## Terraform AWS Cloud Control integrated.
https://www.infoq.com/news/2024/06/hashicorp-aws-cloud-control/
AWS Cloud Control Terraform Provider Enables Quicker Access to AWS Features
Jun 03, 2024 2 min read
HashiCorp has moved the AWS Cloud Control (AWSCC) provider to general availability. The AWSCC provider is automatically generated based on the Cloud Control API published by AWS implying that new AWS features can be supported in Terraform upon their release. Originally released in 2021 as a tech preview, the move to version 1.0 includes several new features including sample configurations and improved schema-level documentation.
AWSCC is built on top of the AWS Cloud Control API. The Cloud Control API provides CRUDL (create, read, update, delete, and list) operations to use with AWS cloud resources. Any resource type published to the CloudFormation Public Registry has a standard JSON schema that can be used with this API.
As part of this release, there are now over 270 resources with sample configurations. For example, awscc_ec2_key_pair allows for specifying a key pair to use with an EC2 instance. An existing key pair can be specified in the PublicKeyMaterial property; omitting that property will generate a new key pair.
resource "awscc_ec2_key_pair" "example" {
key_name = "example"
public_key_material = ""
tags = [{
key = "Modified By"
value = "AWSCC"
}]
}
In addition, more than 75 resources now have improved attribute-level documentation. The resources have detailed descriptions of how to use the attributes within the resource-accepted values. This includes context about the attribute, how it's used, and the expected values for each attribute.
The AWSCC is not meant as a replacement for the standard AWS provider. As noted by Aurora Chun, Product Marketing Manager at HashiCorp, "using the AWSCC and AWS providers together equips developers with a large catalog of resources across established and new AWS services." The providers can be used in conjunction to provision resources:
# Use the AWS provider to provision an S3 bucket
resource "aws_s3_bucket" "example" {
bucket_prefix = "example"
}
# Use the AWSCC provider to provision an Amazon Personalize dataset
resource "awscc_personalize_dataset" "interactions" {
...
dataset_import_job = {
data_source = {
data_location = aws_s3_bucket.interactions_import.bucket
}
}
}
The AWSCC provider is generated from the latest CloudFormation schemas and releases weekly with all new services added to the Cloud Control API. There are some resources in the CloudFormation schema that are not compatible with the AWSCC provider. A full list of these can be found on GitHub.
Within Azure, the AzAPI Provider enables similar support for the Azure ARM (Azure Resource Management) REST APIs. While there isn't a Terraform provider available for it, CloudGraph provides a similar API experience to AWS Cloud Control. CloudGraph has support for AWS, Azure, GCP, and Kubernetes.
The Terraform AWS Cloud Control provider is available for download now from the Terraform Registry. The AWSCC provider requires Terraform CLI version 1.0.7 or higher. The source code for the provider is available on GitHub and is licensed under the MPL-2.0 license. Additional information can be found within the provider document and the tutorial.
## Traefik 3.0 Reverse Proxy Rolls Out With Major Enhancements
https://linuxiac.com/traefik-3-0-reverse-proxy/
Traefik 3.0, a cloud-native HTTP reverse proxy and load balancer, brings stable HTTP/3 support, OpenTelemetry & Wasm integration, and more.
Yes, there are easier-to-use solutions in the world of reverse proxies, like Nginx Proxy Manager or Caddy, for example. However, when we talk about an enterprise that is tightly integrated with the needs of DevOps and Kubernetes professionals, Traefik is the name that comes out on top.
Traefik 3.0 also extends its observability features, incorporating OpenTelemetry to provide state-of-the-art tooling for metrics and tracing, supporting a seamless transition from older systems like OpenCensus and OpenTracing.
the new release also brings several Kubernetes-related updates, including support for cross-namespace references in Gateway API and the ability to handle middleware in filters for better traffic management. Other Kubernetes enhancements include the addition of the Gateway status address and the removal of deprecated APIs.
Traefik compares to Envoy.
## DevOps: How Container Networking Works: a Docker Bridge Network From Scratchhttps://labs.iximiuz.com/tutorials/container-networking-from-scratch
## DevOps Git 101
https://www.youtube.com/watch?v=aolI_Rz0ZqYhttps://gitbutler.com/
## /bin/pash parallel shells
Data Parallel Shell scripting
https://github.com/binpash
PaSh aims at the correct and automated parallelization of POSIX shell scripts. Broadly, PaSh includes three components: (1) a compiler that, given as input a POSIX shell script, emits a POSIX shell script that includes explicit data-parallel fragments for which PaSh has deemed such parallelization semantics-preserving, (2) a set of PaSh-related runtime primitives for supporting the execution of the parallel script fragments, available as in the PATH as normal commands, and (3) a crowd-sourced library of annotations characterizing several properties of common Unix/Linux commands relevant to parallelization.
# 1000+ DevOps Bash Scripts (AWS, GCP, Kubernetes, ...) [[{101?]]
* AWS, GCP, Kubernetes, Docker, CI/CD, APIs, SQL, PostgreSQL, MySQL,
Hive, Impala, Kafka, Hadoop, Jenkins, GitHub, GitLab, BitBucket,
Azure DevOps, TeamCity, Spotify, MP3, LDAP, Code/Build Linting, pkg
mgmt for Linux, Mac, Python, Perl, Ruby, NodeJS, Golang, Advanced
dotfiles: .bashrc, .vimrc, .gitconfig, .screenrc, tmux..
* <https://github.com/HariSekhon/DevOps-Bash-tools>
_____________________________________
# spell-checking.sh
cat f1.md f2.md |
tr A-Z a-z |
tr -cs A-Za-z '\n' |
sort |
uniq |
comm -13 dict.txt - > out
cat out | wc -l | sed 's/$/ mispelled words!/'
Ej:
$ ./demo-spell.sh # no parallel
$ $PASH_TOP/pa.sh -w 2 -d 1 --log_file pash.log demo-spell.sh # 2x parallelism
## DevOps Git: merging at scale:
* merge queue at Github to ship hundreds of changes every day
* <https://github.blog/2024-03-06-how-github-uses-merge-queue-to-ship-hundreds-of-changes-every-day/>
## Enhancing Istio Operations with Kong Istio Gateway
* <https://thecloudblog.net/post/enhancing-istio-operations-with-kong-istio-gateway/>
## DevOps Grafana Loki 3.0 Released with Native OpenTelemetry Support
* <https://linuxiac.com/grafana-loki-3-0-released-with-native-opentelemetry-support/>
Grafana Loki 3.0 Released with Native OpenTelemetry Support
OpenTelemetry, a set of tools, APIs, and SDKs used to collect, analyze, and export telemetry data from software applications and services. This improves the log ingestion and querying experience.
## Container Networking [[{containerization.networking.101]]
* <https://jvns.ca/blog/2016/12/22/container-networking/> By Julia Evans
> """ There are a lot of different ways you can network containers
> together, and the documentation on the internet about how it works is
> often pretty bad. I got really confused about all of this, so I'm
> going to try to explain what it all is in laymen's terms. """
> ... *what even is container networking?*
> .. you have two main options for running apps:
> 1. run app in host network namespace. (normal networking)
> "host_ip":"app_port"
> 2. run the program in its own *network namespace*:
> It turns out that this problem of how to connect two programs in
> containers together has a ton of different solutions. [[{doc_has.keypoint}]]
1. "every container gets an IP". (k8s requirement)
```
| "172.16.0.1:8080" // Tomcat continer app 1
| "172.16.0.2:5432" // PostgreSQL container app1
| "172.17.0.1:8080" // Tomcat continer app 2
| ...
| └───────┬───────┘
| any other program in the cluster will target those IP:port
| Instead of single-IP:"many ports" we have "many IPs":"some ports"
```
Q: How to get many IPs in a single host?
- Host IP: 172.9.9.9
- Container private IP: 10.4.4.4
- To route from 10.4.4.4 to 172.9.9.9:
1. Alt1: Configure Linux routing tables
```
| $ sudo ip route add 10.4.4.0/24 via 172.23.1.1 dev eth0
```
2. Alt2: Use AWS VPC Route tables
3. Alt3: Use Azure ...
2. Encapsulating to other networks:
```
| LOCAL NETWORK REMOTE NETWORK
| (encapsulation)
| IP: 10.4.4.4 IP: 172.9.9.9
| TCP stuff (extra wrapper stuff)
| HTTP stuff IP: 10.4.4.4
| TCP stuff
| HTTP stuff
```
2 different ways of doing encapsulation:
1. "ip-in-ip": add extra IP-header on top "current" IP header.
```
| MAC: 11:11:11:11:11:11
| IP: 172.9.9.9
| IP: 10.4.4.4
| TCP stuff
| HTTP stuff
| Ex:
| $ sudo ip tunnel add mytun mode ipip \ <·· Create tunnel "mytun"
| remote 172.9.9.9 local 10.4.4.4 ttl 255
| sudo ifconfig mytun 10.42.1.1
| $ sudo route add -net 10.42.2.0/24 dev mytun <·· set up a route table
| $ sudo route list
```
2. "vxlan": take whole packet (including the MAC address) and wrap
it inside a UDP packet. Ex:
```
| MAC address: 11:11:11:11:11:11
| IP: 172.9.9.9
| UDP port 8472 (the "vxlan port")
| MAC address: ab:cd:ef:12:34:56
| IP: 10.4.4.4
| TCP port 80
| HTTP stuff
```
* Every container networking "thing" runs some kind of daemon program
on every box which is in charge of adding routes to the route table.
for automatic route configuration. Alternatives include [[{doc_has.keypoint}]]
1. Alt1: routes are in etcd cluster, and program talks to the
etcd cluster to figure out which routes to set.
2. Alt2: use BGP protocol to gossip to each other about routes,
and a daemon (BIRD) that listens for BGP messages on
every box.
* Q: How does that packet actually end up getting to your container program?
1. bridge networking
1. Docker/... creates fake (virtual) network interfaces for every
single one of your containers with a given IP address.
2. The fake interfaces are bridges to a real one.
2. Flannel:
- Supports vxlan (encapsulate all packets) and
host-gw (just set route table entries, no encapsulation)
- The daemon that sets the routes gets them *from an etcd cluster*.
3. Calico:
- Supports ip-in-ip encapsulation and
"regular" mode, (just set route table entries, no encaps.)
- The daemon that sets the routes gets them *using BGP messages*
from other hosts. (etcd is not used for distributing routes).
[[containerization.networking.101}]]
## Testcontainers: [[{qa.testing,dev_language.java,qa,PM.TODO]
* <https://www.testcontainers.org/#who-is-using-testcontainers>
* Testcontainers is a Java library that supports JUnit tests,
providing lightweight, throwaway instances of common databases,
Selenium web browsers, or anything else that can run in a Docker
container.
- Testcontainers make the following kinds of tests easier:
- Data access layer integration tests: use a containerized instance
of a MySQL, PostgreSQL or Oracle database to test your data access
layer code for complete compatibility, but without requiring complex
setup on developers' machines and safe in the knowledge that your
tests will always start with a known DB state. Any other database
type that can be containerized can also be used.
- Application integration tests: for running your application in a
short-lived test mode with dependencies, such as databases, message
queues or web servers.
- UI/Acceptance tests: use containerized web browsers, compatible
with Selenium, for conducting automated UI tests. Each test can get a
fresh instance of the browser, with no browser state, plugin
variations or automated browser upgrades to worry about. And you get
a video recording of each test session, or just each session where
tests failed.
- Much more!
Testing Modules
- Databases
JDBC, R2DBC, Cassandra, CockroachDB, Couchbase, Clickhouse,
DB2, Dynalite, InfluxDB, MariaDB, MongoDB, MS SQL Server, MySQL,
Neo4j, Oracle-XE, OrientDB, Postgres, Presto
- Docker Compose Module
- Elasticsearch container
- Kafka Containers
- Localstack Module
- Mockserver Module
- Nginx Module
- Apache Pulsar Module
- RabbitMQ Module
- Solr Container
- Toxiproxy Module
- Hashicorp Vault Module
- Webdriver Containers
Who is using Testcontainers?
- ZeroTurnaround - Testing of the Java Agents, micro-services, Selenium browser automation
- Zipkin - MySQL and Cassandra testing
- Apache Gora - CouchDB testing
- Apache James - LDAP and Cassandra integration testing
- StreamSets - LDAP, MySQL Vault, MongoDB, Redis integration testing
- Playtika - Kafka, Couchbase, MariaDB, Redis, Neo4j, Aerospike, MemSQL
- JetBrains - Testing of the TeamCity plugin for HashiCorp Vault
- Plumbr - Integration testing of data processing pipeline micro-services
- Streamlio - Integration and Chaos Testing of our fast data platform based on Apache Puslar, Apache Bookeeper and Apache Heron.
- Spring Session - Redis, PostgreSQL, MySQL and MariaDB integration testing
- Apache Camel - Testing Camel against native services such as Consul, Etcd and so on
- Infinispan - Testing the Infinispan Server as well as integration tests with databases, LDAP and KeyCloak
- Instana - Testing agents and stream processing backends
- eBay Marketing - Testing for MySQL, Cassandra, Redis, Couchbase, Kafka, etc.
- Skyscanner - Integration testing against HTTP service mocks and various data stores
- Neo4j-OGM - Testing new, reactive client implementations
- Lightbend - Testing Alpakka Kafka and support in Alpakka Kafka Testkit
- Zalando SE - Testing core business services
- Europace AG - Integration testing for databases and micro services
- Micronaut Data - Testing of Micronaut Data JDBC, a database access toolkit
- Vert.x SQL Client - Testing with PostgreSQL, MySQL, MariaDB, SQL Server, etc.
- JHipster - Couchbase and Cassandra integration testing
- wescale - Integration testing against HTTP service mocks and various data stores
- Marquez - PostgreSQL integration testing
- Transferwise - Integration testing for different RDBMS, kafka and micro services
- XWiki - Testing XWiki under all supported configurations
- Apache SkyWalking - End-to-end testing of the Apache SkyWalking,
and plugin tests of its subproject, Apache SkyWalking Python, and of
its eco-system built by the community, like SkyAPM NodeJS Agent
- jOOQ - Integration testing all of jOOQ with a variety of RDBMS
[[}]]
## docker-compose: dev vs pro [[{]
https://stackoverflow.com/questions/60604539/how-to-use-docker-in-the-development-phase-of-a-devops-life-cycle/60780840#60780840
Modify your Compose file for production
[[}]]
## CRIU.org: Container Live Migration : [[{]
<https://criu.org/Main_Page>
CRIU: project to implement checkpoint/restore functionality for Linux.
Checkpoint/Restore In Userspace, or CRIU (pronounced kree-oo, IPA:
/krɪʊ/, Russian: криу), is a Linux software. It can freeze a
running container (or an individual application) and checkpoint its
state to disk. The data saved can be used to restore the application
Used for example to bootstrap JVMs in millisecs (vs secs) [[performance,dev_stack.java]]
</JAVA/java_map.html#?jvm_app_checkpoint>
and run it exactly as it was during the time of the freeze. Using
this functionality, application or container live migration,
snapshots, remote debugging, and many other things are now possible.
[[}]]
## ContainerCoreInterceptor: [[{troubleshooting,PM.TODO]
https://github.com/AmadeusITGroup/ContainerCoreInterceptor
Core_interceptor can be used to handle core dumps in a dockerized environment.
It listens on the local docker daemon socket for events. When it
receives a die event it checks if the dead container produced any
core dump or java heap dump.
[[}]]
# KVM Kata containers:[[{PM.TODO]
<https://katacontainers.io/>
- Security: Runs in a dedicated kernel, providing isolation of
network, I/O and memory and can utilize hardware-enforced isolation
with virtualization VT extensions.
- Compatibility: Supports industry standards including OCI container
format, Kubernetes CRI interface, as well as legacy virtualization
technologies.
- Performance: Delivers consistent performance as standard Linux
containers; increased isolation without the performance tax of
standard virtual machines.
- Simplicity: Eliminates the requirement for nesting containers
inside full blown virtual machines; standard interfaces make it easy
to plug in and get started.
[[}]]
## avoid "sudo" docker [[{containerization.docker]]
$* $ sudo usermod -a -G docker "myUser"*
$ newgrp docker (take new group without re-login)
[[}]]
## https://github.com/dbohdan/structured-text-tools/blob/master/sql-based.md
https://github.com/dbohdan/structured-text-tools#sql-based-tools
## GraphDash: web-based dashboard built on graphs and their metadata. [[{]]
https://github.com/AmadeusITGroup/GraphDash
[[}]]
## Use libguestfs to manage virtual machine disk images [[{]]
https://www.redhat.com/sysadmin/libguestfs-manage-vm
[[}]]
## workflow-cps-global-lib-http-plugin [[{jenkins.jenkinsfile]]
https://github.com/AmadeusITGroup/workflow-cps-global-lib-http-plugin
retrieve shared libraries through a SCM, such as Git.
The goal of this plugin is to provide another way to retrieve
shared libraries via the @Library declaration in a Jenkinsfile.
This is a way to separate to concerns : source code (SCM) and built
artefacts (binaries). Built artefacts are immutable, tagged and often
stored on a different kind of infrastructure. Since pipelines can be
used to make production loads, it makes sense to host the libraries
on a server with a production-level SLA for example. You can also
make sure that your artefact repository is close to your pipelines
and share the same SLA. Having your Jenkins and your artefact
repository close limitsr latency and limits network issues.
[[}]]
## GIT: Part 3: Context from commits [[{]]
https://alexwlchan.net/a-plumbers-guide-to-git/3-context-from-commits/
[[}]]
## https://github.blog/author/dstolee/ [[{git,scalability]]
Git’s database internals V: scalability
This fifth and final part of our blog series exploring Git's
internals shows several strategies for scaling your Git repositories
that match related database sharding techniques.
[[}]]
## 4 lines of code to improve your Ansible play [[{ansible,qa.billion_dollar_mistake]]
With a tiny bit of effort, you can help the next person by not just
mapping the safe path but leaving warnings about the dangers
[[}]]
## https://docs.docker.com/network/bridge/
## Gerrit: Git server with voting mechanism [[{]]
https://docs.google.com/presentation/d/1C73UgQdzZDw0gzpaEqIC6SPujZJhqamyqO1XOHjH-uk/edit#slide=id.g4d6c16487b_1_844
- Submit Type / Submit Strategy:
- FAST_FORWARD_ONLY:
Submit fails if fast-forward is not possible.
- MERGE_IF_NECESSARY:
If fast-forward is not possible, a merge commit is created.
- REBASE_IF_NECESSARY:
If fast-forward is not possible, the current patch set is automatically
rebased (creates a new patch set which is submitted).
- MERGE_ALWAYS:
A merge commit is always created, even if fast-forward is possible.
- REBASE_ALWAYS:
The current patch set is always rebased, even if fast-forward is possible.
For all rebased commits some additional footers will be added (Reviewed-On, Reviewed-By, Tested-By).
- CHERRY_PICK:
The change is cherry-picked. This ignores change dependencies.
For all cherry-picked commits some additional footers will be added
(Reviewed-On, Reviewed-By, Tested-By).
- ALLOW CONTENT MERGES:
whether Gerrit should do a content merge if the same files have been touched
[[}]]
## Building rootless containers for JavaScript front ends [[{containerization.security.101]]
https://developers.redhat.com/blog/2021/03/04/building-rootless-containers-for-javascript-front-ends/?sc_cid=7013a000002vsMVAAY
[[}]]
## Git: What's new 2.31
https://github.blog/2021-03-15-highlights-from-git-2-31/
## https://space.sh, Server apps and automation in a nutshell [[{PM.low_code]]
very, very non-intrusive. If you want to manage servers
remotely Space would SSH into those servers to run your tasks and
never upload anything to the server, nor have any dependencies other
than a POSIX shell (ash/dash/bash 3.4+).
- Used as the base from simplenetes.
[[}]]
## dolt: Git + SQL!!!
https://github.com/tldr-pages/tldr/blob/master/pages/common/dolt-add.md
https://github.com/tldr-pages/tldr/blob/master/pages/common/dolt.md
https://github.com/tldr-pages/tldr/blob/master/pages/common/dolt-blame.md
https://github.com/tldr-pages/tldr/blob/master/pages/common/dolt-branch.md
https://github.com/tldr-pages/tldr/blob/master/pages/common/dolt-checkout.md
https://github.com/tldr-pages/tldr/blob/master/pages/common/dolt-commit.md
- Dolt is a SQL database that you can fork, clone, branch, merge, push
and pull just like a git repository. Connect to Dolt just like any
MySQL database to run queries or update the data using SQL commands.
Use the command line interface to import CSV files, commit your
changes, push them to a remote, or merge your teammate's changes.
## Fetch gitignore boilerplates.
https://github.com/tldr-pages/tldr/blob/master/pages/common/gibo.md
More info: https://github.com/simonwhitaker/gibo.
## https://github.com/tldr-pages/tldr/tree/master/pages/common/git-*.md
git-stage git-am.md git-annex.md git-annotate.md git-annotate
git-apply.md git-apply git-archive.md git-archive git-bisect.md
git-blame.md git-branch.md git-bugreport.md git-bugreport
git-bundle.md git-bundle git-cat-file.md git-check-attr.md
git-check-attr git-check-ignore.md git-check-mailmap.md
git-check-mailmap git-check-ref-format.md git-check-ref-format
git-checkout-index.md git-checkout-index git-checkout.md
git-cherry-pick.md git-cherry-pick git-cherry.md git-cherry
git-clean.md git-clone.md git-clone git-column.md git-column
git-commit-graph.md git-commit-graph git-commit-tree.md git-commit.md
git-commit git-config.md git-count-objects.md git-count-objects
git-credential.md git-credential git-describe.md git-diff.md git-diff
git-difftool.md git-difftool git-fetch.md git-flow.md
git-for-each-repo.md git-for-each-repo git-format-patch.md
git-fsck.md git-gc.md git-grep.md git-grep git-help.md git-ignore.md
git-imerge.md git-init.md git-instaweb.md git-lfs.md git-log.md
git-ls-files.md git-ls-files git-ls-remote.md git-ls-remote
git-ls-tree.md git-maintenance.md git-maintenance git-merge.md
git-merge git-mergetool.md git-mergetool git-mv.md git-notes.md
git-pr.md git-pr git-prune.md git-pull.md git-push.md git-rebase.md
git-reflog.md git-reflog git-remote.md git-remote git-repack.md
git-replace.md git-request-pull.md git-reset.md git-restore.md
git-restore git-rev-list.md git-rev-parse.md git-revert.md git-rm.md
git-send-email.md git-shortlog.md git-show-branch.md git-show-branch
git-show-ref.md git-show-ref git-show.md git-sizer.md git-stage.md
git-stage git-stash.md git-stash git-status.md git-stripspace.md
git-stripspace git-submodule.md git-subtree.md git-svn.md
git-switch.md git-switch git-tag.md git-update-index.md
git-update-index git-update-ref.md git-var.md git-var git-worktree.md
git.md
## Analyze nginx configuration files.
https://github.com/yandex/gixy.
https://github.com/tldr-pages/tldr/blob/master/pages/common/gixy.md
## Render markdown on terminal.
https://github.com/charmbracelet/glow
## Gnomon: pipeline utility to prepend timestamp information from STDOUT. [[{101]]
https://github.com/paypal/gnomon
https://github.com/tldr-pages/tldr/blob/master/pages/common/gnomon.md
Useful for long-running processes where you'd like a historical
record of what's taking so long. [[}]]
## gource: [[{]]
Renders an animated tree diagram of Git, SVN, Mercurial and Bazaar
https://gource.io/
Shows files and directories being created, modified
[[}]]
## Molecule helps testing ansible roles.
https://github.com/tldr-pages/tldr/blob/master/pages/common/molecule.md
More information: https://molecule.readthedocs.io.
## Git-big: cli extension for managing Write Once Read Many (WORM) files. [[{git,scalability]]
https://github.com/vertexai/git-big
$ git big init ← Init repo
$ git big add bigfile.iso ← Add big file, sha256 hash generated&recorded in the index
$ git big status
→ ...
→[ W C ] 993328d6 bigfile.iso
| | └-- Depot KO
| └---- Cache OK
└------ Workding dir OK
$ cat .gitbig
{
"files": { "bigfile.iso": "e99f32a..." },
"version": 1
}
$ ls -l bigfile.iso ← original big file is now a symlink
... bigfile.iso -> .gitbig-anchors/99/33/e99f32a...
└─────────────┬────────────────┘
Final file is read-only
$ git big push ←*Push pending big files to depos*
# We can see the big file has been archived in the depot
$ git big status
→ ...
→ [ W C D ] 993328d6 bigfile.iso
| | └-- Depo (Remote repo) OK
| └---- Cache OK
└------ Workding dir OK
$ git commit -m "Add bigfile.iso" ←*Commit changes*
...
$ git push origin master ← push upstream
In another machine:
$ git clone ...
$ cd repo
$ git big status
→ [ D ] 993328d6 bigfile.iso
| | └-- Depo (Remote repo) OK ← Only in depot after clone
| └---- Cache KO
└------ Workding dir KO
$ git big pull
Pulling object: e99f32a...
$ ls -l $(readlink bigfile.iso)
-r--r--r-- ... .gitbig-anchors/99/33/e99f32a...
$ git big status
...
→ [ W C D ] 993328d6 bigfile.iso
| | └-- Depo (Remote repo) OK ← Only in depot after clone
| └---- Cache KO
└------ Workding dir KO
[[}]]
## set -o pipefail bash flag <[{bash,qa.error_control>]
https://linuxtect.com/make-bash-shell-safe-with-set-euxo-pipefail/
...By default, if a commands in a pipe fails, pipe continues to
execute, makes it fail instead.
[[}]]
## volatile overlay mounts and containers: [[{containerization]]
https://www.redhat.com/sysadmin/container-volatile-overlay-mounts
Recent versions of Podman, Buildah, and CRI-O have started to take
advantage of a new kernel feature, volatile overlay mounts. This
feature allows you to mount an overlay file system with a flag that
tells it not to sync to the disk.
https://sysadmin.prod.acquia-sites.com/sysadmin/overlay-mounts
Speed up container builds with overlay mounts
How Podman can speed up builds for multiple distributions by sharing the host's metadata.
Overlay mounts help to address a challenge we run into when we have
several containers on a single host. The basic problem is that every
time you run dnf or yum inside a container, the container downloads
and processes the metadata of all the repositories. To address this,
we added an advanced volume mount to allow all of the containers to
share the host's metadata. This approach avoids repeating the
download and processing for each container. I previously wrote a blog
post introducing the concept of overlay mounts inside of builds.
[[}]]
## Git merge strategies: [[{]]
https://git-scm.com/docs/merge-strategies
resolve: This can only resolve current-branch and another pulled-branch
recursive:
ours:
theirs:
patience:
diff-algorithm=[patience|minimal|histogram|myers]
ignore-space-change
ignore-all-space
ignore-space-at-eol
ignore-cr-at-eol
renormalize
no-renormalize
no-renames
find-renames[=n]
rename-threshold=n
subtree[=path]
octopus
subtree
- git merge strategies: (From Bitbucket UI)
- Merge commit --no-ff
Always create a new merge commit and update the target branch to it,
even if the source branch is already up to date with the target
branch.
- Fast-forward --ff
If the source branch is out of date with the target branch, create a
merge commit. Otherwise, update the target branch to the latest
commit on the source branch.
- Fast-forward only --ff-only
If the source branch is out of date with the target branch, reject
the merge request. Otherwise, update the target branch to the latest
commit on the source branch.
- Rebase and merge, rebase + merge --no-ff
Rebase commits from the source branch onto the target branch,
creating a new non-merge commit for each incoming commit, and create
a merge commit to update the target branch.
- Rebase and fast-forward, rebase + merge --ff-only
Rebase commits from the source branch onto the target branch,
creating a new non-merge commit for each incoming commit, and
fast-forward the target branch with the resulting commits.
- Squash, --squash
Combine all commits into one new non-merge commit on the target branch.
- Squash, fast-forward only, --squash --ff-only
If the source branch is out of date with the target branch, reject
the merge request. Otherwise, combine all commits into one new
non-merge commit on the target branch.
[[}]]
## GitLab CI to publish HTML pages: [[{]]
https://roneo.org/en/framagit-render-html/
You can render HTML using the Gitlab CI. This doc was redacted for
Framagit, from the french non-profit Framasoft, which uses Gitlab
Pages. You just need to adapt the path.
A service called GitHack seems to propose the same, I didn't test it
though.
[[}]]
## bash "$-" read-variable: [[{]]
· prints/reports current set-of-options in current shell.
ex.: "im...." outputs means following options are enabled:
m - monitor : (set -m),
REF: https://unix.stackexchange.com/questions/196603/can-someone-explain-in-detail-what-set-m-does
i - interactive :
INTERACTIVE=0
case "$-" in
*i*)
SUDO_OPTS=""
;;
*)
SUDO_OPTS="--non-interactive" # fail-fast if sudo user is not passwordless
;;
esac
sudo ${SUDO_OPTS} ...
[[}]]
## Resizing containers with the Device Mapper: [[{containerization.image,storage,PM.TODO]]
<http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/>
[[}]]
## Rootless Docker: [[{containerization.docker,qa,containerization.security,PM.TODO]]
<https://docs.docker.com/engine/security/rootless/>
[[}]]
## Show image change history: [[{containerization.image.build]]
$ docker history /clock:1.0
[[}]]
## Commit image modifications [[{containerization.image.build]]
(Discouraged most of the time, modify Dockerbuild instead)
host-mach $ docker run -it ubuntu bash # Boot up existing image
container # apt-get install ... # Apply changes to running instance
host-mach $ docker diff $(docker ps -lq) # Show changes done in running container
host-mach $ docker commit $(docker ps -lq) # Commit/Confirm changes
host-mach $ docker tag figlet # Tage new image
host-mach $ docker run -it figlet # Boot new image instance
[[}]]
## Selenium Browser test automation [[{ci/cd,qa,testing,selenium,web,_PM.low_code,PM.TODO]]
See also QAWolf:
[[}]]
## Packaging Apps: [[{containerization.image.build,InfraAsCode.pulumi,doc_has.comparative,]]
[[dev_stack.kubernetes.ballerina,dev_stack.metaparticle,dev_language.java]]
<https://www.infoq.com/articles/metaparticle-pulumi-ballerina/>
- Packaging Applications for Docker and Kubernetes approaches comparative.
• Metaparticle:
- Looks to be discontinued (last update in github 2020-06-25)
- provides a standard library to create cloud native apps directly deployable on k8s
supporting (2018-07-24) Java, .NET core, Javascript (NodeJS), Go, Python and Ruby.
• Pulumi: Aims to define Infra-as-code (vs "silly" YAML files).
""" It is going to DevOps what React did to web development """ (according to their authors)
- Web service. WARN: Potential vendor lock-in (account registration in pulumi.io needed)
- Focused on Infra-as-code.
- Support JS, Typescript, Python, Go on AWS, Azure, GCP and k8s (multi-cloud).
• Ballerina: language to generate k8s + Istio YAMLs.
- first-class support for APIs, distributed transactions, circuit-breakers, stream processing,
data-access, JSON, XML, gRPC, and many other integration challenges.
- Ballerina compiler understands the architecture around it with microservices directly
deployable into Docker or Kubernetes by auto generating Docker images and YAML's.
- https://v1-0.ballerina.io/learn/by-example/
- WARN : It uses its own language (vs Java, Go, ...)
[[}]]
## Bash: Search&Replace with regexs:
https://stackoverflow.com/questions/13043344/search-and-replace-in-bash-using-regular-expressions
hello=ho02123ware38384you443d34o3434ingtod38384day
re='(.*)[0-9]+(.*)'
while [[ $hello =~ $re ]]; do
hello=${BASH_REMATCH[1]}${BASH_REMATCH[2]}
done
echo "$hello"
## https://stackoverflow.com/questions/19758915/keeping-a-branch-up-to-date-with-master @ma [[{git.101}]]
## DevOps pipelines DONT's:
https://jamesjoshuahill.github.io/talk/2018/12/06/how-not-to-build-a-pipeline/
## git update branches:
https://jamesjoshuahill.github.io/note/2015/02/07/is-your-branch-up-to-date/ [[{Git.101]]
Nearly everything you do with git happens on your machine. Don’t
take my word for it. Turn off your wifi and see how many git commands
you can run. You’ll see fetch, pull and push fail without a
connection to your remote, but try the other commands you can think
of: status, commit, checkout, cherry-pick, merge, rebase, diff, log
and see how many times git tells you that you’re up-to-date. How
can you be up-to-date if you’re disconnected?
....
When you run git fetch origin the list of branches and commit history
is downloaded from GitHub and synchronised into the clone on your
machine. Doing a fetch won’t affect your local branches, so it’s
one of the safest git commands you can run. You can fetch as much as
you like.
[[}]]
## An Interview With Linus Torvalds: Linux and Git
https://www.tag1consulting.com/blog/interview-linus-torvalds-linux-and-git
## DevOps, ansible: what ansible is not [[{ansible.101]]
https://www.linkedin.com/pulse/ansible-what-marcel-koert/ [[}]]
## https://www.30secondsofcode.org/git/p/1
30 secs recipes:
· How does Git's fast-forward mode work?
· Prints a list of all local branches sorted by date.
· Prints a list of all merged local branches.
· Delete merged branches
· Deletes all local merged branches.
· Create a git commit with a different date
· Purge a file from history
· Completely purges a file from history.
· View a visual graph of the repository
· Disables the default fast forwarding on merge commits.
· Prints a list of lost files and commits.
· ...
## 5 tips for configuring virtualenvs with Ansible Tower
https://www.redhat.com/sysadmin/virtualenvs-ansible-tower
## How to Create Your Own Repositories for Packages
https://www.percona.com/blog/2020/01/02/how-to-create-your-own-repositories-for-packages/
## This is how a #GitOps pipeline looks like.
NEXT) Firstly, the user changes the code in the Git repository.
NEXT) Then a container image gets created, and it is pushed to the container registry.
NEXT) It gets updated into a config updater.
NEXT) Once a user creates a pull request to merge to a different branch, it deploys to the concerned branch.
NEXT) Then it tests whether it is all good or not.
NEXT) Once it’s all good, the reviewer will be able to merge it.
NEXT) After the merge, it goes to the test branch.
NEXT) Once you create a pull request, it will deploy to that test
branch. Below are a few popular GitOps tools that you must try while
working on GitOps workflows. • Flux: Flux was created in 2016 by
Weaveworks. It is a GitOps operator for your Kubernetes cluster. •
ArgoCD: ArgoCD is also a GitOps operator but with a web user
interface. • Jenkins X: A CICD solution for Kubernetes clusters but
different than classic Jenkins. • WKSctl: A GitOps tool that uses
Git commits to manage the Kubernetes cluster. • Gitkube: Gitkube is
ideal for development where it uses Git push to build and deploy
docker images on a Kubernetes cluster. • Helm Operator: an
open-source Kubernetes operator to manage helm chart releases
declaratively. Know more about GitOps: http://bit.ly/393ahpv
https://geekflare.com/gitops-introduction/
## Chuletario de pócimas y recetas: Monitoring uninterruptible system calls.
http://chuletario.blogspot.com/2011/05/monitoring-uninterruptible-system-calls.html?m=1
## DevSecOps: Image scanning in your pipelines using quay.io scanner
https://www.redhat.com/sysadmin/using-quayio-scanner
## git-pw: [[{]]
<http://jk.ozlabs.org/projects/patchwork/>
<https://www.collabora.com/news-and-blog/blog/2019/04/18/quick-hack-git-pw/>
- git-pw requires patchwork v2.0, since it uses the
new REST API and other improvements, such as understanding
the difference between patches, series and cover letters,
to know exactly what to try and apply.
- python-based tool that integrates git and patchwork.
$ pip install --user git-pw
$ git config pw.server https://patchwork.kernel.org/api/1.1
$ git config pw.token YOUR_USER_TOKEN_HERE
*Daily work example: finding and applying series*
- Alternative 1: Manually
- We could use patchwork web UI search engine for it.
- Go to "linux-rockchip" project
- click on _"Show patches with" to access the filter menu.
- filter by submitter.
- Alternative 2: git-pw (REST API wrapper)
- $ git-pw --project linux-rockchip series list "dynamically"
→ ID Date Name Version Submitter
→ 95139 a day ago Add support ... 3 Gaël PORTAY
→ 93875 3 days ago Add support ... 2 Gaël PORTAY
→ 3039 8 months ago Add support ... 1 Enric Balletbo i Serra
- Get some more info:
$ git-pw series show 95139
→ Property Value
→ ID 95139
→ Date 2019-03-21T23:14:35
→ Name Add support for drm/rockchip to dynamically control the DDR frequency.
→ URL https://patchwork.kernel.org/project/linux-rockchip/list/?series=95139
→ Submitter Gaël PORTAY
→ Project Rockchip SoC list
→ Version 3
→ Received 5 of 5
→ Complete True
→ Cover 10864561 [v3,0/5] Add support ....
→ Patches 10864575 [v3,1/5] devfreq: rockchip-dfi: Move GRF definitions to a common place.
→ 10864579 [v3,2/5] : devfreq: rk3399_dmc: Add rockchip, pmu phandle.
→ 10864589 [v3,3/5] devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A.
→ 10864591 [v3,4/5] arm64: dts: rk3399: Add dfi and dmc nodes.
→ 10864585 [v3,5/5] arm64: dts: rockchip: Enable dmc and dfi nodes on gru.
- Applying the entire series (or at least trying to):
$ git-pw series apply 95139
^^^^^^^^^^^^^^^^^^^^^^^^^^^
fetch all the patches in the series, and apply them in the right order.
[[}]]
## SaST-scan [[{devops.security.101]]
https://github.com/AppThreat/sast-scan
This repo builds appthreat/sast-scan (and
quay.io/appthreat/sast-scan), a container image with a number of
bundled open-source static analysis security testing (SAST) tools.
This is like a Swiss Army knife for DevSecOps engineers.
- Features
- No messy configuration and no server required
- Scanning is performed directly in the CI and is extremely quick. Full scan often takes only couple of minutes
- Gorgeous HTML reports that you can proudly share with your colleagues, and the security team
- Automatic exit code 1 (build breaker) with critical and high vulnerabilities
- There are a number of small things that will bring a smile to any DevOps team
Bundled tools
Programming Language Tools
ansible ansible-lint
apex pmd
aws cfn-lint, cfn_nag
bash shellcheck
bom cdxgen
credscan gitleaks
depscan dep-scan
go gosec, staticcheck
java cdxgen, gradle, find-sec-bugs, pmd
jsp pmd
json jq, jsondiff, jsonschema
kotlin detekt
kubernetes kube-score
nodejs cdxgen, NodeJsScan, eslint, yarn
puppet puppet-lint
plsql pmd
python bandit, cdxgen, pipenv
ruby cyclonedx-ruby
rust cdxgen, cargo-audit
terraform tfsec
Visual Force (vf) pmd
Apache Velocity (vm) pmd
yaml yamllint
[[}]]
## <http://alblue.bandlem.com/2011/11/git-tip-of-week-git-notes.html>
## Managing "many-branches" Git projects:
- sync all local/remote branches:
https://stackoverflow.com/questions/27157166/sync-all-branches-with-git
## gitbase: Query Git with SQL [[{]]
https://opensource.com/article/18/11/gitbase
[[}]]
## online SSH Certificate Authority [[{]]
https://github.com/smallstep/certificates
An online SSH Certificate Authority
· Delegate SSH authentication to step-ca by using SSH
certificates instead of public keys and authorized_keys files
· For user certificates, connect SSH to your single sign-on
provider, to improve security with short-lived certificates and MFA
(or other security policies) via any OAuth OIDC provider.
· For host certificates, improve security, eliminate TOFU
warnings, and set up automated host certificate renewal
[[}]]
## https://docs.ipfs.io/how-to/host-git-style-repo/ [[{]]]
serve a read-only Git repository through the IPFS network.
end result: git cloneable url served through IPFS!
1) git clone --bare git@myhost.io/myrepo <·· --bare: don't create working tree, just .git object store
2) cd myrepo
3) git update-server-info <·· Add metadata information to .git/info and .git/objects/info
in order to help clients discover what references and packs
the server has. (needed for HTTP -vs ssh -)
4) mv objects/pack/*.pack . <·· Optional, unpack "large packfile" into its individual
git unpack-objects < *.pack objects, allowing IPFS to deduplicate objects if
rm -f *.pack objects/pack/* the Git repository is duplicated 2+ times
(at this point the repository is ready to be served)
5) $ ipfs add -r . <·· add current repo to ipfs
...
added QmX679gmfyaRkKMvPA4WGNWXj9PtpvKWGPgtXaF18etC95 . <- Hash identifying the directory in IPFS
- Test setup: -----------------------------
$ cd "some_new_and_clean_path"
$ REPO_HASH="QmX679gmfya..."
$ git clone http://${REPO_HASH}.ipfs.localhost:8080/ myrepo <·· Cloning git from IPFS!!!!
- See also: https://dev.to/woss/part-1-rehosting-git-repositories-on-ipfs-23bf
truly distributed way of hosting the git repository
AT A SPECIFIC REVISION, TAG, OR BRANCH,
[[}]]
## Top 10 container guides for sysadmins | Enable Sysadmin
https://www.redhat.com/sysadmin/containers-articles-2021
## bash: Parse Arguments in Bash Scripts With getopts
https://ostechnix.com/parse-arguments-in-bash-scripts-using-getopts/
## Dockerfile Linter Hadolint Brings Fixes and Improvements, and Support for ARM64 Binaries
https://www.infoq.com/news/2022/04/hadolint-dockerfile-linter/
## How to Use S3 as a Private Git Repository
https://fancybeans.com/2012/08/24/how-to-use-s3-as-a-private-git-repository/
Basically, use git for local commands that manipulate the local
repository (adding, committing, merging) and jgit for any
interactions that involve sending or receiving data from the S3
bucket.
https://github.com/bgahagan/git-remote-s3
Push and pull git repos to/from an s3 bucket. Uses gpg to encrypt the
repo contents (but not branch names!) before sending to s3.
https://www.petekeen.net/hosting-private-git-repositories-with-gitolite
Step 1: Install Gitolite
Gitolite is a system for managing git repositories using git itself
to manage the configuration. Essentially, after initial configuration
you make all changes by editing a config file, committing it, and
pushing up to your git server.
Gitolite installation is pretty straightforward:
## Nexus Repository Management:[[{containerization.image.registry]]
https://blog.sonatype.com/using-nexus-3-as-your-repository-part-1-maven-artifacts
https://blog.sonatype.com/using-nexus-3-as-your-repository-part-2-npm-packages
https://blog.sonatype.com/using-nexus-3-as-your-repository-part-3-docker-images
- See also: Artifactory by JFrog
[[}]]
## Run docker container as current user:
https://jtreminio.com/blog/running-docker-containers-as-current-host-user/
[[PM.TODO}]]
# Git modules @ /usr/lib/git-core
```
3_097_168 /usr/lib/git-core/git
1_839_328 /usr/lib/git-core/git-remote-http
1_835_232 /usr/lib/git-core/git-http-push
1_831_520 /usr/lib/git-core/git-imap-send
1_823_072 /usr/lib/git-core/git-fast-import
1_822_912 /usr/lib/git-core/git-http-fetch
1_8048 /usr/lib/git-core/git-remote-testsvn
1_793_856 /usr/lib/git-core/git-daemon
1_789_984 /usr/lib/git-core/git-http-backend
1_773_344 /usr/lib/git-core/git-shell
1_773_280 /usr/lib/git-core/git-credential-cache--daemon
1_773_216 /usr/lib/git-core/git-sh-i18n--envsubst
1_773_216 /usr/lib/git-core/git-credential-store
1_773_216 /usr/lib/git-core/git-credential-cache
46_169 /usr/lib/git-core/git-add--interactive
29_600 /usr/lib/git-core/git-rebase--preserve-merges
25_832 /usr/lib/git-core/git-submodule
22_362 /usr/lib/git-core/git-instaweb
17_485 /usr/lib/git-core/git-subtree
16_938 /usr/lib/git-core/git-sh-prompt
16_411 /usr/lib/git-core/git-legacy-stash
16_334 /usr/lib/git-core/git-filter-branch
10_297 /usr/lib/git-core/git-mergetool
9_306 /usr/lib/git-core/git-sh-setup
9_201 /usr/lib/git-core/git-mergetool--lib
8_290 /usr/lib/git-core/git-bisect
4_401 /usr/lib/git-core/git-web--browse
4_130 /usr/lib/git-core/git-request-pull
4_096 /usr/lib/git-core/mergetools
3_695 /usr/lib/git-core/git-merge-one-file
3_693 /usr/lib/git-core/git-quiltimport
2_650 /usr/lib/git-core/git-parse-remote
2_477 /usr/lib/git-core/git-merge-octopus
2_448 /usr/lib/git-core/git-sh-i18n
2_236 /usr/lib/git-core/git-difftool--helper
944 /usr/lib/git-core/git-merge-resolve
```
# implementing container manager
* <https://iximiuz.com/en/series/implementing-container-manager/>
# Container Tools, Tips, and Tricks - Issue #2
* <https://iximiuz.ck.page/posts/container-tools-tips-and-tricks-issue-2>
# DevOps: Merging " GitHub repos without losing commit history
* <https://hacks.mozilla.org/2022/08/merging-two-github-repositories-without-losing-commit-history/>
# TAXONOMY:
1. Basic Linux commands necessary before jumping into shell script.
* https://lnkd.in/dBTsJbhz
* https://lnkd.in/dHQTiHBB
* https://lnkd.in/dA9pAmHa
2. Shell Scripting
* https://lnkd.in/da_wHgQH
* https://lnkd.in/d5CFPgga
3. Python: This will help you in automation
* https://lnkd.in/dFtNz_9D
* https://lnkd.in/d6cRpFrY
* https://lnkd.in/d-EhshQz
4. Networking
* https://lnkd.in/dqTx6jmN
* https://lnkd.in/dRqCzbkn
5. Git & Github
* https://lnkd.in/d9gw-9Ds
* https://lnkd.in/dEp3KrTJ
6. YAML
* https://lnkd.in/duvmhd5X
* https://lnkd.in/dNqrXjmV
7. Containers — Docker:
* https://lnkd.in/dY2ZswMZ
* https://lnkd.in/d_EySpbh
* https://lnkd.in/dPddbJTf
8.CI/CD:
* https://lnkd.in/dMHv9T8U
9. Container Orchestration — Kubernetes:
* https://lnkd.in/duGZwHYX
10. Monitoring:
* https://lnkd.in/dpXhmVqs
* https://lnkd.in/dStQbpRX
* https://lnkd.in/de4H5QVz
* https://lnkd.in/dEtTSsbB
11. Infrastructure Provisioning
& Configuration Management (IaC):
Terraform, Ansible, Pulumi
* https://lnkd.in/dvpzNT5M
* https://lnkd.in/dNugwtVW
* https://lnkd.in/dn5m2NKQ
* https://lnkd.in/dhknHJXp
* https://lnkd.in/ddNxd8vU
12. CI/CD Tools: Jenkins,
GitHub Actions, GitLab CI,
Travis CI, AWS CodePipeline
+ AWS CodeBuild, Azure DevOps, etc
* https://lnkd.in/dTmSXNzv
* https://lnkd.in/dAnxpVTe
* https://lnkd.in/daMFG3Hq
* https://lnkd.in/dqf-zzrx
* https://lnkd.in/diWP7Tm7
* https://lnkd.in/dYDCSiiC
13. AWS:
* https://lnkd.in/dmi-TMv9
* https://lnkd.in/de3-dAB6
* https://lnkd.in/dh2zXZAB
* https://lnkd.in/dQMyCBWy
Best Websites to learn Devops:
* https://kodekloud.com
* https://acloudguru.com
* https://www.katacoda.com
# Vim documentation: windows
* <https://vimdoc.sourceforge.net/htmldoc/windows.html#window>
* Learn to become DevOps Engineer or SRE
* <https://roadmap.sh/devops> [[{doc_has.roadmap}]]
## DevOps exercises
DevOps exercises: bregman-arie/devops-exercises: Linux, Jenkins, AWS,
SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform,
OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network,
Virtualization. DevOps Interview
Questionshttps://github.com/bregman-arie/devops-exercises
## terraform tools: Top 10
for #Devops TFLint (https://lnkd.in/gn4QBzTM): A Terraform linter
that checks your configuration files for potential errors, best
practices, and style violations Terrascan (https://lnkd.in/gxmzE-nm):
A static code analyzer specifically designed for Terraform
configurations, providing security scanning and compliance checks
Terramate (https://lnkd.in/gEW9ythN): A plugin for popular text
editors (like Visual Studio Code) that provides advanced features for
working with Terraform, such as syntax highlighting, autocompletion,
and documentation lookup TFSwitch (https://lnkd.in/g9gseDcn): A
command-line tool that simplifies switching between different
versions of Terraform, allowing you to manage and switch between
multiple Terraform installations Tfsec (https://lnkd.in/gpYuCtF2): A
security scanner for Terraform templates that identifies potential
security issues and provides recommendations to improve security
posture Checkov (https://lnkd.in/g4Py3WYN): An open-source static
analysis tool for infrastructure-as-code files, including Terraform.
It scans your code for security vulnerabilities and policy violations
Terraform Compliance (https://lnkd.in/g7C5fQep): Validate Terraform
configurations against security and compliance policies Terraform
Landscape (https://lnkd.in/gduDAit5): Visualize Terraform plan with
highlighted resource changes Terraform Graph
(https://lnkd.in/gdp-8FAr): Generate a visual representation of
resource dependencies in your configuration Terraform CDK
(https://lnkd.in/gdvUXwHh): Define infrastructure using programming
languages like TypeScript, Python, and Java#iac #infrastructureascode
#automation #developer #sysops #linux #sysadmin #solutionsarchitect
#oss #security #cloud
## Traefik 3.1: comprehensive support for Kubernetes Gateway API
* several contributions aimed at stabilizing and extending its functionalities. (no experimental anymore)
* Gateway API supported: version 1.1.0
* enhancements to HTTPRoute capabilities.
* New ReferenceGrant feature: addressing security concerns in cross-namespace references
— A SIGNIFICANT ENHANCEMENT FOR MULTI-TENANT ENVIRONMENTS.
* 3.1 facilitates full-featured WASM plugins that can perform HTTP calls and integrate
various Go libraries, enhancing the flexibility and power of Traefik’s plugins.
* better error handling and status reporting for HTTPRoutes.