A modern web app isn’t one single big monolith: it’s made of quite a lot of pieces! For instance, we relied on a setup such as this one for a recent one we are developing: That’s a lot of moving parts. You could glue them together with scripts, sticky notes, and caffeine… but then most…
Read MoreAs our company’s NetEye cloud solution NetEye.cloud expands, we’re deploying compute nodes not only in our own data centers but, on customer premises across the globe – connected through satellite links. This hybrid, geo-distributed model creates a very tough challenge: How can we manage configuration across hundreds of remote machines reliably, and at scale? Why…
Read MoreDependencies (frameworks, modules, plugins, etc.) are the lifeblood of modern software libraries. But managing them manually is a burden. By automating dependency updates (in a controlled, smart way), you can stay ahead of security issues, reduce technical debt, and make upgrades less painful. Below I’ll walk you through why automatic updates matter, what to watch…
Read MoreUnexpected reboots, who doesn’t love them? A few weeks ago, we faced a problem that any platform engineer dreads: one of our nodes rebooted unexpectedly. The cause? The iDRAC watchdog forcefully terminated it. But what led iDRAC to decide it was time to shut down the node? A preliminary investigation concluded that there wasn’t any…
Read MoreHi 😀 Today I’d like to explore with you a migration that we performed to a service that’s used internally to monitor the performance of various DBs, gathering data that’s especially useful for troubleshooting. This tool is the Percona Monitoring and Management (PMM) platform, which combines agents or direct access to various supported DBMS (MySQL,…
Read MoreRecently, we needed to upload build artifacts to allow developers to visualize Playwright test recordings. Initially, we used a simple PVC and an NGINX server with basic authentication, but this approach has a major drawback: it doesn’t allow uploads from different namespaces. As a result, we had to choose whether to deploy this service and…
Read MoreOne of the most annoying aspects of using Sealed Secrets is their encryption design. They are tightly coupled to the namespace and name of the target Secret, meaning any changes to either require re-encrypting the Sealed Secret. This rigidity complicates workflows, especially when you need to duplicate or promote Secrets across environments. It breaks the…
Read MoreIntroduction This guide illustrates the steps required to adopt Nextcloud on-premise, configuring it for LDAP integration, SSO and MFA, using a preconfigured Virtual Machine. Wing FTP, while useful for years in remote file management, today shows clear limitations in terms of security, scalability and integration. Nextcloud is a modern, open source and self-hosted solution, offering…
Read MoreAfter 17 years in software development, mostly crafting UIs (do you know Google Web Tookit? Or Angular, since version 1? And now Vue.js? I do), occasionally diving into mobile apps, and even wearing the sysadmin hat, I thought I’d seen my fair share of tech. But recently, I stepped into a completely new arena: Pipeline…
Read MoreGitHub Actions offer a powerful and flexible infrastructure for CI/CD, deployments and monitoring. But every external dependency we include opens a potential door for supply-chain attacks. One simple, effective, and low-cost way to seal that door is pinning your Actions to specific commit SHAs. In this article, we’ll explore the risks, walk through how to…
Read MoreOur old ISO used the first drive (sda) as the only option when installing the system. Sometimes we were asked to install NetEye on a different drive, so as a workaround we suggested properly sorting RAID arrays in the controller, in order to put the installation drive first on the list. Even if suboptimal, this…
Read MoreIf you’re a NetEye regular, you may have downloaded the NetEye ISO at least once in your life. And if you did, you probably discovered that you had a bit of free time before the download was completed and the ISO was ready to be used. Why’s that? Because until a couple of weeks ago,…
Read MoreAs traffic to applications deployed on OpenShift grows, it’s essential to gain visibility into the flow of data entering your cluster. Monitoring this incoming traffic helps administrators maintain optimal performance, reduce security risks, and quickly resolve any emerging issues. Enabling Logging All traffic directed to an OpenShift Route is routed through a designated set of…
Read MoreUse Case During NetEye Cloud updates we typically have to handle 25+ nodes, updating both OS and Firmware and subsequently rebooting all servers, all without causing downtime. We can of course reboot one node a time, but this would be really time-consuming. The main constraints on reboot are PCS nodes and Elastic layers. In particular…
Read MoreManaging an SSH server is easy when you only have one or two servers, but what happens when you have thousands of servers? “Authorized keys” and “known hosts” files are hard to manage across large teams with permissions and roles. Known Hosts and HTTPS Can you tell me the difference between these two images? Nothing….
Read More