Category: DevOps
-
RE: Get ready for OpenTofu 1.7.0-beta1
OpenTofu, the terraform fork which remains truly Open Source, just announced the 1.7.0-beta1 release which brings the following new enhancements: Especially state encryption is a feature I’m excited about. At the moment I do not use any terraform for my private projects so it’s hard to try OpenTofu in the wild, but me and my…
-
Oh no my gpg key expired (like every year)
Who doesn’t love encryption and security? I like to sign my git commits, and for this I need PGP keys. They are cool when they work and you don’t need to think about them, but every now and then they need to be renewed (unless you use never expiring keys which of course you shouldn’t!).…
-
What we should learn from the xz backdoor
You may have heard that a vulnerability was found in the xz tool and liblzma library on Friday, 29th of March 2024 which specifically targeted sshd being managed by systemd on Debian and RedHat Linux systems. What happened The catastrophic scope of the attack At first the backdoor seems very odd. xz is a compression…
-
I don’t like Python
… and there’s a reason: Dependency Management. Coming from languages like Node, Go, and Rust I am used to decent dependency management (although Go was really bad at it for the first years, and has become decent only recently with the addition of go mod.). Python, in my opinion, lacks a good and well-defined Package…
-
TIL: k9s plugins
k9s is a powerful Kubernetes terminal UI. Recently, I discovered how to add plugins, to make it even more powerful and integrate with other tools and systems!
-
TIL: Why there is /bin and /usr/bin, /lib and /usr/lib, etc on Unix systems
If you’ve ever navigated around a Unix system you may have wondered why there are /bin and usr/bin directories or /lib and /usr/lib or /sbin and /usr/sbin – or like me, you just took it for something that probably has any meaning but isn’t relevant enough to look into. Well, today it became relevant: When…
-
RE: The OpenTofu fork is now available!
A few weeks ago HashiCorp decided to switch the terraform license model from an open source license to the Business Source License (BSL) model, so there’s now a community driven terraform fork called OpenTofu.
-
TIL: scale down a Kubernetes DaemonSet
A DaemonSet is supposed to run on all or some Kubernetes nodes, so scaling it down is surprisingly easy: Set a nodeSelector to some label which doesn’t exist, and the DaemonSet is scaled to 0. This will patch (-p) the DaemonSet and add a nodeSelector ( spec.template.spec.nodeSelector) which makes the DaemonSet run on all nodes…
-
TIL: Run a script on every k8s Node using a DaemonSet
I’ve known that DaemonSets are used to run containers on all Nodes of a Kubernetes Cluster (or some), but I’ve never thought of using them to run a (shell) script on each node – a not-so-uncommon task when maintaining clusters! We need two resources: A ConfigMap and a DaemonSet.