|7 days ago||3 days ago|
|Mozilla Public License 2.0||Mozilla Public License 2.0|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Designing large scale apps using micro services
2 projects | reddit.com/r/node | 16 Nov 2021
Check out Consul from HashiCorp. https://www.consul.io/
Nginx – The Architecture of Open Source Applications
5 projects | news.ycombinator.com | 2 Nov 2021
> As a relatively young dev, the idea of a "web server" as a standalone binary that serves your application (vs a library that you use to write your own "server") feels strange.
In my eyes, the ideal setup is one that's layered: where you have an ingress that's basically a load balancer that also ensures that you have SSL/TLS certificates, enforces rate limits, perhaps is used for some very basic logging, or can optionally do any URL rewriting that you need. Personally, i think that Caddy (https://caddyserver.com/) is lovely for this, whereas some people prefer something like Traefik (https://traefik.io/), though the older software packages like Nginx (https://nginx.org/en/) or even Apache (https://www.apache.org/) are good too, as long as the pattern itself is in place.
Then, you may additionally have any sorts of middleware that you need, such as a service mesh for service discovery, or providing internal SSL/TLS - personally Docker Swarm (https://docs.docker.com/engine/swarm/) overlay networks have always been enough for me in this regard, though some people enjoy other solutions, such as Hashicorp Consul (https://www.consul.io/), or maybe something intended for Kubernetes or other platforms that you already may be using, like Linkerd (https://linkerd.io/).
Finally, you have your actual application with its server. Personally, i think that the web server should be embedded (for example, embedded Tomcat with Spring Boot) or indeed just be a library that's a part of the application executable, as long as you can update it easily enough by rebuilding the application - containers are good for this, but aren't strictly necessary, since sometimes other forms of automation and packaging are also enough.
The reason why i believe this, is because i've seen plenty of deployments where that just isn't the case:
- attempts to store certificates within the application, each application server having different requirements for the formats to be used, making management (and automation) of renewal a total nightmare
An Update on Our Outage
3 projects | news.ycombinator.com | 31 Oct 2021
Programming Microservices Communication With Istio
7 projects | dev.to | 28 Oct 2021
Service discovery — Traditionally provided by platforms like Netflix Eureka or Consul.
1 project | reddit.com/r/PrometheusMonitoring | 11 Sep 2021
For discovery outside of Kubernetes, you can use whatever your configuration management database is to generate the discovery configs. But you might want to look at Consul. The down side to using discovery scripts is the monolithic update lag. I used to have a medium sized setup with Chef and Nagios. It took something like 5 minutes just to run one config cycle. As we transitioned to Prometheus we cut the cycle down to a couple minutes, because we had smaller targeted configs.
HashiCorp Consul: What's the catch?
5 projects | reddit.com/r/devops | 4 Sep 2021
So, my tech lead has once more had the sweet whispers of HashiCorp blaring in his ear, and to my irritation has decreed that we will be prioritizing bringing Consul into our environment despite pretty much everything else we have being in various states of rotting popsicle sticks and scotch tape.
An Introduction to Microservices pt. 3
1 project | dev.to | 24 Aug 2021
Harbormaster: The anti-Kubernetes for your personal server
20 projects | news.ycombinator.com | 19 Aug 2021
> There is gap in the market between VM oriented simple deployments and kubernetes based setup.
In my experience, there are actually two platforms that do this pretty well.
First, there's Docker Swarm ( https://docs.docker.com/engine/swarm/ ) - it comes preinstalled with Docker, can handle either single machine deployments or clusters, even multi-master deployments. Furthermore, it just adds a few values to Docker Compose YAML format ( https://docs.docker.com/compose/compose-file/compose-file-v3... ) , so it's incredibly easy to launch containers with it. And there are lovely web interfaces, such as Portainer ( https://www.portainer.io/ ) or Swarmpit ( https://swarmpit.io/ ) for simpler management.
Secondly, there's also Hashicorp Nomad ( https://www.nomadproject.io/ ) - it's a single executable package, which allows similar setups to Docker Swarm, integrates nicely with service meshes like Consul ( https://www.consul.io/ ), and also allows non-containerized deployments to be managed, such as Java applications and others ( https://www.nomadproject.io/docs/drivers ). The only serious downsides is having to use the HCL DSL ( https://github.com/hashicorp/hcl ) and their web UI being read only in the last versions that i checked.
There are also some other tools, like CapRover ( https://caprover.com/ ) available, but many of those use Docker Swarm under the hood and i personally haven't used them. Of course, if you still want Kubernetes but implemented in a slightly simpler way, then there's also the Rancher K3s project ( https://k3s.io/ ) which packages the core of Kubernetes into a smaller executable and uses SQLite by default for storage, if i recall correctly. I've used it briefly and the resource usage was indeed far more reasonable than that of full Kubernetes clusters (like RKE).
What Is a Service Mesh, and Why Is It Essential for Your Kubernetes Deployments?
2 projects | dev.to | 17 Aug 2021
With multiple services running, it’s hard to discover where they’re located. The dependencies between multiple services are not always easily found, and new services may be deployed with a new dependency on an older service. Those services can be deployed anywhere in the infrastructure, so what you need is a Service Discovery service. There are plenty available, such as Netflix Eureka or HashiCorp Consul.
Request routing for horizontally scaled services
6 projects | dev.to | 8 Aug 2021
The myriad of request processing middlewares does not end here - there is also the very trendy topic of service meshes that we could cover, but I choose to leave that as an exercise to interested readers, as it is a rapidly evolving and complex space (see: Istio, linkerd, Consul, Tanzu, etc).
Mayday, mayday! I need a scalable infrastructure to migrate on Scaleway Elements! Part 1 - Networking & Security
4 projects | dev.to | 12 Nov 2021
For easier visibility and auditing, central store API keys in a solution like Vault and in a dedicated project.
A security disaster waiting to happen
1 project | reddit.com/r/facepalm | 3 Nov 2021
Secrets management is how this is done. Products such as Hashicorp Vault allow an application to encrypt and decrypt data without having to store the decryption key within the app itself. Keys can be injected into the app at runtime so that having access to the source code or database does not give access to the keys.
An Update on Our Outage
3 projects | news.ycombinator.com | 31 Oct 2021
Building a "complete" cluster locally
24 projects | reddit.com/r/kubernetes | 31 Oct 2021
hashicorp vault for secret management
A small script to wake up a node that doesn't like to boot
2 projects | reddit.com/r/homelab | 14 Oct 2021
This is not secure. It requires the username/password to be stored in plaintext in the script. If you have the proper backend, you could use keyring, or if you're adventurous you could set up Vault. I may do the latter at some point. Realistically, if you're running this on your home LAN, it's highly unlikely that someone is going to infiltrate it, sniff traffic, acquire your IPMI credentials, and then use them, but you define your own risk tolerance. You could create another IPMI user with limited powers as a mitigation.
Hiding credentials in the curl command in splunk backend
1 project | reddit.com/r/Splunk | 6 Oct 2021
Here's one example: https://www.vaultproject.io/
Vault – Secrets management, encryption as a service and access management
1 project | news.ycombinator.com | 2 Oct 2021
ZFS on desktop - ZFS Noob drowned in information
1 project | reddit.com/r/zfs | 29 Sep 2021
Then do that, jamfour's comment covers the options very well. I personally have a Vault cluster in my home rack and my desktop reaches out to that at boot time for its zfs unlock key (I am currently working on rewriting it for the pubilc eye, a bit more modular too so other methods to try can be added/removed/etc, but not public yet sorry). Any solution you want is typically going to be attainable with a little scripting effort.
Anti-mask FL GOP bookkeeper dies of COVID — leaving party without access to finance software
1 project | reddit.com/r/politics | 20 Sep 2021
Scheduled backup of Vault secrets with Jenkins on Kubernetes
3 projects | dev.to | 14 Sep 2021
Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret while providing tight access control and recording a detailed audit log. https://www.vaultproject.io/
What are some alternatives?
etcd - Distributed reliable key-value store for the most critical data of a distributed system
traefik - The Cloud Native Application Proxy
sops - Simple and flexible tool for managing secrets
kubernetes - Production-Grade Container Scheduling and Management
Caddy - Fast, multi-platform web server with automatic HTTPS
minio - High Performance, Kubernetes Native Object Storage
Apache ZooKeeper - Apache ZooKeeper
Dokku - A docker-powered PaaS that helps you build and manage the lifecycle of applications
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]
Nomad - Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.