Fun in the workplace

 Wed, 29 Jul 2020 18:40:27 +0200 

Kubernetes Managed Container Plattform

 Mon, 06 Apr 2020 18:47:54 +0200 
Ziemlich interessantes Angebot. Leider nur B2B und nicht für mein privates Hosting-Dilemma.

#^Kubernetes - Managed Container Plattform | NETWAYS Web Services
Maßgeschneiderte Container Plattform basierend auf Kubernetes. Bei Bedarf administriert durch MyEngineer. Bezahlung nach Nutzung und in wenigen Minuten bereit.



 Fri, 31 Jan 2020 17:16:34 +0100 
Recently saw in a certificate under Subject Alternative Name a spiffe:// URI. o_O

#^SPIFFE – Secure Production Identity Framework for Everyone

Secure Production Identity Framework for Everyone Inspired by the production infrastructure of Google and others, SPIFFE is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous environments.

What is SPIFFE?
SPIFFE, the Secure Production Identity Framework For Everyone, provides a secure identity, in the form of a specially crafted X.509 certificate, to every workload in a modern production environment. SPIFFE removes the need for application-level authentication and complex network-level ACL configuration.


Jenkinsfile in GitLab CI

 Tue, 07 Jan 2020 17:57:48 +0100 

#^Running Jenkins Files inside GitLab CI
Learn how to lift and shift your Jenkins jobs over to GitLab CI while you migrate.

First, I want to set some ground rules for this. For starters, this process is not meant for long term use. There are many downsides to this - Such as it only runs in one GitLab Stage and isn’t asyncronous. However this process can be used to run your Jenkins builds in GitLab CI, While you’re migrating your Jenkinsfile to GitLab CI Syntax. Make no mistake - This doesn’t solve your migration woes, But it does allow you to run your Jenkinsfile inside GitLab for the time being. It’s a stop-gap measure.

Zero Trusted Networks

 Wed, 11 Dec 2019 18:29:03 +0100 
Interesting talk from #OSMC about micro-perimeter, least privileges, zero trust architectures, etc.

#^OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen Kressin
by NETWAYS on YouTube

Kata Containers

 Fri, 20 Sep 2019 12:43:57 +0200 
#^Kata Containers isolieren Workloads von Docker und Kubernetes - Aus Linux-Magazin 12/2018
Kata Containers versuchen die Leichtgewichtigkeit von Containern mit der strengen Isolation echter Server zu kombinieren. Dafür muss sich der Docker-User nicht einmal an neue Kommandos gewöhnen.

Zentrales Logging mit dem Elastic Stack

 Fri, 23 Aug 2019 17:25:13 +0200 last edited: Fri, 23 Aug 2019 18:16:09 +0200  

#^Zentrales Logging mit dem Elastic Stack
on media.ccc.de

Dezentrales Logging wird mit der steigenden Zahl von zu überwachenden Prozessen immer aufwändiger. Deshalb gibt es seit mehreren Jahren Tools welche das Zentrale Logging unterstützen. In diesem Vortrag soll der Elastic Stack als ein solches Tool vorgestellt werden.

In der Welt der Microservices ist die Anzahl der Logs-produzierenden Prozesse sehr groß und liegt durchaus im Bereich von 100-1000 Prozessen. Eine manuelle Log-Verarbeitung ist hier so gut wie undenkbar. Doch auch monolithische Services laufen oftmals dezentral und das Analysieren der Produktions-Logs ist dann häufig auch mit viel Aufwand verbunden. Mithilfe eines zentralen Loggins lässt sich eine viel bessere Übersicht über den Gesamtzustand eines Systems gewinnen, da nicht jedes Log einzeln untersucht werden muss, sondern die Logs aggregiert und somit auch leicht automatisiert ausgewertet werden können. Der Elastic-Stack bietet die Möglichkeit, große Mengen an Logs zu speichern und zu durchsuchen. Das Ökosystem um den ELK-Stack unterstützt Entwickler, DevOps usw. dabei, die Logs schnell und einfach aufzubereiten, damit diese gut analysierbar sind. In diesem Vortrag werden die Vor- und Nachteile des zentralen Loggins dargelegt und gezeigt, wie sich der Elastic Stack in Umgebungen einbinden lässt.

#ELK #FrOSCon14 #FrOSCon2019

No Excuse

 Fri, 21 Jun 2019 14:42:53 +0200 
#^SQL is No Excuse to Avoid DevOps - ACM Queue
A friend recently said to me, "We can't do DevOps, we use a SQL database." I nearly fell off my chair. Such a statement is wrong on many levels.
"But you don't understand our situation!" he rebuffed. "DevOps means we'll be deploying new releases of our software more frequently! We can barely handle deployments now and we only do it a few times a year!"
I asked him about his current deployment process.

die deutsche Arbeitskultur

 Fri, 15 Mar 2019 00:15:06 +0100 
#^Verträgt sich DevOps mit der deutschen Arbeitskultur? | heise Developer
DevOps-Prinzipien und die deutsche Arbeitskultur sind nicht leicht zu vereinbaren. Aber es lohnt sich, die Herausforderung anzugehen.

CI/CD tools

 Fri, 11 Jan 2019 17:45:01 +0100 
#^7 CI/CD tools for sysadmins | Opensource.com
An easy guide to the top open source continuous integration, continuous delivery, and continuous deployment tools.

Trunk based development

 Fri, 22 Jun 2018 16:37:23 +0200 
Quite interesting reading this overview

#^Trunk Based Development - Game Changers
Since the early 80’s a number of things have pushed best practices towards Trunk-Based Development, or away from it.

The language in use to describe such things has changed over time. Software Configuration Management (SCM) is used less today than Version Control Systems (VCS) is. A simpler still term - “Source Control” - seems to be used more recently, too.

Similarly, ‘trunk’ and ‘branch’, have not always been used as terms for controlled code lines that have a common ancestor, and are eminently (and repeatably) mergeable.

Safe Containers?

 Fri, 25 May 2018 18:34:03 +0200 
#^Safe Containers » ADMIN Magazine
By Martin Loschwitz
Docker containers are a convenient way to run almost any service, but admins need to be aware of the need to address some important security issues.
Container systems like Docker are a powerful tool for system administrators, but Docker poses some security issues you won't face with a conventional virtual machine (VM) environment. For example, containers have direct access to directories such as /proc, /dev, or /sys, which increases the risk of intrusion. This article offers some tips on how you can enhance the security of your Docker environment.


 Thu, 18 Jan 2018 18:52:14 +0100 
I already had a dockerized Selenium-Grid but it was a good idea to replace it with Selenoid. The state of automation and the video recording feature are really impressive.

Selenoid is a powerful implementation of Selenium hub using Docker containers to launch browsers.

Lightweight and Lightning Fast
Suitable for personal usage and in big clusters:
* Consumes 10 times less memory than Java-based Selenium server under the same load
* Small 7 Mb binary with no external dependencies (no need to install Java)
* Browser consumption API working out of the box
* Ability to send browser logs to centralized log storage (e.g. to the ELK-stack)
* Fully isolated and reproducible environment

#^Scalable Selenium Cluster: Up & Running | Ivan Krutov
by seleniumconf on YouTube

zu leichtfertig mit Zugangsdaten

 Thu, 09 Nov 2017 18:27:55 +0100 
#^Studie: DevOps-Teams gehen häufig leichtfertig mit Zugangsdaten um

In vielen Unternehmen mangelt es den DevOps-Abteilungen an Regeln für den sicheren Umgang mit privilegierten Accounts und Zugangsdaten – vielfach fehlt eine übergreifende Sicherheitsstrategie, wie CyberArks „Advanced Threat Landscape“-Report zeigt.


 Tue, 26 Sep 2017 17:27:08 +0200 
Nice collection of #Jenkins pipeline examples.

pipeline-examples - A collection of examples, tips and tricks and snippets of scripting for the Jenkins Pipeline plugin

Jenkins Shared Libraries

 Fri, 04 Aug 2017 18:53:36 +0200 
Should have used shared libraries much earlier.

#^Jenkins Shared Libraries Workshop
by Julien Pivotto on SlideShare

RDBMS containers

 Fri, 28 Jul 2017 13:04:28 +0200 last edited: Fri, 28 Jul 2017 16:55:45 +0200  
#^RDBMS Containers » ADMIN Magazine
If you spend very much of your time pushing containerized services from server to server, you might be asking yourself: Why not databases, as well? We describe the status quo for RDBMS containers.


 Fri, 07 Jul 2017 23:17:18 +0200 
There will be beta-exams for the new LPIC-OT at FrOSCon in August. Looking at the objectives for this new exam it contains a lot of what I have done recently.

#^DevOps Tools Engineer
DevOps is one of the most in-demand skills in open source today.  In order to meet this need with verified skills LPI, an established authority in Linux Administration, is developing the DevOps Tools Engineer certification.  These additional certified competencies strengthen the portfolio of today’s IT professionals.

As more and more companies introduce DevOps methodologies to their workflows; skills in using tools which support the collaboration model of DevOps become increasingly important. LPIC-OT DevOps Tools Engineers will be able to efficiently implement a workflow and to optimize their daily administration and development tasks.

This certification will be released in autumn 2017 and will test proficiency in the most relevant free and open source tools used to implement the DevOps collaboration model, like for example configuration automation or container virtualization.

The new certification is created according to LPI‘s community-based certification development process. This process relies heavily on involvement by the IT community.

DW: eine oder einen Senior DevOps Engineer (Development und Operations Engineer)

 Bonn, GermanyTue, 27 Jun 2017 01:23:11 +0200 
Das hört sich doch sehr interessant an, aber was soll dieser Mist mit "auf Basis eines befristeten Honorarrahmenvertrages"?

#^eine oder einen Senior DevOps Engineer (Development und Operations Engineer) - Job bei Deutsche Welle in Bonn
Aktuelles Stellenangebot als eine oder einen Senior DevOps Engineer (Development und Operations Engineer) in Bonn bei der Firma Deutsche Welle

Die Abteilung Applikations- und Systembetrieb betreibt die IT-Infrastruktur der Deutschen Welle am Standort Bonn und eine Vielzahl von unternehmensrelevanten Anwendungen im Audio-, Video- und Online-Umfeld. Der Bereich „Betrieb Onlinesysteme“ betreut in einer modernen, innovativen IT-Landschaft hochverfügbare Webanwendungen zur IP-basierten Distribution des DW-Programms. Es handelt sich überwiegend um Web-Content-Managementsysteme auf Java EE- und PHP-Basis. Sie arbeiten in einem sehr motivierten und aufgeschlossenen Team.
 DevOps  Bonn

Deep Dive into Capabilities

 Sun, 25 Jun 2017 22:57:10 +0200 
Secure Your Containers with this One Weird Trick
Did you know there is an option to drop Linux capabilities in Docker? Using the docker run --cap-drop option, you can lock down root in a container so that it has limited access within the container. Sadly, almost no one ever tightens the security on a container or anywhere else.