Hey, I'm looking for an Ingress for Kubernetes thas is built to be secure and to be used on self-hosted ("on-premise") clusters.
It must:
* Use certificates from secrets in another namespace (specified in advance) if possible without having access to all secrets in all namespaces
=> Those are wildcard Let's Encrypt certificates managed by cert-manager (until I find another application that doesn't read secrets of whole namespace), I want to deploy multiple applications and to re-use wildcard certificates.
=> I don't want to copy the certificates in multiple namespaces.
=> bye ingress-nginx, traefik or anything relying on the Ingress resource, not supporting that feature on purpose for "security" reasons that are never explained (tell me what I'm missing in RBAC).
* Offer a way to upgrade without any downtime on any connection (although I'll never notice that in my current setup), while using hostPort for ports 80 and 443 (just like I can do with nginx on host)
=> I don't want to use firewall rules on the host to redirect on a NodePort, unless you prove me there is no other way and it is a good practice (I don't want to loose source IP so it would be SNAT?).
=> Since I bind on host ports 80/443, I can't use rolling update, so it needs to update inside the container itself without restart.
=> Maybe it's possible to use SO_REUSEADDR to be able to run multiple pods on the same port?
* Be easy to use with a PodSecurityPolicy.
=> not with a lot of deployments with different service accounts
I'm starting to brainstorm that project since there is no solution to my madness :)
You want digital sovereignty? Than you have to chose Free Software! Otherwise you will never be in control and for example other might decide if it is worth supporting your mother language. #DigitalSovereignty #FreeSoftware
In my experience, existing contributors who are comfortable in their workflow is a known value, and thereotical new contributors who might be more comfortable in a different workflow is an unknown value. I would sooner cater to the former group, who have already demonstrated a history of consistent contributions under an existing workflow.
This is why sway and wlroots are still on GitHub, despite the fact that, you know, I am the CEO of a competing service. I am in a position to force these projects to move to sr.ht, but it would be disruptive, risk alienating established contributors, and likely be a net negative for the project.
Je suis à la recherche d'un (ou plusieurs) article/dossier qui explique à un public non expérimenté la collecte des données personnelles, les échanges de ces données entre services et le système publicitaire des enchères, ainsi que le point de vue légal avec le RGPD. Un livre pourrait être pas mal mais ça semble plus difficile à partager et aborder dans ce cas-là.
J'ai les connaissances mais j'ai du mal à conseiller un document où tout est rédigé/expliqué correctement.
Bonsoir le fediverse! #Jechercheunjob, enfin #jechercheunstage !
Je suis en formation de technicien supérieur système et réseau (bac +2) et je cherche pour cet été un stage (7 semaines) dans la région d'Avignon (84, voire 30 ou 13). T'aurais ça en stock ?
Je fais du Windows et du Linux, de la virtualisation/conteneurisation, de la gestion de réseau et administration de serveurs, de la supervision, du script et de l'assistance utilisateurs.
Si ça intéresse quelqu'un contactez-moi en MP pour un CV en bonne et due forme !
Repouets très bienvenus =)
My mastodon database got corrupted and I lost some rows in the "statuses" table (the biggest, which contains all messages).
Repairing the database itself was difficult and required help from #postgresql IRC channel on Freenode (thanks to RhodiumToad).
Then I had to dump it and restore it with missing data, which violated some foreign key constraints. I wanted to add the missing constraints (so I don't get issues during database migrations).
I removed associated data with queries such as:
delete from mentions r where r.status_id is not null and not exists (select x.id from statuses x where x.id = r.status_id);
I probably didn't loose my own messages since this is a very small fraction of the whole table.
Now I understand why it is important to make backups (and I'm thinking about leaving Scaleway, because it was probably a disk failure rather than a PostgreSQL bug).
Time to upgrade Mastodon...
Salut à tous.
J'ai sorti un petit jeu web accessible ici : https://bobby.yannicka.fr/
C'est un jeu de réflexion-puzzle : vous devez réussir à récupérer les pièces dans chaque niveau pour atteindre la sortie.
C'est vraiment un petit jeu sans prétention, aux graphismes simples et qui n'est pas forcément mené à évoluer.
Bon jeu.
RT @msoudais@twitter.com
Des journalistes pigistes participent aussi à cette manifestation avec le soutien de tous leurs syndicats. La réforme de l’assurance chômage va accroître leur précarité #7decembre
On l’attendait celui-là 😊
Et on avait un peu trop vu la boule de cristal. « C’est pas de la pub, c’est du marketing ».
French #web developer & #sysadmin
⭐️ #programming #infosec Arch Linux
i3-gaps
neovim