Development Security Bug Bash

Developers stop feature work for a week to focus on paying down technical debt by gamifying the reduction of security CVEs.

AWS Lambda and SAM Gotchas

Thinking of utilising Amazon Web Services (AWS) Lambda services for your next API project? Maybe you’re even considering using the AWS Serverless Application Model (SAM) to speed up and simplify your AWS Lambda development process. This article will explore a few of the “gotchas” that took our team by surprise when using AWS Lambda and AWS SAM together. While AWS Lambda provides low maintenance and cost-effective way to run quick running code in the Amazon Web Services cloud, you need to be aware that it is a different paradigm to traditional HTTP API services you may be familiar with.

Migrating Kubernetes from Docker to Containerd

Overview Reece operates multiple on-premise and cloud hosted K8s clusters for many years and we heavily utilise docker as our container runtime for master and worker nodes. As most readers would be aware by now, the Kubernetes update to 1.20 also announced the deprecation and future removal of the much loved docker interface. This post documents our journey from docker to a suitable replacement option. Options The two most obvious alternatives are cri-o and containerd.

Federate Kubernetes with AWS IAM using OIDC

Introduction At reecetech, we want to consume AWS services from the pods running in our Kubernetes clusters. The Kubernetes clusters are predominantly hosted on-prem in VMware, although there are some worker nodes that run on EC2 instances. In order to use AWS services, the pods are required to be authenticated with AWS. We used OpenID connect to federate the identity pods have in our Kubernetes clusters (RBAC) to AWS IAM. This allows the pods to be able to assume a role in AWS using the AWS STS AssumeRoleWithWebIdentity API call.

Updating custom certificates on Red Hat Satellite 6

Updating custom certificates on Red Hat Satellite 6 Overview Satellite 6 hides the certificates used as part of installation away somewhere special and does not like them to be updated. This is a huge pain when certificates expire, the process to update current certificates is to run a command to re-install certificates. Finding this information online took way longer than it should have and it made me mad, I wanted to add this post to help the next person struggling with an upgrade due to expired custom certificates with Red Hat Satellite 6.

Golang in Production

Golang has finally reached the big leagues at reecetech! We have released a rewritten REST API microservice - users-service - which is core to The Reece System. The Reece System is Reece’s internally built point of sale system, referred to as TRS for simplicity. This article will look at the motivations of the rewrite, the architecture and also the performance of the microservice. Motivation In the Delivery Engineering team there is a backlog of exciting new epics (aka projects), tech debt items and various impromptu items fighting for the team’s attention.

Extracting files from multi-stage Docker Builds using BuildKit

Extracting files from multi-stage Docker Builds - BuildKit What seems to be the problem here officer? reecetech use Docker multi-stage builds to run code compilation and test cases as a set of stages, copying the resulting application directory to a clean version of the runtime. This is a very neat model keeping a single Dockerfile to perform multiple tasks on the code. This also means tests have to pass before a runtime image is created.

Renovate Bot at reecetech

Renovate Bot at reecetech Renovate What is Renovate? Renovate is a software robot. It’s an open-source software program that is intended to keep your software dependencies up-to-date. It does this by: scanning your software repositories for files that specify dependencies; checking if any of the dependencies have updates available; and then raising pull requests to use updated dependencies if they are available. Software dependencies are the other items of software that your software requires to build, be tested, or to run.

How to hack the SAA-CO2: Solution architect associate exam in 2 months?

How to hack the SAA-CO2: Solution architect associate exam in 2 months? Table of Contents: Overview COVID-19 Online Exam Experience High level Tips Low level Tips Conclusion Overview Hi, my name is Kenny and I work for the fantastic ReeceConnect team. A bit of background of myself, I was a technical consultant (it’s like a really boring version of the solution architect role) in my previous job dealing with proprietary tech and I was itching to get back to software development again as that was my forte.

Hosting CentOS and Rocky Linux yum repositories in AWS S3

Hosting CentOS 7,8 and Rocky Linux yum repositories in AWS S3 Overview We are utilising compute instances in different cloud environments as well as traditional data centres. On-premise virtual machines usually run RHEL 7/8, CentOS 7/8 and Rocky Linux 8. Scope This post explains how to create and host your own yum repositories in an S3 bucket and how to maintain secure, consistent and reliable server builds. This method also allows for a controlled package version and patch level lifecycle across environments.