home.social

#argocd — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #argocd, aggregated by home.social.

  1. @angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.

    My OP was just me bitching about it.

    My cool task today is setting up a #capev2 server for #vuln and #mal testing.

  2. @angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.

    My OP was just me bitching about it.

    My cool task today is setting up a #capev2 server for #vuln and #mal testing.

  3. @angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.

    My OP was just me bitching about it.

    My cool task today is setting up a #capev2 server for #vuln and #mal testing.

  4. @angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.

    My OP was just me bitching about it.

    My cool task today is setting up a #capev2 server for #vuln and #mal testing.

  5. @angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.

    My OP was just me bitching about it.

    My cool task today is setting up a #capev2 server for #vuln and #mal testing.

  6. Finishing up the migration to Envoy Gateway, the last thing I need to deal with is ArgoCD rollouts pointing to the old ingress. There's a plug-in I can add to support Gateway API so that's easily sorted. It's just the migration path is quite... convoluted. Thinking of ripping out canary releases entirely and adding it back as a separate migration. #kubernetes #envoy #argocd

  7. 🚨 CRITICAL: CVE-2026-42880 in Argo CD (v3.2.0 – 3.2.10, 3.3.0 – 3.3.8) allows attackers with read-only access to extract plaintext Kubernetes Secrets via the ServerSideDiff endpoint. Patch to 3.2.11/3.3.9+ now! radar.offseq.com/threat/cve-20 #OffSeq #ArgoCD #Kubernetes #CVE202642880

  8. 🚨 CRITICAL: CVE-2026-42880 in Argo CD (v3.2.0 – 3.2.10, 3.3.0 – 3.3.8) allows attackers with read-only access to extract plaintext Kubernetes Secrets via the ServerSideDiff endpoint. Patch to 3.2.11/3.3.9+ now! radar.offseq.com/threat/cve-20 #OffSeq #ArgoCD #Kubernetes #CVE202642880

  9. 🚨 CRITICAL: CVE-2026-42880 in Argo CD (v3.2.0 – 3.2.10, 3.3.0 – 3.3.8) allows attackers with read-only access to extract plaintext Kubernetes Secrets via the ServerSideDiff endpoint. Patch to 3.2.11/3.3.9+ now! radar.offseq.com/threat/cve-20 #OffSeq #ArgoCD #Kubernetes #CVE202642880

  10. 🚨 CRITICAL: CVE-2026-42880 in Argo CD (v3.2.0 – 3.2.10, 3.3.0 – 3.3.8) allows attackers with read-only access to extract plaintext Kubernetes Secrets via the ServerSideDiff endpoint. Patch to 3.2.11/3.3.9+ now! radar.offseq.com/threat/cve-20 #OffSeq #ArgoCD #Kubernetes #CVE202642880

  11. OK that took the whole morning, mostly getting the ingress controller to correctly serve (I didn't realise that in addition to setting the host names and cert secret, I also needed to ensure that each named server has an explicit rules block otherwise nginx uses the catch-all rules and doesn't apply TLS).

    So now, when I push my app to main, builds and pushes to and pulls and deploys the app in my prod cluster.

  12. OK that took the whole morning, mostly getting the ingress controller to correctly serve #tls (I didn't realise that in addition to setting the host names and cert secret, I also needed to ensure that each named server has an explicit rules block otherwise nginx uses the catch-all rules and doesn't apply TLS).

    So now, when I push my #gnustepweb app to main, #woodpeckerCI builds and pushes to #quayio and #argoCD pulls and deploys the app in my prod cluster.

  13. OK that took the whole morning, mostly getting the ingress controller to correctly serve #tls (I didn't realise that in addition to setting the host names and cert secret, I also needed to ensure that each named server has an explicit rules block otherwise nginx uses the catch-all rules and doesn't apply TLS).

    So now, when I push my #gnustepweb app to main, #woodpeckerCI builds and pushes to #quayio and #argoCD pulls and deploys the app in my prod cluster.

  14. OK that took the whole morning, mostly getting the ingress controller to correctly serve #tls (I didn't realise that in addition to setting the host names and cert secret, I also needed to ensure that each named server has an explicit rules block otherwise nginx uses the catch-all rules and doesn't apply TLS).

    So now, when I push my #gnustepweb app to main, #woodpeckerCI builds and pushes to #quayio and #argoCD pulls and deploys the app in my prod cluster.

  15. OK that took the whole morning, mostly getting the ingress controller to correctly serve #tls (I didn't realise that in addition to setting the host names and cert secret, I also needed to ensure that each named server has an explicit rules block otherwise nginx uses the catch-all rules and doesn't apply TLS).

    So now, when I push my #gnustepweb app to main, #woodpeckerCI builds and pushes to #quayio and #argoCD pulls and deploys the app in my prod cluster.

  16. Как мы поймали drift в Kubernetes и зачем после этого перешли на GitOps

    История инцидента в продакшене: после планового релиза новая версия сервиса не поднялась, а откат на предыдущую версию тоже не помог. Причина оказалась не в коде, а в расхождении между тем, что было описано в Git, и тем, что реально жило в Kubernetes. Ручная правка ConfigMap несколько месяцев существовала только в кластере, пока очередной релиз не пересоздал поды и не вытащил проблему наружу. Разбираю, как мы нашли причину, почему Git не был настоящим источником правды и зачем после этого перешли на GitOps с Argo CD.

    habr.com/ru/articles/1031108/

    #gitops #kubernetes #argocd #gitlabci #cicd #devops #drift #helm #secrets #platform_engineering

  17. Как мы поймали drift в Kubernetes и зачем после этого перешли на GitOps

    История инцидента в продакшене: после планового релиза новая версия сервиса не поднялась, а откат на предыдущую версию тоже не помог. Причина оказалась не в коде, а в расхождении между тем, что было описано в Git, и тем, что реально жило в Kubernetes. Ручная правка ConfigMap несколько месяцев существовала только в кластере, пока очередной релиз не пересоздал поды и не вытащил проблему наружу. Разбираю, как мы нашли причину, почему Git не был настоящим источником правды и зачем после этого перешли на GitOps с Argo CD.

    habr.com/ru/articles/1031108/

    #gitops #kubernetes #argocd #gitlabci #cicd #devops #drift #helm #secrets #platform_engineering

  18. Как мы поймали drift в Kubernetes и зачем после этого перешли на GitOps

    История инцидента в продакшене: после планового релиза новая версия сервиса не поднялась, а откат на предыдущую версию тоже не помог. Причина оказалась не в коде, а в расхождении между тем, что было описано в Git, и тем, что реально жило в Kubernetes. Ручная правка ConfigMap несколько месяцев существовала только в кластере, пока очередной релиз не пересоздал поды и не вытащил проблему наружу. Разбираю, как мы нашли причину, почему Git не был настоящим источником правды и зачем после этого перешли на GitOps с Argo CD.

    habr.com/ru/articles/1031108/

    #gitops #kubernetes #argocd #gitlabci #cicd #devops #drift #helm #secrets #platform_engineering

  19. Как мы поймали drift в Kubernetes и зачем после этого перешли на GitOps

    История инцидента в продакшене: после планового релиза новая версия сервиса не поднялась, а откат на предыдущую версию тоже не помог. Причина оказалась не в коде, а в расхождении между тем, что было описано в Git, и тем, что реально жило в Kubernetes. Ручная правка ConfigMap несколько месяцев существовала только в кластере, пока очередной релиз не пересоздал поды и не вытащил проблему наружу. Разбираю, как мы нашли причину, почему Git не был настоящим источником правды и зачем после этого перешли на GitOps с Argo CD.

    habr.com/ru/articles/1031108/

    #gitops #kubernetes #argocd #gitlabci #cicd #devops #drift #helm #secrets #platform_engineering

  20. ⚠️ HIGH-severity vuln (CVE-2026-43824) in Argo CD 3.2.0 – 3.2.10 & 3.3.0 – 3.3.8: ServerSideDiff leaks cleartext Kubernetes Secrets. Restrict feature use & monitor for patches. Details: radar.offseq.com/threat/cve-20 #OffSeq #ArgoCD #Kubernetes #Vuln

  21. ⚠️ HIGH-severity vuln (CVE-2026-43824) in Argo CD 3.2.0 – 3.2.10 & 3.3.0 – 3.3.8: ServerSideDiff leaks cleartext Kubernetes Secrets. Restrict feature use & monitor for patches. Details: radar.offseq.com/threat/cve-20 #OffSeq #ArgoCD #Kubernetes #Vuln

  22. ⚠️ HIGH-severity vuln (CVE-2026-43824) in Argo CD 3.2.0 – 3.2.10 & 3.3.0 – 3.3.8: ServerSideDiff leaks cleartext Kubernetes Secrets. Restrict feature use & monitor for patches. Details: radar.offseq.com/threat/cve-20 #OffSeq #ArgoCD #Kubernetes #Vuln

  23. ⚠️ HIGH-severity vuln (CVE-2026-43824) in Argo CD 3.2.0 – 3.2.10 & 3.3.0 – 3.3.8: ServerSideDiff leaks cleartext Kubernetes Secrets. Restrict feature use & monitor for patches. Details: radar.offseq.com/threat/cve-20 #OffSeq #ArgoCD #Kubernetes #Vuln

  24. So apparently ArgoCD refreshing all of my apps at once (about 50) from my git repo hosted at codeberg.org ... creates enough SSH connections that my IP gets temp-banned.

    Ouch

    And I only didn't notice because my other devices are all on IPv6 so they have their own IP addresses? If I force IPv4 for the SSH clone the connection gets killed/never establishes.

    Anyone has any experience with throttling ArgoCD git/ssh connections?

    #argocd #codeberg #devops #ssh

  25. So apparently ArgoCD refreshing all of my apps at once (about 50) from my git repo hosted at codeberg.org ... creates enough SSH connections that my IP gets temp-banned.

    Ouch

    And I only didn't notice because my other devices are all on IPv6 so they have their own IP addresses? If I force IPv4 for the SSH clone the connection gets killed/never establishes.

    Anyone has any experience with throttling ArgoCD git/ssh connections?

    #argocd #codeberg #devops #ssh

  26. So apparently ArgoCD refreshing all of my apps at once (about 50) from my git repo hosted at codeberg.org ... creates enough SSH connections that my IP gets temp-banned.

    Ouch

    And I only didn't notice because my other devices are all on IPv6 so they have their own IP addresses? If I force IPv4 for the SSH clone the connection gets killed/never establishes.

    Anyone has any experience with throttling ArgoCD git/ssh connections?

    #argocd #codeberg #devops #ssh

  27. nxs-universal-chart v3.0: новое поколение универсального Helm-чарта

    Релиз nxs-universal-chart 2.8.3 был более двух лет назад и за это время многое поменялось: Ingress Nginx ушел на покой, GitOps по факту стал стандартом управления инфраструктурой, а AI все сильнее входит в наши жизни. Все эти изменения не могли пройти мимо и заставили нас задуматься о том, как адаптировать наши подход и технологии DevOps к вызовам нового времени. Результатом этих размышлений стал релиз новой версия nxs-universal-chart v3.x : из универсального набора встроенных шаблонов мы постарались превратить его в модульную платформу для поставки приложений в Kubernetes с упором на надежность и современные практики CI/CD процессов. Всем привет, на связи Пётр, инженер

    habr.com/ru/articles/1023822/

    #devops #kubernetes #helm #gitops #cd #manifest #argocd #helm_chart #deploy #cloudnative

  28. nxs-universal-chart v3.0: новое поколение универсального Helm-чарта

    Релиз nxs-universal-chart 2.8.3 был более двух лет назад и за это время многое поменялось: Ingress Nginx ушел на покой, GitOps по факту стал стандартом управления инфраструктурой, а AI все сильнее входит в наши жизни. Все эти изменения не могли пройти мимо и заставили нас задуматься о том, как адаптировать наши подход и технологии DevOps к вызовам нового времени. Результатом этих размышлений стал релиз новой версия nxs-universal-chart v3.x : из универсального набора встроенных шаблонов мы постарались превратить его в модульную платформу для поставки приложений в Kubernetes с упором на надежность и современные практики CI/CD процессов. Всем привет, на связи Пётр, инженер

    habr.com/ru/articles/1023822/

    #devops #kubernetes #helm #gitops #cd #manifest #argocd #helm_chart #deploy #cloudnative

  29. nxs-universal-chart v3.0: новое поколение универсального Helm-чарта

    Релиз nxs-universal-chart 2.8.3 был более двух лет назад и за это время многое поменялось: Ingress Nginx ушел на покой, GitOps по факту стал стандартом управления инфраструктурой, а AI все сильнее входит в наши жизни. Все эти изменения не могли пройти мимо и заставили нас задуматься о том, как адаптировать наши подход и технологии DevOps к вызовам нового времени. Результатом этих размышлений стал релиз новой версия nxs-universal-chart v3.x : из универсального набора встроенных шаблонов мы постарались превратить его в модульную платформу для поставки приложений в Kubernetes с упором на надежность и современные практики CI/CD процессов. Всем привет, на связи Пётр, инженер

    habr.com/ru/articles/1023822/

    #devops #kubernetes #helm #gitops #cd #manifest #argocd #helm_chart #deploy #cloudnative

  30. nxs-universal-chart v3.0: новое поколение универсального Helm-чарта

    Релиз nxs-universal-chart 2.8.3 был более двух лет назад и за это время многое поменялось: Ingress Nginx ушел на покой, GitOps по факту стал стандартом управления инфраструктурой, а AI все сильнее входит в наши жизни. Все эти изменения не могли пройти мимо и заставили нас задуматься о том, как адаптировать наши подход и технологии DevOps к вызовам нового времени. Результатом этих размышлений стал релиз новой версия nxs-universal-chart v3.x : из универсального набора встроенных шаблонов мы постарались превратить его в модульную платформу для поставки приложений в Kubernetes с упором на надежность и современные практики CI/CD процессов. Всем привет, на связи Пётр, инженер

    habr.com/ru/articles/1023822/

    #devops #kubernetes #helm #gitops #cd #manifest #argocd #helm_chart #deploy #cloudnative

  31. Found this nice tui for kubernetes this weekend - github.com/janosmiko/lfk

    One of the things I like about it is that it has #argocd specific logic - you can use it to alter argo settings and do other things you might otherwise do with the argocd command line tool

    Looks pretty neat, especially for #homelab @homelab #k8s users

    #sre #devops #k8s #kubernetes #k3s #talos

  32. Found this nice tui for kubernetes this weekend - github.com/janosmiko/lfk

    One of the things I like about it is that it has #argocd specific logic - you can use it to alter argo settings and do other things you might otherwise do with the argocd command line tool

    Looks pretty neat, especially for #homelab @homelab #k8s users

    #sre #devops #k8s #kubernetes #k3s #talos

  33. Found this nice tui for kubernetes this weekend - github.com/janosmiko/lfk

    One of the things I like about it is that it has specific logic - you can use it to alter argo settings and do other things you might otherwise do with the argocd command line tool

    Looks pretty neat, especially for @homelab users

  34. Found this nice tui for kubernetes this weekend - github.com/janosmiko/lfk

    One of the things I like about it is that it has #argocd specific logic - you can use it to alter argo settings and do other things you might otherwise do with the argocd command line tool

    Looks pretty neat, especially for #homelab @homelab #k8s users

    #sre #devops #k8s #kubernetes #k3s #talos

  35. Found this nice tui for kubernetes this weekend - github.com/janosmiko/lfk

    One of the things I like about it is that it has #argocd specific logic - you can use it to alter argo settings and do other things you might otherwise do with the argocd command line tool

    Looks pretty neat, especially for #homelab @homelab #k8s users

    #sre #devops #k8s #kubernetes #k3s #talos

  36. @electret nice, I‘m currently also experimenting with #k3s controlled through #ArgoCD with a self hosted #Forgejo. #renovatebot updates the helm chart of the #appOfApps each night and creates pull requests which gets validated by a #forgejorunner worklow before merging. Still at the beginning of the journey from single host docker to a cluster though.

  37. @electret nice, I‘m currently also experimenting with controlled through with a self hosted . updates the helm chart of the each night and creates pull requests which gets validated by a worklow before merging. Still at the beginning of the journey from single host docker to a cluster though.

  38. @electret nice, I‘m currently also experimenting with #k3s controlled through #ArgoCD with a self hosted #Forgejo. #renovatebot updates the helm chart of the #appOfApps each night and creates pull requests which gets validated by a #forgejorunner worklow before merging. Still at the beginning of the journey from single host docker to a cluster though.

  39. @electret nice, I‘m currently also experimenting with #k3s controlled through #ArgoCD with a self hosted #Forgejo. #renovatebot updates the helm chart of the #appOfApps each night and creates pull requests which gets validated by a #forgejorunner worklow before merging. Still at the beginning of the journey from single host docker to a cluster though.

  40. @electret nice, I‘m currently also experimenting with #k3s controlled through #ArgoCD with a self hosted #Forgejo. #renovatebot updates the helm chart of the #appOfApps each night and creates pull requests which gets validated by a #forgejorunner worklow before merging. Still at the beginning of the journey from single host docker to a cluster though.

  41. The LPI DevOps Tools Engineer 2.0 certification expects candidates to have familiarity with , , , and .

    Explore exam objective 703.3: Kubernetes Package Management with Fabian Thorns and Uirá Ribeiro to learn more: lpi.org/tb0t

    Prepare for your DevOps exam with free LPI Learning Materials!

  42. The LPI DevOps Tools Engineer 2.0 certification expects candidates to have familiarity with #Helm, #Kustomize, #FluxCD, and #ArgoCD.

    Explore exam objective 703.3: Kubernetes Package Management with Fabian Thorns and Uirá Ribeiro to learn more: lpi.org/tb0t

    Prepare for your DevOps exam with free LPI Learning Materials!

    #kubernetes #devops #gitops #cloudnative #opensource #FOSS #LPI

  43. The LPI DevOps Tools Engineer 2.0 certification expects candidates to have familiarity with #Helm, #Kustomize, #FluxCD, and #ArgoCD.

    Explore exam objective 703.3: Kubernetes Package Management with Fabian Thorns and Uirá Ribeiro to learn more: lpi.org/tb0t

    Prepare for your DevOps exam with free LPI Learning Materials!

    #kubernetes #devops #gitops #cloudnative #opensource #FOSS #LPI

  44. The LPI DevOps Tools Engineer 2.0 certification expects candidates to have familiarity with #Helm, #Kustomize, #FluxCD, and #ArgoCD.

    Explore exam objective 703.3: Kubernetes Package Management with Fabian Thorns and Uirá Ribeiro to learn more: lpi.org/tb0t

    Prepare for your DevOps exam with free LPI Learning Materials!

    #kubernetes #devops #gitops #cloudnative #opensource #FOSS #LPI

  45. The LPI DevOps Tools Engineer 2.0 certification expects candidates to have familiarity with #Helm, #Kustomize, #FluxCD, and #ArgoCD.

    Explore exam objective 703.3: Kubernetes Package Management with Fabian Thorns and Uirá Ribeiro to learn more: lpi.org/tb0t

    Prepare for your DevOps exam with free LPI Learning Materials!

    #kubernetes #devops #gitops #cloudnative #opensource #FOSS #LPI

  46. After a month of conferences, I'm back at my desk and joining two online discussions this week. Come and join in!

    MONDAY
    Argo Unpacked: Argo CD vs the world

    youtube.com/watch?v=XasDjuPVSdw

    WEDNESDAY
    Techstrong: The real impact of AI

    webinars.techstronglearning.co

    #ArgoCD #AI

  47. After a month of conferences, I'm back at my desk and joining two online discussions this week. Come and join in!

    MONDAY
    Argo Unpacked: Argo CD vs the world

    youtube.com/watch?v=XasDjuPVSdw

    WEDNESDAY
    Techstrong: The real impact of AI

    webinars.techstronglearning.co

    #ArgoCD #AI

  48. After a month of conferences, I'm back at my desk and joining two online discussions this week. Come and join in!

    MONDAY
    Argo Unpacked: Argo CD vs the world

    youtube.com/watch?v=XasDjuPVSdw

    WEDNESDAY
    Techstrong: The real impact of AI

    webinars.techstronglearning.co

    #ArgoCD #AI

  49. After a month of conferences, I'm back at my desk and joining two online discussions this week. Come and join in!

    MONDAY
    Argo Unpacked: Argo CD vs the world

    youtube.com/watch?v=XasDjuPVSdw

    WEDNESDAY
    Techstrong: The real impact of AI

    webinars.techstronglearning.co

    #ArgoCD #AI

  50. After a month of conferences, I'm back at my desk and joining two online discussions this week. Come and join in!

    MONDAY
    Argo Unpacked: Argo CD vs the world

    youtube.com/watch?v=XasDjuPVSdw

    WEDNESDAY
    Techstrong: The real impact of AI

    webinars.techstronglearning.co

    #ArgoCD #AI