Lightning talk on autoscaling Kubernetes deployments with custom metrics. Links: Slides PHP-FPM Prometheus Exporter End-to-end tutorial for github.com/directxman12/k8s-prometheus-adapter End-to-end tutorial for github.com/stefanprodan/k8s-prom-hpa PreviousNext custom metric adapter for php-fpm
First up - here’s the template. Continue reading below for an explanation of each component. Unofficial Strict Mode set -euo pipefail IFS=$'\n\t' There’s a few things going on here - set -e will exit the script if any command returns a non-zero status. set -u will stop a script if using an undefined variable. set -o pipefail will terminate the script at the first failed command in a pipeline....
S3 has a feature which allows you to generate signed URLs which are valid only for a predefined period of time. This makes it much safer to distribute URLs via email/slack etc.. Process Find the object in the S3 console and note the bucket name and object path. Ensure your AWS credentials are loaded into your environment. Use the AWS CLI to create a pre-signed URL: # TTL is the number of seconds until the URL expires....
AWS KMS is a managed service for cryptographic functions in AWS. This service allows you to offload the tough job of key lifecycle management to Amazon. These snippets will allow you to perform basic cryptographic functions - encypt, decrypt, and rewrap. It is assumed you already have a KMS key provisioned, and you have a IAM user with permissions to perform the relevant operations. Encrypt the Contents of a File This command encrypts the contents of contents....
tl;dr version: "${element(data.github_team.pull.*.id, count.index)}" While writing a little terraform module to manage github repositories, team permissions and branch protection rules, I ran into an issue where github_team_repository resources need the team ID, but github_branch_protection resources need the team slug. This was annoying as I wanted the module to have a single variable which served both purposes. I ended up having a variable var.teams_pull which accepted a list of team slugs....
Slides Resources Check out my post from the original talk for the resources shown in this presentation. Photo credit: @technerdteitzel.
Securely managing application secrets can be challenging - especially in complex, multi-datacenter environments. Many common secret management tools and services only solve specific use cases, and are often coupled to specific cloud providers. HashiCorp Vault is an open-source secret management tool designed to support distributed applications and infrastructure as first-class citizens. It provides powerful features such as: Centralised secret storage Dynamic secrets Encryption as a Service Identity brokering Access control management Audit logging This session will introduce some important Vault concepts and operational considerations, before diving into a technical demonstration of the current Drupal integration capabilities....
Every Drupal application has its secrets - and I don’t mean that dodgy code you wrote during an all-nighter. Database credentials, API keys, personally identifiable information - a secret is any data which could cause harm to your organisation if exposed. This session will introduce the concepts of secrets and secret management, before moving onto practical examples of securely storing secrets in Drupal. Video Unfortunately the recording doesn’t include the slides, see below if you would like to reference them....
I was lucky enough to have my topic Can You Keep a Secret? selected for DrupalSouth Auckland in November. In this presentation I will run through the basics of secret management, before diving into recipes for leveraging tools like HashiCorp Vault and AWS KMS in your Drupal projects. It is shaping up to be a great conference - there are a lot of really interesting talks scheduled, including 9 from my PreviousNext colleagues!...
Background A few weeks ago I decided to replace my ageing and bloated Drupal 7 blog. I decided on the following criteria that the solution had to meet: The project git repo must be private. Hosting infrastructure had to be under my control and completely codified. The solution should require very little supporting infrastructure such as databases. Deployment of changes to the site or infrastructure must be automated. These requirements immediately ruled out a few options including GitHub Pages and SaaS blogging platforms like wordpress....