Kevin Gimbel – DevOps, Photography, Games

Tag: DevOps

  • What we should learn from the xz backdoor

    by

    Kevin
    in

    You may have heard that a vulnerability was found in the xz tool and liblzma library on Friday, 29th of March 2024 which specifically targeted sshd being managed by systemd on Debian and RedHat Linux systems. What happened The catastrophic scope of the attack At first the backdoor seems very odd. xz is a compression…

  • I don’t like Python

    by

    Kevin
    in ,

    … and there’s a reason: Dependency Management. Coming from languages like Node, Go, and Rust I am used to decent dependency management (although Go was really bad at it for the first years, and has become decent only recently with the addition of go mod.). Python, in my opinion, lacks a good and well-defined Package…

  • RE: Hacking Terraform State for Privilege Escalation

    by

    Kevin
    in

    An interesting attack vector which uses empty terraform providers and a modified state file to execute code! There’s lots to be excited about as a red teamer and scared of as a blue teamer, but at the top of the list is that the attack does not require a “terraform apply”. Even if the human reviewing…

  • TIL: Why there is /bin and /usr/bin, /lib and /usr/lib, etc on Unix systems

    by

    Kevin
    in , ,

    If you’ve ever navigated around a Unix system you may have wondered why there are /bin and usr/bin directories or /lib and /usr/lib or /sbin and /usr/sbin – or like me, you just took it for something that probably has any meaning but isn’t relevant enough to look into. Well, today it became relevant: When…

  • RE: The OpenTofu fork is now available!

    by

    Kevin
    in ,

    A few weeks ago HashiCorp decided to switch the terraform license model from an open source license to the Business Source License (BSL) model, so there’s now a community driven terraform fork called OpenTofu.

  • TIL: scale down a Kubernetes DaemonSet

    by

    Kevin
    in ,

    A DaemonSet is supposed to run on all or some Kubernetes nodes, so scaling it down is surprisingly easy: Set a nodeSelector to some label which doesn’t exist, and the DaemonSet is scaled to 0. This will patch (-p) the DaemonSet and add a nodeSelector ( spec.template.spec.nodeSelector) which makes the DaemonSet run on all nodes…

  • TIL: Run a script on every k8s Node using a DaemonSet

    by

    Kevin
    in ,

    I’ve known that DaemonSets are used to run containers on all Nodes of a Kubernetes Cluster (or some), but I’ve never thought of using them to run a (shell) script on each node – a not-so-uncommon task when maintaining clusters! We need two resources: A ConfigMap and a DaemonSet.

  • TIL: multiple git-identities on one machine

    by

    Kevin
    in

    Turns out you can have multiple Git identities alongside each other on one Machine without needing to set them locally for each repository! It still involves multiple .gitconfig files, but it’s a lot less work than configuring an endless amount of repos! First, set the global config like this: Now in ~/AOE/.gitconfig I configure the…

  • Publishing and building a static website on GitHub Pages

    by

    Kevin
    in ,

    A week ago or so I finally launched a small website I’ve been working on for quite some time: kevin.gimbel.dev/ops – it’s a colourful static website showing some of the technologies I’ve worked with in the past years since I began doing DevOps full time. The website is built with 11ty and published with GitHub…

  • How to extend and reuse configs in Gitlab CI

    by

    Kevin
    in

    When I began using Gitlab CI the first thing I wanted to know was how to reuse configs. I know that we’ll have changing requirements at work and that we’ll have hundreds of repositories using basically-the-same configurations so I wanted to make sure we’d have a central place to make changes to these. I found…