Prefetch Technologies // Keeping your cache lines cozy

Archive

Posts from 2022

Using terrascan to detect compliance and security violations

May 8, 2022 2 min read

Over the past several years I've read numerous horror stories about cloud deployments gone wrong. S3 buckets with PCI data left open to the raw Internet, EC2 instance profiles that weren't scoped properly, misconfigured NSGs, etc. It takes a LOT of time to truly understand all the ins and outs of running workloads in the cloud, and making sure you get it "right". This is one reason I'm always on the lookout for tools that can add additional guard rails to the infrastructure provisioning process…

$ read more →
earlier

Understanding cloud spend in your Terraform workflows

May 1, 2022 3 min

Having worked in the "cloud" for several years, one thing that I'm super conscious about is our cloud bill. There are tons of subtleties associated with billing, such as AZ-to-AZ traffic costs or how VPC endpoints can reduce egress charges. If you utilize Terraform for infrastructure provisioning, you may want to look at infracost. Infracost can help you understand cloud spend for a green field deployment, or what it will cost to expand your existing infrastructure…

$ read more →

Using tfswitch to manage Terraform versions

Apr 13, 2022 2 min

The growth of the Terraform community is absolutely astounding. New providers are constantly popping up, providers are being upgraded at a feverish pace, and amazing new features are constantly being added. With all of this change, deprecations and breaking changes periodically surface. One way to protect yourself from breaking changes is to pin providers and modules to specific versions…

$ read more →

Using the Kubernetes can-i subcommand to debug authentication issues

Apr 8, 2022 1 min

When I was first getting started with Kubernetes, RBAC was one of the topics that took me the longest to grok. Not because the resources (Roles, ClusterRoles, etc) are hard to interpret, but learning how to scope your Roles to minimize access takes some practice. That and a lot of reading to understand the various API groups and what they contain. In a previous post I mentioned access-matrix, which is an incredible tool for visualizing the RBAC permissions an entity (User, SA, Group, etc.) has…

$ read more →

Ways to debug Kubernetes pods without shells

kubernetesApr 8, 2022 2 min

Debugging production issues can sometimes be a challenge in Kubernetes environments. One specific challenge is debugging containers that don't contain a shell. You may have seen the following when troubleshooting an issue: Not including a shell in your base image is a best practice, and projects like distroless make it super easy to package your applications with a small shell-less footprint. But when apps go rogue, what options do we have to debug them if the container doesn't include a shell…

$ read more →