Was the Kubernetes cluster necessary/useful for this sort of architecture? I'm asking as someone who has basically no experience with Kubernetes, but I'm familiar with the rest of the pieces.
>As any other high-profile web site, we were the target of some attacks coordinated and carried out by powerful organizations. Most of the attacks were of brute-force nature and the aim was to take the web site down rather than infiltrate it.
I'm surprised that the attacks were just brute-force attacks. Assuming state actors wanted to compromise Macron's site you'd think they'd have more to throw at it.
Also, I wonder if the security implications of open sourcing your code change if you think you will be targeted by state actors. Generally the advice is open source leads to more secure code as more eyes on the code == more exploits found and fixed. Do we make an exception to this advice when dealing with state actors, or does it hold?
Kubernetes was the key part in our development process: it gave us the flexibility, stability and scalability required to handle million of users while still deploying multiple times per day.
At the beginning of the campaign, we had only one node in the cluster, as we thought it would be enough. However, while it was enough most of the time, it had issues under DDoS attacks: as the node was the only one, it was the master node of Kubernetes and when it overloaded, Kubernetes crashed.
To avoid this, we used three smaller nodes instead, to avoid having a node overloaded leading to the whole system crashing. Kubernetes handled the following attacks really well with this setup, and it did not cost more for us.
About the attacks: they threw more at us (XSS, SQL injections, etc.) but most of these attacks were still automated. Perhaps have they tried something even more subtle, but I doubt it: they prefered to hack emails :) .
I have to admit making the project open-source was a quite difficult decision: I really wanted it, but I also knew we would be potential targets of powerful organizations. We decided to do it because in the end, the argument you stated was stronger: open source does lead to more secure, stable and quality code, and this project showed it. Note also that we didn't advertise much on this project during the campaign, so perhaps was it not clear for potential hackers that the code was open.
Was the Kubernetes cluster necessary/useful for this sort of architecture? I'm asking as someone who has basically no experience with Kubernetes, but I'm familiar with the rest of the pieces.
>As any other high-profile web site, we were the target of some attacks coordinated and carried out by powerful organizations. Most of the attacks were of brute-force nature and the aim was to take the web site down rather than infiltrate it.
I'm surprised that the attacks were just brute-force attacks. Assuming state actors wanted to compromise Macron's site you'd think they'd have more to throw at it.
Also, I wonder if the security implications of open sourcing your code change if you think you will be targeted by state actors. Generally the advice is open source leads to more secure code as more eyes on the code == more exploits found and fixed. Do we make an exception to this advice when dealing with state actors, or does it hold?
Phrased another way, do any