skip to content
CloudDruid

Things That Caught My Eye

  1. Earning the CKA
  2. uwu Kubernetes 1.30
  3. K8s Operators
  4. K8s Attack Graph Generator
  5. seccomp Deep Dive
  6. Karpenter K8s Cost Management
  7. K8s Vault Secrets Tutorial
  8. 53 New AWS TLDs
  9. SLA/SLO/SLI Breakdown
  10. CVE Notifier
  11. Security Header Analyzer
  12. nix-inspect
  13. markdowndown
  14. ”Gaming” Keyboard

✨ Mental Bookmarks

Second Kubernetes Cert

This past Friday I earned the Certified Kubernetes Administrator certification 🎉. Studying for Kubernetes exams can sometimes feel like an exercise in patience. From the concentrated effort it takes to identify the correct hodgepodge of resources, to the tips, tricks, and encantations expected of you, there is a lot that goes into passing. Given my experiences, I think it would be nice to compile a running list of techniques and gotchas. So I think I will create a reach goal for myself to start a blog post with helpful strategies and tips. (Especially something I can go back to when I need to retake said exams 👀…)

uwubernetes 1.30

I died when I saw the new theme of 1.30! I absolutely love that the maintainers/contributors have a sense of humor and keep things light 😁. There appears to be a great deal of updates, and when the time comes I will certainly be checking out Sysdig’s latest breakdown of 1.30.

K8s Operators

A recent blog on K8s Operators caught my attention. A little snippet from the article:

Operators are the path to building truly cloud-native applications on Kubernetes by encoding operational knowledge and best practices into custom controllers. They allow you to extend the Kubernetes API with higher-level, domain-specific abstractions tailored to your applications.

Kubernetes Attack Graph

Datadog’s Kubehound looks like a really interesting way to discover vulnerabilities in your K8s infrastructure, so that you can harden your policies and infrastructure as needed.

seccomp

Armosec has a multi-part deep dive into seccomp that I have on my to-read list; I love a good tutorial, and implementation examples look fairly solid.

Karpenter & Cloudspend

Labyrinth Labs published a multi-part series on their experience with Karpenter and its impact on performance and efficiency.

HCP Vault Secrets

Hashicorp recently published an extensive tutorial on syncing HCP Vault Secrets to Kubernetes with Vault Secrets Operator.

Route 53 New AWS TLDs

AWS added support for 18 additional Top-Level Domains, of which my favorites included: .beer and .fun

SLA vs. SLO vs. SLI

Checkly provides a comprehensive deep dive on what SLA/SLO/SLI mean, how they differ, and how they are represented in the industry. Definitely another article on my to-read list.

CVE Notifier

This CVE Notifier written in Go is pretty awesome, it allows you to use keywords against vuldb and set up slack notifications regarding impacted applications.

hauditor

hauditor allows you to analyze security headers returned by a web page and report dangerous configurations. This type of alerting kind of reminds me of the warnings I get in protonmail regarding failed domain auth requirements (which can lead to things like spoofing and improper forwarding… the most recent offender from my inbox being The Linux Foundation 😥).

nix-inspect

nix-inspect provides an “Interactive tui for inspecting nix configs,” building on nix repl and written in Rust 🦀. Another tool I think would be fun to demo and blog about at some point.

markdowndown

MarkdownDown converts any webpage into a clean markdown file with images downloaded. I’m sure there are some pretty interesting use cases for this functionality.

Gaming Keyboard

Tom’s Hardware recently highlighted a keyboard that looks like an NES controller. Not news but another fun modded keyboard to check out.