Recently, we needed to upload build artifacts to allow developers to visualize Playwright test recordings. Initially, we used a simple PVC and an NGINX server with basic authentication, but this approach has a major drawback: it doesn’t allow uploads from different namespaces. As a result, we had to choose whether to deploy this service and…
Read MoreOne of the most annoying aspects of using Sealed Secrets is their encryption design. They are tightly coupled to the namespace and name of the target Secret, meaning any changes to either require re-encrypting the Sealed Secret. This rigidity complicates workflows, especially when you need to duplicate or promote Secrets across environments. It breaks the…
Read MoreAfter 17 years in software development, mostly crafting UIs (do you know Google Web Tookit? Or Angular, since version 1? And now Vue.js? I do), occasionally diving into mobile apps, and even wearing the sysadmin hat, I thought I’d seen my fair share of tech. But recently, I stepped into a completely new arena: Pipeline…
Read MoreGitHub Actions offer a powerful and flexible infrastructure for CI/CD, deployments and monitoring. But every external dependency we include opens a potential door for supply-chain attacks. One simple, effective, and low-cost way to seal that door is pinning your Actions to specific commit SHAs. In this article, we’ll explore the risks, walk through how to…
Read MoreOur old ISO used the first drive (sda) as the only option when installing the system. Sometimes we were asked to install NetEye on a different drive, so as a workaround we suggested properly sorting RAID arrays in the controller, in order to put the installation drive first on the list. Even if suboptimal, this…
Read MoreIf you’re a NetEye regular, you may have downloaded the NetEye ISO at least once in your life. And if you did, you probably discovered that you had a bit of free time before the download was completed and the ISO was ready to be used. Why’s that? Because until a couple of weeks ago,…
Read MoreAs traffic to applications deployed on OpenShift grows, it’s essential to gain visibility into the flow of data entering your cluster. Monitoring this incoming traffic helps administrators maintain optimal performance, reduce security risks, and quickly resolve any emerging issues. Enabling Logging All traffic directed to an OpenShift Route is routed through a designated set of…
Read MoreUse Case During NetEye Cloud updates we typically have to handle 25+ nodes, updating both OS and Firmware and subsequently rebooting all servers, all without causing downtime. We can of course reboot one node a time, but this would be really time-consuming. The main constraints on reboot are PCS nodes and Elastic layers. In particular…
Read MoreManaging an SSH server is easy when you only have one or two servers, but what happens when you have thousands of servers? “Authorized keys” and “known hosts” files are hard to manage across large teams with permissions and roles. Known Hosts and HTTPS Can you tell me the difference between these two images? Nothing….
Read MoreSome time ago, one of my colleagues wrote about git commits and why we should sign them (you should read this). But how can we actually do that? The Web of Trust of GPG comes to our aid. Let’s see how. OpenPGP is the open-source variant of PGP (Pretty Good Privacy), a protocol and software…
Read MoreWriting high-performance code is key when tackling complex problems. While it might be tempting to focus on optimizing the programming language itself, the best strategy is often to implement the right algorithm. Let’s take a look at three lesser-known Python libraries that can boost your code’s efficiency without diving into complicated implementations. 1. Deque: The…
Read MoreWhen adopting an open-source software project that you don’t own, you may find it necessary to modify it partially to meet your specific requirements. However, as you implement those changes, it’s important to recognize that the upstream project will eventually update itself, leading to potential conflicts in the files that both you and the upstream…
Read MoreWhen approaching a GitOps workflow you’ll soon have to choose between push- and pull-based approaches. In this blog post I’ll explain the high-level differences of each approach with pros and cons. What is GitOps? GitOps stands for Git Operation: in this workflow all the infrastructure configurations are stored in a Git repository, which represents the…
Read MoreIf you’re monitoring an OpenShift or a Kubernetes cluster with Elastic Stack, you might’ve noticed that the Kubernetes integration uses the default Index Lifecycle Policy. It means that those logs and metrics have an unlimited retention. If the volume of logs is high – and for Kubernetes clusters it usually is – it won’t be…
Read MoreWhen monitoring Kubernetes clusters using Elastic Stack, the volume of logs can be overwhelming, often reaching gigabytes per minute. This is particularly true for OpenShift clusters, where significant traffic originates from system namespaces you might not be familiar with. Optimizing log collection becomes crucial for maintaining system efficiency and resource utilization. Success in this endeavor…
Read More