Kubernetes security good practices

Learning by auditing Kubernetes manifests

Last year, I spoke at the National DevOps Conference that took place at the British Museum. I had already visited the museum before, but speaking there was a fantastic experience. Besides, we had the museum all for ourselves for a couple of hours. If you’ve ever visited the place, you know what I mean. Anyway, I also attended a talk about Checkov: Checkov scans cloud infrastructure configurations to find misconfigurations before they’re deployed. Checkov uses a common command

hard things computer science

Hard things in Computer Science

If you’ve more than a couple of years of experience in IT, you probably have stumbled upon the following quote: There are only two hard things in computer science: cache invalidation and naming things. — Phil Karlton Then, because it’s such a great quote, it evolved: There are two hard things in computer science: cache invalidation, naming things, and off-by-one errors.— Jeff Atwood (@codinghorror) August 31, 2014 However, I think that the initial quote is

vscode IDE

Taking VSCodium for a spin

As part of my new job on Apache APISIX, I write less Java and Kotlin code. And when I do, the code is really simple. My coding hours (unfortunately not days) involve: A lot of containerization, including Dockerfile, docker-compose.yml, and soon Kubernetes manifestsSome Python for scripting jobs - I abandoned Kotlin Scripting for thisA bit of Lua because I want to learn it as part of my jobA bit of Rust because I want to learn it for funA bit of Kotlin because I still love it Because of this, I

java kotlin programming languages JVM

What I miss in Java, the perspective of a Kotlin developer

Java has been my bread and butter for almost two decades. Several years ago, I started to learn Kotlin; I never regretted it. Though Kotlin compiles to JVM bytecode, I sometimes have to write Java again. Every time I do, I cannot stop pondering why my code doesn’t look as nice as in Kotlin. I miss some features that would improve my code’s readability, expressiveness, and maintainability. This post is not meant to bash Java but to list some features I’d like to find in Java.

jekyll blog mac os install

Running Jekyll on a Mac

At the beginning of the year, I had two new Macs in a row in one month. I changed my company and had to return my previous laptop. Thus, I ordered a replacement one, but due to the current hardware shortage, the shipping took weeks: I had to rent one in the meanwhile. It means I had to install my Jekyll stack twice in a row. The first time took quite some time; the second one was much faster. In this post, I’d like to write it down once and for all to help other developers who want to d


My summary of jPrime 2022

Writing summaries of conference talks is the best way to focus on the talk and listen actively. Before conference speaking became part of my job, I did it. However, I don’t attend that many talks now, and I don’t take notes when I do. jPrime is a conference in Bulgaria, and after two cancellations due to Covid, they had their edition this week. Probably, for this reason, the atmosphere is quite emulating: I attended a couple of talks; here are my notes. Replicating production on y

architecture microservices system design

Chopping the monolith - the demo

In my previous blog post Chopping the monolith, I explained my stance on microservices and why it shouldn’t be your golden standard. However, I admitted that some parts of the codebase were less stable than others and had to change more frequently. I proposed 'chopping' these few parts to cope with this requirement while keeping the monolith intact. As Linus Torvalds once wrote: Talk is cheap, show me the code! I want to show how to do it within the scope of a small demo project to

context receiver

Toying with Kotlin's context receivers

Kotlin added the idea of Context Receivers in version 1.6.20. In this post, I’d like to toy with them to understand how useful they can be. If you want to play along, you’ll need to compile with the -Xcontext-receivers flag. The main idea behind context receivers is to pass additional parameters to a function without having to do it explicitly. A simplified model sample Let’s start with a simple example to show how it works. We want to model a simple transfer op

GitLab DevOps Continuous Deployment

Conditional build on GitLab

Regular readers of this blog know that I’m using Jekyll to generate the static site. I’m using GitLab: when I push on the master branch, it triggers the generation job. However, Jekyll is Ruby-based and requires a couple of Gem dependencies. I’ve also added a few plugins. For this reason, I’ve created a Docker image with all required dependencies. Regularly, I update the versions in the Gemfile.lock via Bundler. Afterward, I need to rebuild the Docker image. Hence, two

GitHub Google Cloud authentication

Securely authenticate to Google Cloud from GitHub

Recently, I designed a simple metrics-tracking system. A Python script queries different providers' APIs for metrics, e.g., Twitter, GitHub, etc. The idea is to run this script each day, store them in Google BigQuery and provide an excellent data visualization in Google Data Studio. I’m a big fan of automation, so I’m using GitHub Actions. Accessing Google Cloud with a Service Account I query the different APIs with different Python libraries. All of them allow authenticating by p