DevOps / SRE - Top Links Last Week
Week 7 - Issue #66
Week 7 - Issue #66
How to optimize the security, size and build speed of Docker images
This article introduces 12 tips to optimize your Docker image security. Each tip explains the underlying attack vector and one or more mitigation approaches. Recommendations include avoiding leaking of build secrets, running as a non-root user, or how to use the most recent dependencies and updates. Multi-stage builds (official docs) have many different use cases, e.g., speeding up your image build or reducing the image size. The problem originates from the fact that Docker images are built layer by layer in a purely additive way.
On Demand CI/CD with Serverless Tekton
The reason behind Fargate is the ease of server-less managing our CI/CD pipelines without managing the infrastructure for it. I'llI'll share my experience of getting a Serverless infrastructure for Tekton up and running quickly via Terraform in this post. The following steps are to create a Terraform profile for running Tekton, Tekton Dashboard, and Tekton Triggers in the
tekton-pipelines namespace. Then, declare a security group with Ingress rules for each subnet CIDR to restrict the VPC running EKS.
Joel Spolsky on Structuring the Web with the Block Protocol
Block Protocol is a proposed specification to combine data displayed on the Web with its structure and type. It aims to make it easier to create and share data across platforms and make that value more readily available to abstract and use in various ways. The Block Protocol has expressed interest in working with WordPress, which provides the content management system that powers a vast swath of the Web. The Block Protocol already works with the Project Gutenberg editor, used by WordPress, Notion, and other web editing tools.
The Triumph and Tragedy of .env Files
Environment.env files were a good idea in theory but created more problems than solved. The security risks and impact on developer productivity are only fully realized. Environment variables are supported in every operating system and every programming language. A simple format (restricted to be valid Linux shell syntax) enabled.env (dotenv) file parsing libraries to be created for every primary programming language such as Python dotenv and Node dotenv.
How to Make the Most of Kubernetes Environment Variables
In traditional systems, environment variables play an essential role but are not always crucial. Some applications make more use of environment variables than others. However, when it comes to Kubernetes, environment variables are more important than you think. When developing microservices to provide configuration to your Docker containers as environment variables whenever possible, it's generally good practice. This way, you can make your Docker image more generic and possibly reuse the same image for different purposes. The most straightforward option is to specify environment variables directly in your deployment.