Jenkins Exploit Cryptocurrency mining malware
A few days ago, our alert system notified us that several of the servers of some clients had a totally abrupt load growth in the system, even in some cases a direct downtime occurred. After entering the systems, after a brief initial analysis of the Geko team, we detected that the systems had been compromised […]
Jenkins X is here to help you
Most probably you already know what Jenkins is and maybe you are already using it for years to help you to automate all kind of things, specially software development process with continuous integration and delivery. From mid 2018 we have another guy on the stage: Jenkins X. This is the first post of a series […]
Extract user_agent fields from logs using AWS ElasticSearch
ElasticSearch service has become one of the preferred services where sysops department store logs and metrics information. Recently, we faced with a problem that we already solved related with the user_agent field we get from nginx json logs. When a new request transaction goes to our web services we want to get some certain relevant […]
Securing Jenkins access to AWS (part I)
Jenkins is an open source automation server used to accelerate the software delivery process and has become the de facto DevOps engine, specially for its scripted Jenkinsfile pipelines committed to source control. To accomplish its function, Jenkins needs to interface with some external systems, such as GitHub or, the reason for this article, AWS. One […]
Forward real IP to a NGINX behind a GCP Load Balancer
This article focuses in GCP Load Balancers, but can apply to other cloud providers / proxy servers. Introduction We worked in a project that required a nginx server to be able to whitelist some public ip addresses while denying all other connections. While this can be addressed using GCP firewall rules there were some other […]
How to set up a High-Availability HAProxy in Google Cloud with Keepalived
Yes, you may think: “What? Google Cloud has it’s own load balancer managed service. Why you want to configure and manage a dedicated HA load balancer?“. We recommend using GCP Load Balancer service always as you can. It’s a very reliable service and you don’t have to manage your own load balancer in a High-Availability […]
EFS & WordPress: When best practices don’t work
Today we are going to talk about AWS recommendations to deploy WordPress in your cloud. AWS offers us a multitude of solutions depending on the environment we need to deploy. In most cases we will want to deploy this well-known CMS taking advantage of the solutions offered by AWS in terms of scalability and flexibility, […]
Send docker logs to Stackdriver using gcplogs
When it comes to logging solutions you can either choose a managed or an unmanaged solution. If you decide to go with the latter and you are in Google Cloud Platform the recommended option is Stackdriver Logging. Google offers a custom fluentd based package to send logs to stackdriver (we’ll talk about it in an upcoming post) but if […]
Securing Jenkins access to AWS (part II)
Recommended setup If you followed the steps in my previous post, you have: IAM users than can only assume a role AWS access keys for those users stored in Jenkins (using AWS Credentials plugin) An MFA device assigned to each user A condition that forces MFA when assuming roles Example pipeline With all this, we […]
Kubernetes external secrets
In this post we will talk about Kubernetes external secrets. It’s a project developed by the GoDaddy Engeneering Team that allows to use external secrets management systems to securely add secrets to your kubernetes cluster. At the time of writing, it supports the following backends: AWS Secrets Manager AWS System Manager GCP Secret Manager Azure […]