sig-security
Ansible
Our great sponsors
sig-security | Ansible | |
---|---|---|
21 | 390 | |
1,944 | 61,137 | |
2.1% | 1.0% | |
9.7 | 9.8 | |
1 day ago | about 10 hours ago | |
HTML | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sig-security
-
Introduction to the Kubernetes ecosystem
It is also interesting to meet the community : the TAGs (Tech Advisor Group) which provide strategic guidance and advice on technical issues, as well as the SIGs (Special Interest Group) which focuses on areas of interest or specific expertise within the Kubernetes community to drive development and innovation. The TAGs are specialized by areas, for example on security or environmental sustainability.
- Practicing Threat Modeling to Assess and Fortify Open Source Security [pdf]
-
Cloud Native Applications - Part 2: Security
Cloud Native Security Whitepaper
-
Does Kubernetes support SELinux?
As Daniel Walsh himself wrote in a blog post, CRI-O integrates very well with SELinux and prevents dangerous actions like a container loading an old, unmaintained and therefore potentially vulnerable kernel module and breaking out of the isolation. Additionally, the Kubernetes API itself contains resources to specifically configure SELinux labels for containers. Doesn't sound like something they would do for a tool that "doesn't work with Kubernetes", according to some. Also, the CNCF security whitepaper mentions SELinux as a tool that can be used to provide isolation and limit privileges, which is as much as we could expect from an high-level, architecturally-minded document.
- Cloud Native Security Whitepaper v2
- Cloud Native Security Whitepaper [pdf]
- Catalog of Supply Chain Compromises
- tag-security/supply-chain-security/compromises at main · cncf/tag-security
- supply-chain-security - Catalog of Supply Chain Compromises
Ansible
-
Grant Kubernetes Pods Access to AWS Services Using OpenID Connect
Ansible v2.16
-
Set up an Automation script with Ansible
Ansible is a tool used to help manage software automation processes, configuration management across machines, deployment as well as remote execution of commands and scripts. In sports, Ansible operates as the coach of your team by providing strategies (playbooks), and actions, and ensuring the smooth execution of tasks across your infrastructure, just like a coach guides and directs players (Servers)during a game.
-
Interesting Uses of Ansible's ternary filter
They support for-if from python, too: https://jinja.palletsprojects.com/en/3.1.x/templates/#loop-f... but I haven't tried the "recursive" keyword to know if ansible supports that. I say "ansible supports that" because they don't just drop jinja2 into ansible and call it a draw, they have a bunch of custom execution integrations: https://github.com/ansible/ansible/blob/v2.16.3/lib/ansible/...
-
The 2024 Web Hosting Report
To manage a VM, you can use something as simple as just manual actions over SSH, or can use tools like Ansible, Hashicorp's Packer and Terraform or other automations. For an app where there is minimal load and security/reliability concern, VMs are still a great option that provide a lot of value for the buck
-
A Journey to Find an Ultimate Development Environment
In this article's context, it is simply a tool that provides a declarative way to automate your machine/OS to configure the development machine as you want (install package, modify the configuration, etc). Examples of these tools are Ansible, Puppet, etc.
-
The Director of "Toy Story" Also Drew the BSD Daemon Logo
Now we're getting more tangential, but for years, Ansible releases were named for Van Halen songs (see old Changelog here: https://github.com/ansible/ansible/blob/v1.8.4/CHANGELOG.md)
-
Running stateful workloads on Kubernetes with Rook Ceph
In the lab to follow, we'll quickly provision a 3-node kubeadm cluster (1 master, 2 workers) on the cloud provider of your choice using an automation stack comprised of OpenTofu and Ansible, then deploy Rook Ceph using the official Helm charts and confirm that we are now able to successfully create CSI volume snapshots from PVCs by reusing the MinIO example from our last article.
- Looking for a way to remote in to K's of raspberry pi's...
- ansible builder collections path
-
The Bullhorn #119 (Ansible Newsletter)
Ansible-Core ↗
What are some alternatives?
cool-system - The Cloud Optimized Operational Lab (COOL) system
Cloud-Init - unofficial mirror of Ubuntu's cloud-init
mkosi - 💽 Build Bespoke OS Images
pyinfra - pyinfra automates infrastructure using Python. It’s fast and scales from one server to thousands. Great for ad-hoc command execution, service deployment, configuration management and more.
slsa - Supply-chain Levels for Software Artifacts
Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
Fabric - Simple, Pythonic remote execution and deployment.
badPods - A collection of manifests that will create pods with elevated privileges.
cloudinit - Official upstream for the cloud-init: cloud instance initialization
cyclonedx-gomod - Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
Pulumi - Pulumi - Infrastructure as Code in any programming language. Build infrastructure intuitively on any cloud using familiar languages 🚀