Tag: devops

CI’s Gone Wild: Totally Tenacious Test Tuning

So one of the upstream projects I am working on has added some new tests. Should be a good thing, right? Suddenly, out of nowhere, we start getting ‘terminated 137’ on CI stages. The obscure unix math is… substract 128

Tagged with: , , , , ,

Laughably Loquacious Logging

So you are pretty proud of yourself. You have a full micro-services running in Kubernetes with a service mesh (courtesy of Istio). You have configured your liveness probes to once per second. You are using an EFK stack (Elasticsearch /

Tagged with: , , , , ,

The agony and the ecstasy of the read-only

So earlier today I counselled to run your container filesystem read-only. Its higher security (something can’t weasel in as easily) You want to be able to dynamically dispose and restart containers somewhere else, how can you do this if they

Tagged with: , , , ,

Have you set your security context recently?

You’d be shocked at how few people copy these few lines into their YAML in Kubernetes. Highly recommend you do this. Why? Well, lets walk through them. runAsNonRoot: self explanatory. Why would you want root permission inside this container? What

Tagged with: , , , ,

PSA: launcher.gcr.io is not being maintained

So you might have cut and paste some code from somewhere, maybe an ‘from launcher.gcr.io/debian9’ kind of thing. That’s a good upstream, right? They are maintaining it with a strong CI? When suddenly you read Hmm. Double whammy. You have

Tagged with: , , , ,