#helmchart — Public Fediverse posts

Tonight

Set up a #kubernetes cluster on #digitalocean
Installed #nginx controller and k8s dashboard
Configured #seleniumgrid with #helmchart especially the hostname with #cloudflare dns and the extra environment variable on #chrome node for managed downloads.
Finally tested with #mocha chai

Do you want Infrastructure as Code security? :kubernetes: :github: :microsoft:

Do you use CodeQL to scan your code (which is, btw, free for open source code)?

From today you can use #CodeQL to scan it, using a new open source package written by my team mate @geekmasher

Scan #Terraform, #GitHubActions, #HelmChart, and #AzureBicep, with more in progress.

#IAC #InfrastructureAsCode #SAST #CodeSecurity #CodeSmells #StaticAnalysis #GitHub #AdvancedSecurity

Today's adventure in #darkpattern #surveillance comes from #Grafana #Loki. (Not a surprise, but this is why I run egress filters and dns #adblock in my #homelab clusters.)

I know not everyone agrees that #optout #telemetry is a dark pattern, but you might agree with me about this one after you see it documented:

> # -- Optional analytics configuration
> analytics: {}

Enlightening, isn't it? There are other empty blocks, but they are either fairly standard or are described elsewhere in the document.

If you are familiar with #helm, you won't despair because you have the power of `analytics.enabled: false`. That works on the rest of this chart and is the standard way to en/disable things.

It doesn't work that way.

Let me save you some time with the terrible new #github code search. Here is the actual syntax:
"analytics.reporting_enabled: false"

This was caught by #adguard and enforced by an egress #networkpolicy

#monitoring #prometheus #kubernetes #k3s #k8s #helmchart