#GitOps just got smarter! See how to build an auto-remediation system with #ArgoCD that detects #config drift & fixes it automatically. Live coding, custom controllers & policy-driven rollbacks. Check out this #oSC25 video. https://youtu.be/74Ibb9frhh4?si=hX4Un5aSMOJw6JBx

Explore how #qubesome lets you run your #window manager & apps in non-root containers, all from a Git-stored config! Secure, portable, and declarative! Catch this #oSC25 virtual talk to rethink your desktop workflow. #Linux #GitOps #openSUSE https://youtu.be/KBWfGMUBGgI?si=kRlJFgzKp0k2bxVK

Reminder, Red Hat Security Day in Vilnius tomorrow. Come and learn how to keep IT development and operations clean and secure!

https://events.redhat.com/profile/form/index.cfm?PKformID=0x1354606100a

Okay, authentik is up! Took a while, I was fighting against flux and the helm release because it deployed with the wrong StorageClass (I forgot to have that configuration ready before release.) Helm wasn't able to modify the PVC because they're immutable, updating the release has to wait for the initial release to succeed (which it won't) or timeout and flux is quiet on the reasons for all of this unless you know where to look lots of learning was had though!

Anyway, admin and personal user accounts created, MFA enabled. Got my first application integrated too! (actual budget)

What next? The world is my oyster... Probably gitea or semaphore. I'm hesitant to integrate services like jellyfin before I have more users onboarded and this gives me an opportunity to experiment with other edge cases like other providers and service accounts and such

Interesting piece on the details of actual scale and shifting from Helm to CueLang with ArgoCD. Includes the why's as well as lessons learned.

https://medium.com/safetycultureengineering/our-journey-to-gitops-migrating-to-argocd-with-zero-downtime-932d0eefbe0d

Yo @Nagashi

Got any specific tips for gitops?

I understand the basic value proposition but I have to square it with enabling developers. Just kicking them out of write access to things doesn't jive with how much they usually help out in infra.

The right kind of automation could work but write-back commits from CI are kinda squirrely. ArgoCD is assumed, and Akuity Kargo is on my radar, if that helps.

welp, got fired after only 2 months. they fired the whole team (including someone who already quit but then they convinced to stay???)

so i am back on the market, unfortunately.

i have plenty of experience as a developer and an SRE. i am primarily skilled with kubernetes, linux, javascript, node, react. ideally i'd focus on the SRE side

i am in canada and available for remote work or on-prem if you're in montreal!

Is anyone involved in public github project with heavy use of workflows for cicd? Including publishing or deploying? Do you have secrets or environmental information that you worry about leaking? Curious how that's managed. Looking for example projects and/or best practices.

Want to master GitOps on AWS?

In the AWS Developers Podcast, we cover everything from the basics to advanced techniques. Learn how to streamline your cloud infrastructure and adopt a GitOps mindset.

Tune in now!
https://developers.podcast.go-aws.com/web/podcasts/episode_125/index.html

New instance means a new #introduction, right

I have been working in IT for more than 25 years and have been using #FOSS and #Linux for just as long. Even though I originally come from a programming background (#Java, #perl), today as #CTO I mainly deal with #DevOps and especially #GitOps. We run the majority of our operational infrastructure on #proxmox as a virtualisation base and use #OKD for our #kubernetes clusters.

#k8s
1/4

TIL that one of my worst days will be forever commemorated on Hacker News.

Honestly surprised by the number of supportive responses.

#Kubernetes #ArgoCD #k8s #GitOps #MastoAdmin #BadDay #HackerNews

news.ycombinator.com/item?id=37289349

I'm finally writing an #introduction toot LOL.

I'm "JJGadgets" online, you can call me JJ, everyone does.

My life is #tech, nothing brings me more joy and zen than sitting in front of my screens. Maybe except for Japanese food.

I use and prefer #linux for both server and desktop use, despite its flaws. I live in the #commandline. Been that way since I first jailbroke on iOS 5 and installed MobileTerminal.

I study #infosec but textbooks and lessons don't even come close to doing justice to what #infosec is all about. I like to think that I live and strive to live the infosec life, including my mindset. (After all, that's why @truxnell started calling me the "tinfoil hat sensei" LOL)

I do #Kubernetes @ Home, and maintain my cluster state in #git then apply it with tools like #FluxCD. My #homelab repo can be found at https://biohazard.jjgadgets.tech (will always 301 redirect to my latest Git remote of choice, in the event it changes). I think using #GitOps/IaC to declare desired security-related state (policies, rules etc) makes managing security a lot easier.

I try to follow "Principle of Least Privilege" for my homelab, and especially for Kubernetes security, using tools such as network policies (#netpols), policy engines, secrets management, identity management, strong #authentication, and access control. For example, my homelab Kubernetes cluster heavily uses netpols everywhere to default-deny and only allow the necessary network traffic for any given app to work.

I am also very interested in strong authentication methods such as #passwordless #fido2 / #webauthn (#yubikey and #passkeys) and where possible, I only enroll FIDO2 MFA, and choose the passwordless variant if available.

I try my best to use privacy-respecting software where possible, as I believe in maintaining transparency and control over the #privacy of people, regardless of online or offline.

I also believe in #opensource, too many times we've been shown the consequences of relying on closed source software, so where possible I always prefer open source.

Outside of the screen, admittedly I'm terrible at life stuff, and it's very hard for me to be interested in much of anything other than stuff on or related to a screen/device (I basically only talk tech stuff LOL). I'm working on changing that in the event I burnout hard again (though I still haven't found a non-tech interest yet, as of writing). I've burnt out multiple times despite still being a student, and thus I now (try to) take as much necessary measures as I can to avoid over-working, over-stressing or over-exerting myself.

That's about it, let's chat (or toot?)!

New episode of Changelog News!

@tastapod on the best worst programmer
Kevin Lin on #OpenTelemetry in 2023
Justin Garrison comapres #Terraform vs #GitOps vs #SystemInitiative
Kelly Main on how #Apple beats burnout
Aline Lerner on sabotaging salary negotiations
hosted by @jerod

https://changelog.com/news/60

If you’re missing connections to firefish.lgbt, musician.social, and outdoors.lgbt tonight it’s because they apparently also had some Kubernetes issues today but the database got sucked down with it. https://status.firefish.lgbt/incident/249322

This is why the apps and data are separate in our environment, shit happens. Also, always test your backups folks.

Excellent work by @sjvn.

I only roughly get what GitOps is, as both a conceptual framework and a set of tools. But this article suggests to me that as git becomes the source of truth for infra as well as appdev the #Steampipe GitHub/GitLab plugins will become even more interesting than they already are.

https://thenewstack.io/gitops-as-an-evolution-of-kubernetes/

My #FOSDEM lightning talk is out.
Check this out if you are curious about why I am building a declarative dependency management tool
https://video.fosdem.org/2023/H.1309%20%28Van%20Rijn%29/continuous_update_everything.mp4
#updatecli #cicd #oss #gitops