After weeks of planning and a lot of GIF’s in the #hackaton channel, we started the first Fullstaq Hackaton on Saturday morning. The weeks prior we already made an extensive list of topics that we would like to hack on during this weekend.

The list included topics like a Gitlab powered CI/CD pipeline as an improvement for our company website, a hack workshop from one of our engineers, a Gitlab operator for Kubernetes, an introduction to Pulumi and a redesign for the internal Terraform stack.

The Kickoff

Nine people showed up at our Oosterhout office for the kickoff at 10 am. After the introduction by Gerrit teams were made and we started on the first projects.

FullstaQathon kick-off: engineers listening in to the kick-off speech

Hack workshop

One of the to do’s on the list for the first Fullstaqathon was carrying out a hack workshop given by our colleague Wiard van Rij. After a brief introduction to ethical hacking and HackerOne (Where companies can post bug bounties for finding vulnerabilities) we checked the Responsible Disclosure from the national government and decided that they would be our target for this workshop.

Toolset

Amongst a couple of other tools, we mostly focussed on Amass and Aquatone. Amass gave us the ability to scrape the DNS records of our target and Aquatone executed some basic HTTP-based attacks to swiftly validate exposed endpoints.

Apart from these tools, we also used our wide expertise and some other hack techniques to check the security of the target.

Hackathon team: engineers sharing a desk and smiling into the camera

Findings

We found several things which we reported to the NCSC (Nationaal Cyber Security Centrum). We got an automated reply which stated that they strive to pick up our report within 3 working days. More information about our findings will show up in a followup blog post, as we are not allowed to share the details of our findings until the NCSC grants permission to share them.

The New Hugo Powered Website

Hugo powered website: screenshot of the newly developed website

CI/CD

We already did the work to rebuild the site in Hugo instead of WordPress ahead of the weekend (you can read more on that here). Now we just needed to get it live. But not just for the weekend, this would be the foundation of our web presence for the foreseeable future. So that means: fully automated, able to handle any load and easy to use and adapt!

Since Hugo generates static content, this is actually very easy: we heavily used gitlab review apps, that we push off to google cloud buckets, fronted by a dynamic load balancer that routes traffic for a specific (review) branch to the bucket.

To top things off we push release notifications to our chat:

Slack announcement new website

And even better: hacked together a cloud function that will catch your messages to us on the contact page!

Gitlab operator

We only got around to discussing the Gitlab operator after finishing a bunch of quick wins. When we did start on the project on Sunday we quickly realized that the scope was too large and needed more refinement before even starting on it. Nevertheless, we spent a large part of the afternoon reading up on operator patterns and specifically looking at kubebuilder. Rio Kierkels delivered an MVP controller capable of pinging a temporary Gitlab instance for its status & version, and made sure the controller would log in JSON (why is this not the default?!). We bootstrapped the Gitlab instance from the cloud native helm chart provided by Gitlab, which still demands a solid understanding of all of Gitlab’s parameters.

Watch later posts for more, we’ve got plans for automated project/groups management and CI setup through kubernetes custom resources :-).

Wrap-up

After 2 days of hacking it was time to wrap-up and evaluate the first Fullstaqathon while enjoying a great beer from one of our favorite bars, De Beurs in Oosterhout. The feedback was unanimous, the first Fullstaqathon was a great success, but there is room for improvement in terms of preparation and refinement of subjects. Nevertheless this will become a recurring event! Would you like to join the next one? We are looking for new colleagues!

Fabian is a Cloud-Native Architect and Open Source Enthusiast. As one of the founders of Fullstaq, he is the technical heart and conscience of the company, helping customers and engineers with guidance and being a nice sparring partner.

To encompass Fabian's roles, we like to call him the TechFluencer. There is often a negative association with influencing or preaching some gospel and forcing opinions on others; instead, Fabian works closely with people to find out what those people and companies really want and need and makes sure the right resources from Fullstaq are made available to achieve those goals. Also, writing in the third person is something Fabian finds odd to do...

Please talk nerdy to Fabian; it is what he likes best!
May 07, 2024 | BLOG | 6 MINUTES

8 questions you were afraid to ask about Talos answerd

Talos is a minimal Kubernetes OS that's quickly gaining popularity because of its ease of use and strong focus on security by default. It has already been …

April 30, 2024 | BLOG | 9 MINUTES

12 Factor: 13 years later

How can we make applications easy to operate? The 12-factor methodology is about 13 years old. How did it age in the cloud-native era? Do we need a 13th …

April 25, 2024 | BLOG | 5 MINUTES

Build your own Python Kubernetes Operator

Yes, you read it right – build a K8s operator in Python! I often get reactions like, "But doesn't it have to be in Golang?" Fortunately, that's not …