The article focuses on the importance of handling termination signals gracefully in applications deployed in orchestrated environments like Kubernetes. Graceful shutdowns are crucial to prevent data loss and system instability that can occur with abrupt terminations, ensuring that applications can exit cleanly and maintain consistency even when they are stopped or scaled down.
https://packagemain.tech/p/graceful-shutdowns-k8s-go
https://packagemain.tech/p/graceful-shutdowns-k8s-go
packagemain.tech
Terminating elegantly: a guide to graceful shutdowns
Let's dive into the world of graceful shutdowns, specifically for Go applications running on Kubernetes.
👍4
The incredible HULL - Helm Uniform Layer Library - is a Helm library chart to improve Helm chart based workflows
https://github.com/vidispine/hull
https://github.com/vidispine/hull
GitHub
GitHub - vidispine/hull: The incredible HULL - Helm Uniform Layer Library - is a Helm library chart to improve Helm chart based…
The incredible HULL - Helm Uniform Layer Library - is a Helm library chart to improve Helm chart based workflows. - GitHub - vidispine/hull: The incredible HULL - Helm Uniform Layer Library - is a...
🔥4
Forwarded from Golang notes
A PostgreSQL database explorer TUI (Terminal User Interface) application written in Go.
https://github.com/ddoemonn/go-dot-dot
https://github.com/ddoemonn/go-dot-dot
GitHub
GitHub - ddoemonn/go-dot-dot: A PostgreSQL database explorer TUI (Terminal User Interface) application written in Go.
A PostgreSQL database explorer TUI (Terminal User Interface) application written in Go. - ddoemonn/go-dot-dot
👍3🔥2
🔥 Critical vulnarabliiity in ingress-nginx controlller
9.8/10🔥 https://github.com/advisories/GHSA-mgvx-rpfc-9mpv
If you're running Kubernetes with the ingress-nginx controller and are affected by the vulnerability described in GHSA-mgvx-rpfc-9mpv (CVE-2025-1974), you face several serious security risks:
Critical Security Risks
This vulnerability, published on March 25, 2025, is part of a set of critical flaws collectively named "IngressNightmare" with a CVSS score of 9.8[6]. The specific issues include:
- Unauthenticated Remote Code Execution (RCE): An attacker with access to the pod network can execute arbitrary code in the context of the ingress-nginx controller without authentication[1][2].
- Cluster-wide Secret Exposure: The vulnerability allows attackers to access and steal all secrets accessible to the controller. In default installations, the controller can access all secrets across all namespaces in the cluster[1][3].
- Complete Cluster Takeover: Due to the elevated privileges of the admission controller, successful exploitation could lead to full compromise of your Kubernetes environment[3][6].
- Public Exposure Risk: Over 6,500 clusters with publicly accessible admission controllers are at immediate risk, including those operated by Fortune 500 companies[8].
How the Vulnerability Works
The attack targets the admission controller component of the ingress-nginx controller:
1. The vulnerability allows attackers to inject arbitrary NGINX configuration remotely by sending a malicious ingress object directly to the admission controller[3].
2. When the controller processes this malicious object during validation, it causes the NGINX validator to execute malicious code[6][8].
3. The admission controller's elevated privileges and network accessibility create a critical escalation path, allowing an attacker to access sensitive resources across the entire cluster[3].
Required Action
To mitigate this issue, you should:
- Update immediately to one of the patched versions: 1.12.1, 1.11.5, or 1.10.7[6].
- Ensure your admission webhook endpoint is not exposed externally[6].
- Limit access to the admission controller to only the Kubernetes API Server[6].
- Temporarily disable the admission controller component if it's not needed[6].
This vulnerability affects approximately 43% of cloud environments, making it a widespread and serious threat to Kubernetes deployments[6].
9.8/10
If you're running Kubernetes with the ingress-nginx controller and are affected by the vulnerability described in GHSA-mgvx-rpfc-9mpv (CVE-2025-1974), you face several serious security risks:
Critical Security Risks
This vulnerability, published on March 25, 2025, is part of a set of critical flaws collectively named "IngressNightmare" with a CVSS score of 9.8[6]. The specific issues include:
- Unauthenticated Remote Code Execution (RCE): An attacker with access to the pod network can execute arbitrary code in the context of the ingress-nginx controller without authentication[1][2].
- Cluster-wide Secret Exposure: The vulnerability allows attackers to access and steal all secrets accessible to the controller. In default installations, the controller can access all secrets across all namespaces in the cluster[1][3].
- Complete Cluster Takeover: Due to the elevated privileges of the admission controller, successful exploitation could lead to full compromise of your Kubernetes environment[3][6].
- Public Exposure Risk: Over 6,500 clusters with publicly accessible admission controllers are at immediate risk, including those operated by Fortune 500 companies[8].
How the Vulnerability Works
The attack targets the admission controller component of the ingress-nginx controller:
1. The vulnerability allows attackers to inject arbitrary NGINX configuration remotely by sending a malicious ingress object directly to the admission controller[3].
2. When the controller processes this malicious object during validation, it causes the NGINX validator to execute malicious code[6][8].
3. The admission controller's elevated privileges and network accessibility create a critical escalation path, allowing an attacker to access sensitive resources across the entire cluster[3].
Required Action
To mitigate this issue, you should:
- Update immediately to one of the patched versions: 1.12.1, 1.11.5, or 1.10.7[6].
- Ensure your admission webhook endpoint is not exposed externally[6].
- Limit access to the admission controller to only the Kubernetes API Server[6].
- Temporarily disable the admission controller component if it's not needed[6].
This vulnerability affects approximately 43% of cloud environments, making it a widespread and serious threat to Kubernetes deployments[6].
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
CVE-2025-1974 - GitHub Advisory Database
ingress-nginx admission controller RCE escalation
😱7👍5🔥4
The author discusses strategies for significantly reducing the startup time of AWS EKS Windows nodes. The author achieved this by using Karpenter for dynamic node provisioning, optimizing PowerShell noscripts, and pre-caching images with AWS Image Builder. Key optimizations included uninstalling unnecessary PowerShell modules and rewriting the bootstrap noscript in C# for better performance, resulting in startup times under 90 seconds
https://hackernoon.com/how-i-reduced-eks-windows-node-start-time-from-5-min-to-90s
https://hackernoon.com/how-i-reduced-eks-windows-node-start-time-from-5-min-to-90s
Hackernoon
How I Reduced EKS Windows Node Start Time From 5 Min to ~90s
Learn how to reduce AWS EKS Windows node startup times to < 90 secs using Karpenter, optimized noscripts, and pre-cached images. Boost your cluster's performance!
👍3❤1
The article delves into the intricacies of Kubernetes resource management, specifically focusing on requests and limits. It explains how these settings impact pod scheduling, resource allocation, and performance, highlighting the importance of correctly configuring them to ensure efficient use of cluster resources and prevent overcommitting or underutilization. Understanding these concepts is crucial for optimizing application performance and reliability in Kubernetes environments.
https://thenewstack.io/how-kubernetes-requests-and-limits-really-work/
https://thenewstack.io/how-kubernetes-requests-and-limits-really-work/
The New Stack
How Kubernetes Requests and Limits Really Work
A wizard's journey through the technical inner workings of Kubernetes resource management — Chapter 1.
👍6
Goliat - Dashboard is an open-source tool for managing, visualizing, and optimizing Terraform deployments, with integration to Terraform Cloud and a custom provider.
https://github.com/danieljsaldana/goliat-dashboard
https://github.com/danieljsaldana/goliat-dashboard
GitHub
GitHub - danieljsaldana/goliat-dashboard: Dashboard centralizado desarrollado con Astro y React, con integración para GitHub, Azure…
Dashboard centralizado desarrollado con Astro y React, con integración para GitHub, Azure, AWS y OpenAI. Ideal para equipos de DevOps, SRE, Seguridad, Arquitectura Cloud y Negocio. - danieljsaldana...
👍3
The blogpost addresses the challenges engineering managers face in maintaining their technical skills amidst busy schedules. It suggests that instead of trying to dedicate a significant portion of their time to hands-on technical work, managers can leverage their team's diversity and projects to stay updated. This involves guiding team members through experimental projects, learning from their experiences, and teaching junior engineers, which helps maintain a technical edge without compromising work-life balance
https://medium.com/engineering-managers-journal/real-ways-to-maintain-your-technical-edge-as-an-engineering-manager-25652fa1495c
https://medium.com/engineering-managers-journal/real-ways-to-maintain-your-technical-edge-as-an-engineering-manager-25652fa1495c
Medium
Real Ways To Maintain Your Technical Edge As An Engineering Manager
Most advice isn’t practical, but there are realistic alternatives.
👍6👌1
The author provides a comprehensive guide to building a REST API hosted on AWS API Gateway with a backend on AWS Lambda and a database on DynamoDB. The guide includes setting up AWS services using Terraform, creating a Lambda function to perform CRUD operations on DynamoDB, and implementing authentication with Amazon Cognito to secure certain routes
https://awstip.com/a-step-by-step-guide-on-deploying-rest-api-using-api-gateway-lambda-cognito-terraform-f277814d048e
https://awstip.com/a-step-by-step-guide-on-deploying-rest-api-using-api-gateway-lambda-cognito-terraform-f277814d048e
Medium
A Step-by-Step Guide On Deploying REST API using API Gateway, Lambda, Cognito — Terraform
Introduction
👍5
Retry a command with exponential backoff and jitter (+ Starlark expressions)
https://github.com/dbohdan/recur
https://github.com/dbohdan/recur
GitHub
GitHub - dbohdan/recur: Retry a command with exponential backoff and jitter (+ Starlark expressions)
Retry a command with exponential backoff and jitter (+ Starlark expressions) - dbohdan/recur
👍3❤1
Kuzco reviews your Terraform and OpenTofu resources, compares them to the provider schema to detect unused parameters, and uses AI to suggest improvements and fixes
https://github.com/RoseSecurity/Kuzco
https://github.com/RoseSecurity/Kuzco
GitHub
GitHub - RoseSecurity/Kuzco: Kuzco reviews your Terraform and OpenTofu resources, compares them to the provider schema to detect…
Kuzco reviews your Terraform and OpenTofu resources, compares them to the provider schema to detect unused parameters, and uses AI to suggest improvements and fixes - RoseSecurity/Kuzco
🔥4👍2
Forwarded from Best Channels for Tech guys
🚀 Golang Notes 🐹
Looking for a place to level up your Go skills? Join Golang Notes and stay ahead in the world of Golang!
✨ What you'll find:
🔹 Best practices and coding tips
🔹 Latest updates from the Go ecosystem
🔹 Useful tools, snippets, and guides
🔹 Community discussions and expert insights
👨💻 Whether you're a beginner or an experienced developer, this channel has something for you!
🔗 Join now
Looking for a place to level up your Go skills? Join Golang Notes and stay ahead in the world of Golang!
✨ What you'll find:
🔹 Best practices and coding tips
🔹 Latest updates from the Go ecosystem
🔹 Useful tools, snippets, and guides
🔹 Community discussions and expert insights
👨💻 Whether you're a beginner or an experienced developer, this channel has something for you!
🔗 Join now
❤2
The article "Autoscaling with Keda and Prometheus Using Custom Metrics in Go" on *Medium* provides a detailed guide on how to implement autoscaling in Kubernetes using Keda and Prometheus. It demonstrates creating custom Prometheus metrics in a Go application, deploying it on Kubernetes, and configuring Prometheus to scrape these metrics. The article then shows how to integrate Keda with Prometheus to scale pods based on custom metrics, such as the number of HTTP requests or product orders, ensuring dynamic resource allocation during varying traffic conditions.
https://medium.com/vakifbank-teknoloji/autoscaling-with-keda-and-prometheus-using-custom-metrics-in-go-558a64668fc4
https://medium.com/vakifbank-teknoloji/autoscaling-with-keda-and-prometheus-using-custom-metrics-in-go-558a64668fc4
Medium
Autoscaling with Keda and Prometheus Using Custom Metrics in Go
Goals
👍3
The blogpost highlights potential security risks associated with automating Terraform lifecycle management. It discusses how malicious actors can exploit vulnerabilities in Terraform automation platforms, such as Hashicorp Cloud and Atlantis, by creating custom providers or using data sources to execute malicious code during the
https://snyk.io/blog/gitflops-dangers-of-terraform-automation-platforms/
terraform plan phase. This can lead to unauthorized access to sensitive cloud credentials, compromising entire cloud environments. The article emphasizes the need for secure defaults and validation mechanisms in these platforms to mitigate such riskshttps://snyk.io/blog/gitflops-dangers-of-terraform-automation-platforms/
Snyk Labs
GitFlops: The Dangers of Terraform Automation Platforms | Snyk Labs
Terraform automation platforms streamline infrastructure management but also introduce security vulnerabilities when speculative plans are executed. Read how attackers can exploit Terraform lifecycle automation to gain unauthorized cloud access, compromising…
👍2
In his article "TTR: the out-of-control metric," Lorin Hochstein critiques the application of the Time-to-Resolve (TTR) metric in incident management. He argues that since incidents represent periods when systems are out of control, applying statistical analyses to TTR is ineffective and does not lead to meaningful improvements.
https://surfingcomplexity.blog/2024/11/23/ttr-the-out-of-control-metric/
https://surfingcomplexity.blog/2024/11/23/ttr-the-out-of-control-metric/
Surfing Complexity
TTR: the out-of-control metric
I’m currently reading The Machine That Changed The World. This is a book written back in 1990 comparing Toyota’s approach to automobile manufacturing to the approach used by American ca…
👍2
Richard Artoul explores the distinctions between "shared nothing" and "shared storage" architectures, particularly within data streaming contexts. He highlights how shared storage systems, by decoupling data from metadata, offer enhanced flexibility and scalability compared to traditional shared-nothing models. citeturn0search0
https://www.warpstream.com/blog/the-case-for-shared-storage
https://www.warpstream.com/blog/the-case-for-shared-storage
Warpstream
The Case for Shared Storage
In this post, I’ll start off with a brief overview of “shared nothing” vs. “shared storage” architectures in general. This discussion will be a bit abstract and high-level, but the goal is to share with you some of the guiding philosophy that ultimately led…
👍3
The mighty, self-hostable Git server for the command line🍦
https://github.com/charmbracelet/soft-serve
https://github.com/charmbracelet/soft-serve
GitHub
GitHub - charmbracelet/soft-serve: The mighty, self-hostable Git server for the command line🍦
The mighty, self-hostable Git server for the command line🍦 - charmbracelet/soft-serve
🔥3💯2❤1