- Chatham House Rule, so no attribution of ideas to people or companies
- bootstrapping environments (without object stores)
- service discovery
- removing spofs
problem: | |
FOO=bar sleep inf | |
no-problem: | |
sleep inf |
server { | |
listen 80; | |
resolver 8.8.8.8; # or your internal DNS server | |
location / { | |
proxy_set_header Host $http_host; | |
proxy_http_version 1.1; | |
proxy_pass https://$http_host; | |
} | |
} |
#!/usr/bin/env ruby | |
require 'sinatra' | |
require "sinatra/reloader" if development? | |
require 'chef' | |
require 'rack/flash' | |
require 'haml' | |
POSSIBLE = [('a'..'z'),('A'..'Z'),(0..9),'.','/'].inject([]) {|s,r| s+Array(r)} | |
set :sessions, true |
# This is a request *directly* to the AAA/intelligent HTTPd, to demonstrate the additional response headers required to force the reproxy: | |
X-Reproxy-Uri, X-Reproxy-Host and X-Accel-Redirect. | |
jcm@austin:~/src/sinatra/nginx-test$ curl -v http://api-origin-server.mywebsite.internal/test | |
* About to connect() to 1.2.3.4 port 80 (#0) | |
* Trying 1.2.3.4... connected | |
* Connected to 1.2.3.4 (1.2.3.4) port 80 (#0) | |
> GET /test HTTP/1.1 | |
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18 | |
> Host: 1.2.3.4 |
This is a copy/paste from an internal wiki on how we should use docker
This guide is to serve as an outline of internal best practices to using Docker. The idea is to give enough information to allow engineers to create containers for new stack components while minimizing the cleanup required to make them production ready.
Before we get to the practices, it's important to understand WHY we are doing this. The key concepts we're concerned about with broad Docker usage are provenance, determinism, repeatability and auditability.
Provenance refers to knowing WHERE something comes from. Generally with the end use of software, this is easy:
Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.
This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.
There is a companion feature matrix of various tools. Comments are welcome in the same manner.
#!/bin/bash | |
# ASCII-delimited input and output | |
awk -vFS="\x1F" -vRS="\x1E" -vOFS="\x1F" -vORS="\x1E" "$@" |
/.terraform/terraform.tfstate* | |
/plan.out | |
/.plan.out.* |
resource "aws_instance" "instance" { | |
ami = "ami-32rrg4334f" | |
instance_type = "t2.small" | |
subnet_id = "subnet-abc123dasf" | |
key_name = "key" | |
associate_public_ip_address = false | |
vpc_security_group_ids = [ | |
"${aws_security_group.1.id}", |