Today I Learned
š± I probably learned something today. It was likely far too small to write a longer-form post about it.
2024
Grype can use an image pull policy
One more saved-my-bacon tip: If youāre prone to having a ton of images cached locally, you may need to scan the latest build of that tag. It can always pull the latest image, similar to setting ImagePullPolicy: Always in Kubernetes.
1
default-image-pull-source: registry
(2024-11-19)
Grype has a config file
A nifty tidbit if you travel a lot. Grype has a config file. Before you leave the house, run grype db update to pull down the latest vulnerability data, then disable the auto-update features in the config file:
1
2
3
4
# sometimes the hotel wifi is awful and yesterday's data is good enough
check-for-app-update: false
db:
auto-update: false
I revert it by having the exact opposite values commented out to swap back and forth easily, then doing a quick edit. Docs here - https://github.com/anchore/grype#configuration
(2024-11-18)
Helm sub-chart dependencies
TIL that Helm sub-charts cannot specify dependencies on each other or the order of operation they are installed in.
For example, you need a simple PHP app that relies on nginx for load balancing and SQL with some preseeded data or schema applied. Itās not possible to purely state dependencies such that PHP must wait for both nginx and SQL. SQL must wait for Flyway to pull what it needs from GitHub and initialize that database, but nginx has to let cert-manager do itsā thing first ā¦ and so on and so forth. š¬
Instead, health checks and init containers handle that by failing and retrying until the conditions for success are met ā¦ the grey-bearded sysadmin in me feels this is cludgey, but also dreads a return to PID lockfiles and load-bearing sleep statements.
(2024-11-15)
Python 2 is still a thing
So yeah, Python 2 is still hanging around. Itās not expedient to rewrite things for a short-lived demo or reusing exploit code. Luckily, pip still works - just need to use the Python Package Authorityās archive.
1
2
3
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
sudo python2.7 get-pip.py
sudo python2.7 -m pip install requests
This works fantastically in a devcontainer or a virtual machine to keep it isolated from my regular Python environment.
(2024-10-26)
Escaping brackets in code blocks in Jekyll
In Jekyll, anything with{{ }} will be interpreted as Liquid first. This breaks a bunch of templating languages. The code you want to show wonāt display as intended in the code block.
Fix this with {% raw %} and {% endraw %} tags to wrap your code block. Maybe itās ātoday i spent several hours relearningā or ātoday i knew i did this before and couldnāt find it, yet couldnāt bring myself to just google itā š¤¦š»āāļø
1
2
3
4
5
6
7
8
{% raw %}
```yaml
{{ .Chart.Name }}-{{ .Chart.Version }} # helm
${{ github.repository }} # github actions
end with three backticks
escape the backticks below to make it render right
\```
{% endraw %}
(2024-10-23)
Referrer headers and Confluence URLs
If you run Confluence internally, please remove your internal Confluence serverās URL from the referring header. This is a setting somewhere in your corporate inspection proxy.
Anyone running basic traffic analytics on their site, including this goober, can have a list of them easily. Itās 2024 and thatās an ancient version of Confluence, telling the entire world it exists every time your users click anything stored there. Take a moment and just check that your proxy/firewall/whatever is stripping these out. Then take another moment and update your stuff. š
(2024-10-22)
POSSE testing
Hello again, world! Iām working on building out a set of scripts to automatically cross-post content from my site to other platforms - this should work ā¦ š±
(2024-10-19)
These are cross-posted to other platforms as my first foray into POSSE (Publish on Own Site, Syndicate Elsewhere), so some formatting may get lost between platforms.