#everyonecancontribute Kaeffchen | #12 - 2020-08-05

Agenda

16:00 CEST / 7am PT

Community

• Servus @KevinHonka @peter.rossbach :-)
• KubeCon EU Aug 17-20
  • KubeCon Kaeffchen on Wednesday Aug 19?
• How to become a GitLab hero?
  • https://about.gitlab.com/community/heroes/

everyonecancontribute.com Updates

• Google Analytics
  • Blog post for GitLab Pages with Google Analytics
• Documentation for blog images
• Add idea pitch issue template and topic::idea label
  • VSCode and GitLab Workflow
  • CI Security
  • GitLab Defend Demo from Commit
• Fixes
  • YouTube Playlist menu link

News

Interesting articles, best practices, etc. for everyone to read and learn async:

• An inside look at the Rust programming language
• Understand Kubernetes terminology from namespaces to pods
• Boosting your kubectl productivity
• Not putting logs into Elasticsearch but from it by Philipp Krenn
• Monitoring demystified: A guide for logging, tracing, metrics
• How to use Prometheus for anomaly detection in GitLab
• GitLab Workflow for VS Code now with more Official
• The road to Gitaly v1.0 (aka, why GitLab doesn't require NFS for storing Git data anymore)
• DM on GitLab Slack: I need your DNS skills!
• 10 most common mistakes using kubernetes
• Deploying GitLab to Anthos GKE on-prem to configure and run a CI/CD pipeline

Bookmarks

• Move the Three Pillars of Observability (+Alerting) to Core
• Learning Git Twitter thread by Emma Bostian
  • Git/GitLab training created by Michael Friedrich
  • A Hacker's Guide to Git
  • Getting Git
  • Git for ages 4 and up
  • Learn Git Branching

Topics

The main theme for this week is: Debugging the log processing ;)

CI/CD

DevSecOps

Debug Stories

• @solidnerd: Debugging the apache log to Vector to loki to Grafana in k8s

  • Follow-up from #22 (closed)
  • Docs PR for Vector: https://github.com/timberio/vector/pull/3335/files
  • Permission problem for Vector daemon which cannot access the log files
    • usermod -aG vector -> syslog
  • Idea: Tracing for Loki enablen

• Lua in Vector

  • eBPF -> Cilium: https://cilium.io/

• Web Assembly - https://github.com/WebAssembly/WASI https://artem.krylysov.com/blog/2020/07/28/lets-build-a-full-text-search-engine/

• MFA / 2FA Reset - Security discussion

  • 1.5 factor auth with 1Password https://twitter.com/dnsmichi/status/1241481541227855876

• ACME

  • In Kubernetes
  • Caddy v2 mit ACME: https://caddyserver.com/v2

• @m4r10k / @rauschbit: Debug stories with CoreDNS (better after @m4r10k's vacation)

  • https://github.com/coredns/coredns/issues/1625

• @solidnerd: Getting Ideas How to Troubleshoot a Problem.

  • SRE Books
  • Building_Secure_and_Reliable_Systems - Chapter 15: Investigating Systems

• @dnsmichi: DM on GitLab Slack: I need your DNS skills!

• @rauschbit: gitlab - validate token permissions

  ...if I wanted to see what permissions a given API access token had, how would I do that, other than trying to actually write a resource?...

  • Tweet by Docker Captain Michael Irwin

• @solidnerd: gitlab to pull remote terraform modules deploy tokens

Security

• @konstantinpae: I've stumbled across an interesting "problem" last week, which is not directly C++ related but a more general DevSecOps issue.
  • Discussion: Malicious Pipelines (example). How would you mitigate an "attack" from within based on the example.

Monitoring

• @dnsmichi: Migrate data from InfluxDB to Prometheus - use cases and tools?
  • https://twitter.com/Blog_reloaded/status/1287768304162156549
• @dnsmichi: Use a CI job runner for monitoring? ;)
  • https://twitter.com/dnsmichi/status/1290662046963556354

Social

• Enablement Group Conversation on Operators&Orchestrators, Terraform, Ansible, etc.

/cc @everyonecancontribute