.9 and EKS 1.25+.The old single CoreDNS pod deployments were fragile, especially when coupled with dynamic cluster scaling using Karpenter, CoreDNS pods bouncing around added to the instability. This update is a big step forward for robust DNS resolution in EKS.https://lnkd.in/gZrAynWP

73

9 Comments

Amber Lang is like the “Typescript” for Bash. Ever thought Bash needed type safety and runtime guarantees? Amber aims to provide just that, along with features like compile-time error checking and "proper" error handling. One of Bash's most attractive features is its portability, and Amber enhances this by making it easier to write type-safe, portable Bash scripts. Unlike most similar implementations, which are often DSLs within Bash, Amber actually transpiles code to Bash, combining safety features with the familiar Bash environment. This approach helps you write more robust Bash scripts without sacrificing portability. However, for more complex programs, users might still prefer a fully-featured scripting language, like Python.https://amber-lang.com/

39

7 Comments

Competition is Good: HashiCorp Dusts off State Encryption Proposal. Well well... it seems like a little competition in the market is a good thing! Not long after OpenTofu released state encryption, it looks like Hashicorp is (finally) revisiting state encryption. While there have been many proposals to encrypt the state file at rest, the Terraform team is now exploring a different approach. The new proposal introduces the concept of "ephemeral values" in the Terraform language. These values would exist only in memory during a single phase (like plan or apply), never persisted to disk. This could enable new features like ephemeral input variables, ephemeral resources to represent temporary objects, and write-only resource attributes for secrets. Some argue that if you have access to the deployment environment, you could presumably access secrets anyway, making state encryption a moot point. However, security is always defense in depth, and having multiple layers of protection makes attacks more cumbersome.https://lnkd.in/gtAC2J2a

57

1 Comment

Linear, a badass alternative to Jira, uses paid work trials as the final step in their interview process. In a tech industry rife with debate over take-home assignments, this method stands out. Candidates work on real projects for 2-5 days using Linear's tools and resources, allowing the company to assess skills, judgment, and adaptability to their culture. The trial includes a kick-off meeting, check-ins, and a final presentation. Post-trial, the project team provides feedback, and the hiring manager decides on extending an offer. Though this process may not scale indefinitely, it has helped Linear achieve a 96% retention rate over four years. As an employer, I think it makes sense.https://lnkd.in/gJF9eVwH

10

Import Helm Charts to OCI registries, optionally with vulnerability patching. If you depend on a lot of Helm Charts, managing them can be a nightmare—they're distributed in many ways, some lack registries, and they can disappear at any time. Plus, charts have extensive control over your cluster and need to be scanned before use. Not everyone knows this, but Helm supports OCI as a registry for charts. Enter Helmper, a new open-source tool in beta. Helmper reads Helm Charts from remote OCI registries, scans them for vulnerabilities, and pushes the chart's container images to user-specified registries. It uses Trivy for scanning, Copacetic (Buildkitd) for patching, and Cosign for signing, automating the detection of enabled container images, staying current with new releases, and enabling rapid patching and signing of images. This ensures your critical dependencies are secure and always available, reducing supply chain risks and maintaining control over your deployment environment.https://lnkd.in/g4429Heh

46

6 Comments

A CLI that writes your git commit messages for you with AI. Let's face it: writing commit messages sucks. AI Commits tackles this by using the OpenAI API to automatically generate commit messages based on your code changes. It runs git diff, sends the changes to OpenAI for analysis, and returns a commit message, integrating seamlessly with your Git workflow. With customizable settings and support for multiple message recommendations and Conventional Commits, it lets developers focus on coding. Of course, you have to be cool with sending your code to OpenAI, and your employer might be less enthused.https://lnkd.in/gpX7fSsE

29

6 Comments

HashiCorp Turns to Reddit for Feedback. While I'm of course miffed at HashiCorp for all the obvious reasons, I do think this is cool: HashiCorp employees have solicited Reddit for feedback on Terraform 1.9 alpha, such as validation blocks and junit-xml test report compatibility. That said, one of the comments is hilarious (suggesting the release add a GPL license) and has four times the upvotes of the post itself.https://lnkd.in/gqf8RGQG

57

6 Comments