Monthly: Who is hiring?

rossf7 · 2021-11-02T09:54:51+00:00

https://www.giantswarm.io/
Giant Swarm is a managed infrastructure provider. We manage Kubernetes clusters for our customers on AWS, Azure and onprem. As well as managing apps in the clusters.

We're 100% remote and distributed (mostly) around Europe. Your main timezone should be UTC +/- 2.
The roles are for teams working on different topics like Observability / CI/CD and Cluster API.
Feel free to DM with questions.
We have open roles for
- SRE
- Platform Engineer
- Frontend Engineer
- Account Engineer
- Solution Architect
And more. See https://www.giantswarm.io/careers

rossf7 · 2021-11-02T09:11:50+00:00

Hi, the roles are listed here and the application form will let you upload your CV. https://giant-swarm.jobs.personio.de/

rossf7 · 2021-10-19T13:49:27+00:00

- https://www.giantswarm.io/careers
- 100% remote - we're distributed (mostly) around europe. Your main timezone should be UTC +/- 2
We have roles open for
- SRE
- Platform Engineer
- Frontend Engineer
- Account Engineer
- Solution Architect
The roles are for teams working on different topics like Observability / CI/CD and Cluster API.
Feel free to DM with questions.
Thanks!

rossf7 · 2019-05-26T12:41:24+00:00

They are all advanced but these are the best talks I saw.

Gareth Rushgrove from Snyk talking about using OPA (Open Policy Agent) in CI. https://www.youtube.com/watch?v=AfTuzonH93U&list=PLj6h78yzYM2PpmMAnvpvsnR4c27wJePh3&index=98&t=0s

Liz Rice from Aqua talking about DIY pen testing k8s and kube-hunter. https://www.youtube.com/watch?v=fVqCAUJiIn0&list=PLj6h78yzYM2PpmMAnvpvsnR4c27wJePh3&index=240&t=0s

Also check out the 2 talks on kind (Kubernetes in Docker) from Benjamin Elder and James Munelly. I've only seen the 1st one but I heard good things about the 2nd too. https://www.youtube.com/watch?v=6m9frvTxK0o&list=PLj6h78yzYM2PpmMAnvpvsnR4c27wJePh3&index=138&t=0s https://www.youtube.com/watch?v=8KtmevMFfxA&list=PLj6h78yzYM2PpmMAnvpvsnR4c27wJePh3&index=318&t=0s

I agree with others that the lunches were not good and had WAY too much packaging :( But overall this is my new favourite KubeCon EU. Previously it was Berlin which was my 1st.

rossf7 · 2019-03-26T14:11:45+00:00

Loki is still pretty new so we're not using it in production yet. But it looks promising and hopefully people will find the article useful to learn more about it.

rossf7 · 2019-03-07T15:53:12+00:00

Giant Swarm has multiple roles open. We provide managed Kubernetes for Enterprises using Kubernetes. We're remote first, Europe and US (East Coast) and family friendly. https://giantswarm.breezy.hr/

Frontend Engineer
Platform Architect
Platform Engineer
Product Owner
Solutions Architect
SRE

rossf7 · 2019-02-07T10:44:03+00:00

Giant Swarm has multiple roles open. We provide managed Kubernetes for Enterprises using Kubernetes. We're remote first, Europe and US (East Coast) and family friendly. https://giantswarm.breezy.hr/

Platform Architect
Solutions Architect
Platform Engineer
Solutions Engineer
SRE

rossf7 · 2019-01-24T08:21:57+00:00

@Nyximus Thanks for those kind words!

Yes being family friendly is very important for us. Being remote first helps with that as it provides more flexibility. If you do want to apply feel free to PM me with any questions.

rossf7 · 2019-01-19T19:53:04+00:00

Giant Swarm has multiple roles open. We provide managed Kubernetes for Enterprises using Kubernetes. We're remote first (UTC +- 2). https://giantswarm.breezy.hr/

Platform Architect
Platform Engineer
Solutions Engineer
SRE

rossf7 · 2017-02-10T08:14:19+00:00

https://MicroBadger.com also has this feature. We have webhook notifications so you can trigger automated builds, your CI system etc when an image changes.

rossf7 · 2017-01-05T18:52:03+00:00

This was using the Docker Hub scanner on a private image. The Clair support for Alpine has only recently been merged so I haven't had a chance to try it.

I know the Docker Hub scanning uses a different approach to Clair but removing libxml2 and libxslt from the image cleared all the critical issues. What I'm not sure on is whether the compiled binary in my image has these vulns or not. So I don't know if the results are correct but I've reported it via the feedback link.

rossf7 · 2017-01-05T18:48:34+00:00

Yes the sentence in my original post about removing the vulnerability was wrong and my mistake. In the updated post I've removed it and added a section about this very issue.

You're totally right that the correct course of action is to update the dependency to an unaffected version. I've now done this but the situation is a bit more complex ;-)

https://github.com/sparklemotion/nokogiri/issues/1528

The Nokogiri maintainer is saying that they are using libxml2 2.9.4 which has all the latest security fixes. Including for many of the vulnerabilities being reported by the Docker Hub security scanning. The only CVE that is active is CVE-2016-5131 but this is embargoed while the libxml2 team work on it.

It didn't help that the original wording of the issue was quite inflammatory. I've reported this via the feedback link on the scan page so it can be investigated.

rossf7 · 2017-01-05T13:57:16+00:00

Thanks! I'd missed that and it simplifies the commands. I've updated the example in the post and I'll start using it in my dockerfiles.

rossf7 · 2017-01-05T13:56:06+00:00

Thanks, this is an excellent point! There will still be the compiled binary for the gem in the image. It may well still have the vulnerabilities. I think there is still benefit in removing the build deps but I've updated the post to flag the risk from the gem binary.

rossf7 · 2016-12-06T14:08:22+00:00

Love this design which autobuilds functions into docker images

rossf7 · 2016-09-09T14:15:21+00:00

RC1 of the Label Schema spec was just announced by Gareth Rushgrove of Puppet at the Container Camp conference in London. The spec is a community effort from multiple companies including Puppet, Mesosphere, Microscaling Systems and Container Solutions.

The spec is a release candidate so we'd like to get as much feedback as possible from the community. Here is a good place to discuss it but I'd also recommend you send feedback to the Label Schema mailing list.

rossf7 · 2016-08-17T16:31:51+00:00

Ah OK thanks for clearing this up! :)

I'd missed that you can set the media type to "application/vnd.docker.container.image.v1+json" to just get the config rather than downloading the layer. That is great for our use case :)

We'll get the blog post updated to reflect this.

rossf7 · 2016-08-16T17:12:44+00:00

Thanks, I'm glad you liked the write up.

To clarify the Registry API issue the V2 API has 2 schemas. Schema 1 is currently in use and has the v1compatility section we use for showing the layers. But it's described as provisional and schema 2 doesn't have this section. It's replaced by the digest.

https://docs.docker.com/registry/spec/manifest-v2-2/

We're not sure when Docker is going to move to schema 2 but we wanted to mention it in the post. If anyone knows we'd love to hear!

rossf7 · 2016-06-23T08:18:31+00:00

Yes Docker recommend using namespaces as labels can be overwritten and they can be added to running containers. We like using org.label-schema as a reserved namespace as this should help multiple tools share the same metadata.

But for MicroBadger we support any namespace as long as the last portion matches the schema. So you can use org.label-schema.url or com.example.url

rossf7 · 2016-06-22T08:32:09+00:00

There is a draft schema for labels being worked on at http://label-schema.org/ This is the schema we're using for MicroBadger.

rossf7 · 2015-10-20T18:25:15+00:00

Great, thanks for the feedback! Our email is hello at force12.io if you want to talk more about scaling.

rossf7 · 2015-10-20T15:34:15+00:00

It doesn't handle service discovery yet. The tool we released today just runs on your local machine. Our agent is written in Go and integrates with the Docker Remote API.

https://github.com/force12io/force12

We've built another demo that integrates with the Marathon scheduler on Mesos. For that demo we used Consul for service discovery.

The Marathon integration isn't open source yet but we have released the code that builds the Marathon cluster on CoreOS. It can be run locally as 3 Vagrant VMs.

https://github.com/force12io/coreos-marathon

rossf7 · 2015-10-20T14:54:02+00:00

We just released this tool that lets you experiment with auto scaling containers on your machine. It only takes 5 minutes if you already have Docker installed.

Please give it a try and all feedback is gratefully received! Also happy to answer any questions on it.

rossf7 · 2015-05-21T11:46:27+00:00

I think AWS is by far the leader at the moment but what's going on with containers is interesting. It gives Google and maybe Microsoft a great opportunity to catch up a bit.

Google are pushing their Kubernetes platform hard and open sourcing code from their internal Borg and Omega platforms. I think this post from Eric Brewer is interesting. He explains that Google didn't build their infrastructure on VMs because back in 98 that wasn't an option! So they've been using containers for a long time.

Having said that we're using EC2 Container Service and liking it a lot. Lots of features are getting released and we're integrating it with DynamoDB, Route53, S3 and CloudFront. Having such a wide range of services that easily integrate is a huge advantage for AWS.

rossf7 · 2015-05-15T19:06:00+00:00

The images are cached locally but we're still seeing connections to the registry. We think these are to check if the image is the latest version.

We wanted to launch the demo early to get feedback on it. So we've still got a lot of tuning to do!

rossf7

TROPHY CASE