CVE-2019-14287
On tuesday a notice for CVE-2019-14287 affecting Sudo versions prior to 1.8.28.
More …On tuesday a notice for CVE-2019-14287 affecting Sudo versions prior to 1.8.28.
More …We’ve recently upgraded our Vault setups to version 1.2.3, which is the latest Vault version available at the moment. Compared to version 1.0.1, there are a bunch of bug fixes and multiple improvements under the hood. You can check the full changelog here.
More …Yesterday a notice for CVE-2019-11253 with a severity of High went out, impacting all versions of Kubernetes.
More …Terraform is an automation tool that allows you to define infrastructure as code, and we use it to manage most of our customer’s infrastructure. In order to get to that point, we’ve developed a lot of Terraform code during the last few years, along with some Terraform modules, that can be easily reused for multiple projects and use cases.
More …During today, we’ll roll out Concourse version 5.5.3 to all our setups.
More …We manage multiple Kubernetes clusters and regularly set up new ones from scratch. There are also a bunch of extra components deployed on each cluster, that we also need to maintain and keep up to date.
More …During the coming days, we’ll roll out Concourse version 5.5.1 to all our setups.
More …We have updated our EKS control planes and nodes to the latest version: 1.14. In the process of upgrading EKS we updated:
More …We have updated Calico on our AWS EKS-based reference solution to the latest version: 3.8.2.
More …In the new Concourse 5.0.0 version, a new resource was released to track and upload Docker images to a registry, the registry-image-resource
. This new resource is intended to replace the current docker-image-resource
, as it’s more lightweight and simpler. Concourse announced that they intend to deprecate the current docker-image-resource
in the future.
Previously we were still on the default provisioned capacity for our tables. This however led to over provisioned tables and/or autoscaling to be in place. As of now we defaulted to the PPR cost type for internal Dynamodb tables and for the Dynamodb backend for our Vault setup. For application specific tables this is evaluated on a case-per-case basis.
More …We are in the process of upgrading our kops-managed Kubernetes clusters from v1.11.9
to v1.11.10
. This is a bug fix release.
During the comming days, we’ll roll out Concourse version 5.4.1 to all our setups.
More …We have updated our AWS EKS-based reference solution to be compatible with Kubernetes 1.13. More specifically, EKS uses K8s v1.13.10.
More …We extended the functionallity for the ECS deployments with concourse. After the service gets deployed Concourse would just exit because Terraform doesn’t take the deployment itself into account. This resulted in having false deploys sometimes without any clear reason what happened.
More …We’ve added the prometheus-blackbox-exporter as a K8s cluster addon which can be enabled upon request. The blackbox exporter can be used for probing HTTP(S), DNS, TCP and ICMP endpoints, for example to check whether an external resource is up/down.
More …We have updated our stacks to support Redshift monitoring via the Prometheus Operator running on our K8s clusters. If you have Redshift running, you will now be able to see alerts in Alertmanager and on slack when there is something wrong with the cluster.
We have updated our stacks to support Neo4j monitoring (Neo4j >= 3.4) via the Prometheus Operator running on our K8s clusters. If you have Neo4j running, you will see metrics appearing in the new Neo4j
Grafana dashboard.
Since our SSO overhaul you might’ve been noticing sudden HTTP 500 errors while using the Alertmanager, Kubernetes of Prometheus dashboards when your token’s TTL expires.
More …Two weeks ago a patch for Kubernetes vulnerability CVE-2019-11247 was released for K8s 1.13, 1.14 and 1.15. Unfortunately as of writing clusters using older K8s versions (like our kops-based 1.11 clusters) are still vulnerable.
More …