SRE / DevOps / Kubernetes Weekly Collection#10(Week 15)

  • In this blog post series, I collect the following 3 Weekly Mailing List I subscribe to, leave some comments as an aide-memoire and useful links.
  • Actually, I have already published the same content in my Japanese blog and am catching-up in English in this series.
  • I hope it contributes to the people browsing this kind of information as a reference.

DEVOPS WEEKLY ISSUE #484 April 5th, 2020
SRE Weekly Issue #214 April 5th, 2020
KubeWeekly #211: April 10th, 2020

DEVOPS WEEKLY ISSUE #484 April 5th, 2020

News

A detailed look at Slack’s deployment process, covering batching deploys, fast/atomic deploys and staggered rollouts to catch issues quickly.

  • The title is “Deploys at Slack.”
  • It was different when I expected “A story to deploy with Slack trigger?” An article that outlines the business processes of Slack and the major projects that have led the company to this point.
  • Finally, I wonder what the culture is to honor the achievements by naming the members who contributed to each project. I think it’s a good tool that allows you to extend your collaboration with other teams, Slack. I’m not an agent provocateur, but just a user.

A great piece of critique of PostgresSQL, with 10 specific issues based on a wealth of production experience.

  • The title is “10 Things I Hate About PostgreSQL”.
  • An article title that feels the author ‘s longstanding grudge against PostgreSQL. He cited the article “ PostgreSQL is the best database in the world “ as a spear ball, and he is concerned about the trend of entertainment.
  • Those who can use managed services are encouraged to use it in order to reduce or remove the 10 pain points they mentioned. And to conclude, he still boasts that he has been building software on PostgreSQL for nearly 20 years and is still a supporter of it.

An attack matrix for Kubernetes-based systems. A comprehensive breakdown of potential points of attack, useful when considering systematic defences.

  • The title is “Attack matrix for Kubernetes”.
  • Using the knowledge base framework that includes the tactics and technologies used in cyber attacks called “ MITRE ATT&CK® “, we explain the attack method to Kubernetes.
  • I felt that it was an article and a guide for thinking about ways to protect yourself from cyber attacks from various perspectives/methods, rather than digging deeply into each one. There are many items, but each one touches only one word.

A post describing an approach to spinning up and down development environments on GCP using Google Cloud Functions and Terraform.

  • The title is “GKE Cluster Nodepool Scaler”.
  • Talk about optimizing costs by using GKE’s cluster node pool with Terraform, GCP’s function gke-cluster-nodepool-scaler with GCP Scheduler, PubSub topic to scale down and up as needed.

An introduction and case study looking at building serverless applications using the Serverless Framework for application management and deployment.

  • The title is “Serverless Framework in the Real World”.
  • SSENSE in open source Serverless Framework and with the company have how utilized in AWS infrastructure, management of the application, whether carried out the deployment, the company’s Developer Web Full Stack / Scrum Master Victorien Avon is introducing the article.

A look at some of the use cases for tagging of resources in cloud deployments, including ownership, cost tracking, compliance regimes and more.

  • The title is “The Context Your Team Needs”.
  • An article introducing “Tagging Cloud Deployments of k9 Security Guide” of the company on the technical blog of k9 Security.
  • Technical team is invited to tag cloud application and infrastructure resources with the context needed to effectively manage, operate, and protect those resources.
  • This tag model consists of three elements: Identity & Scope, Security and Risk.

A quick guide to service mesh and various tools in the space, looking at AWS App Mesh, Consul Connect, Istio, Linkerd and more.

Tools

kpt is a toolkit to help you manage, manipulate, customize, and apply Kubernetes Resource configuration.

Fleet is a new tool for managing fleets of Kubernetes clusters. It’s been designed specifically for edge use cases, where users might have thousands or more small clusters.

  • The GitHub page for Rancher’s new tool, Fleet, which manages Fleets in Kubernetes clusters (which can be translated as fleets/fleets, etc.). An image to manage as a Fleet collectively in a cluster unit.
  • It seems that the early-ALPHA version is still in demand for feedback, so it is for people who want to touch new tools rather than practical use, and those who want to be involved.

Pipx is a handy tool for installing and running Python applications in isolated environments, building on top of the Pip package manager.

  • The io page for “pipx”, a tool that installs and runs Python apps in an isolated environment.
  • Click here for the GitHub page.
  • Click here for a page comparing with other tools such as pip and pipsi.

SRE Weekly Issue #214 April 5th, 2020

Articles

Trying to be too (io)nice created a “killer” directory

A nifty little pitfall in which an ioniced process can block non-ioniced processes.Author: rachelbythebay

  • From the introductory statement that “Every now and then, someone finds a new way to get Linux processes stuck in unusual places”, the author told a method she found a few years ago (due to the heavy use of disk I/O prioritization with the ionice command, “killer A blog article that talks about creating a directory).

Technical Writing

Google published this free set of courses on technical writing. As an SRE, I have the constant need to write effectively to justify and document my designs.

Every engineer is also a writer. This collection of courses and learning resources aims to improve your technical documentation. Learn how to plan and author technical documents.

Google

  • Free technical documentation course by Google. First of all, it may be good to read the material of Pre-class and practice it, and then consider In-class. I could not find out how to enter In-class. Is it still preparing?
  • Intended for software engineers, student software engineers, as well as many engineering roles (such as product managers).

Message from ACM Regarding Open Access to ACM Digital Library during Coronavirus

The ACM has made their ACM Digital Library free to the public for the next 3 months. Many of their articles have been featured here previously.

  • Information that ACM (Association for Computing Machinery) has released at ACM Digital Library for free access and download for 3 months (until June 30, 2020).
  • The purpose is to support the researchers, practitioners working remotely by COVID-19, those educating/learning online when the campus is closed, and the computing community.
  • I tried it, but I was able to download a book with over 800 pages in PDF format. For those who want to read about computing heavily in English.
  • I want to read this book “ Concurrency: The Works of Leslie LamportOctober 2019 “ when I have time.

The Post-Incident Review Issue 2: March 2020

Includes a great article by Jamie Woo, entitled Imagining Your Post-Incident Report As A Documentary.

Emil Stolarsky and Jaime Woo — The Post-Incident Review

  • At SREcon EMEA, they carried a PIR (Post-Incident Review) with a physical book in a magazine size, but when publishing the second edition, it seems that they will deliver more in a monthly size in a letter size that is easy to handle. Online version, PDF version, PDF version for print are available. Illustration is pretty.
  • It covers the outage of Discord.

SRE Thought Leader Panel about Embracing Resilience during Crises

Blameless recently had the privilege of hosting SRE leaders Liz Fong-Jones, Dave Rensin, and Alex Hidalgo to discuss how SREs can embrace resilience during pandemic, and how the principles of SRE intersect with global trends.

I especially liked the discussion of pent-up demand that may cause problems when we eventually get to relax social distancing.

Amy Tobey (moderator), Alex Hidalgo, Liz Fong-Jones, Dave Rensin

  • Blameless invites SRE leaders Liz Fong-Jones, Dave Rensin, and Alex Hidalgo to “How SREs can stay resilient during a pandemic.” “ How the principles of SRE intersect with global trends.” An article that describes what is being discussed. There is so much content, so this is homework.
  • Webinar videos can be downloaded by signing up here.

Incidents: What Is Often Missed & What Can Be Done About That

This is a talk that John Allspaw gave for Spotify.

Learning is not the same as fixing

John Allspaw — Adaptive Capacity Labs

  • The page on which the author was invited to Spotify’s New York office in February and talked about the theme of “learning from the incident” and a video of about 45 minutes was embedded.

Outages

KubeWeekly #211: April 10th, 2020

The Headlines
Editor’s pick of the highlights from the past week.

API Priority and Fairness Alpha

Min Kim (Ant Financial), Mike Spreitzer (IBM), Daniel Smith (Google)

A new alpha feature in Kubernetes 1.18, API Priority and Fairness permits cluster administrators to divide the concurrency of the control plane into different weighted priority levels. Learn more about what this problem solves and how to try it out from the recent blog post.

  • An article that introduces “API Priority and Fairness” that was newly added as an α version function in Kubernetes 1.18.
  • By using Flow Schema and Priority Level Configuration, parallel processing of the control plane can be divided with different priority levels.
  • Kubernetes 1.18でα版機能として新たに加わった「API Priority and Fairness」を紹介する記事。

Argo CD — Declarative GitOps CD for Kubernetes

As a deployment tool, Argo CD needs to have production access which makes security a very important topic. The Argoproj team takes security very seriously and continuously working on improving it. Dive into the latest security audit here.

  • As a result of a vote of the Technical Oversight Committee (TOC) of CNCF, it was announced on April 7 that the Argo Project will be the incubation level of CNCF.
  • Argo Project is a tool for running and managing apps and jobs on Kubernetes, which consists of four subprojects (Argo Workflows, Argo Events, Argo CD, Argo Rollouts).
  • CNCF projects are sandbox, incubating and graduated in order of maturity. Please refer to the CNCF Graduation Criteria v1.3 if you would like to confirm the current standards (as of April 12, 2020).

TOC Votes to Move Dragonfly into CNCF Incubator

Exciting news- Dragonfly is now a CNCF incubation-level project. Celebrate the recent milestone and learn more about the roadmap from the CNCF blog.

  • Following Argo above, as a result of a vote of CNCF’s Technical Oversight Committee (TOC), it was announced on 4/9 that the Dragonfly Project , which is an image and file distribution system, will be the CNCF incubation level.

ICYMI: CNCF Webinars

Weekly recap of CNCF member and project webinars that you might have missed.

You can view all CNCF recorded and upcoming webinars here

CNCF Ambassador Webinar: Welcome to CloudLand! An Illustrated Intro to the Cloud Native Landscape

Kaslin Fields, Developer Advocate @Google

  • Webinar’s video carefully explains cloud native technology from the background like a theme park, using the illustration “Welcome to CloudLand!” with an illustration by Google’s Developer Advocate and CNCF Ambassador Kaslin Fields. There is also a blog with illustrations on her site.
  • Feel free to just look at the slides, not the video.

CNCF Member Webinar: Pravega: Rethinking storage for streams

Flavio Junqueira, Senior Distinguished Engineer @Dell

  • Flavio Junqueira, Senior Distinguished Engineer at Dell , explains Webinar’s video stream storage tool Pravega , entitled “Rethinking storage for streams”. I am honestly weak in this genre, so I have to reinforce it. This is also my homework.

CNCF Member Webinar: Best Practices for Deploying a Service Mesh in Production: From Technology to Teams

William Morgan, Co-Founder and CEO @Buoyant; Ana Calin, Systems Engineer @Paybase; William King, CTO and Founder @Subspace; and Matt Young, VP of Cloud Engineering @EverQuote

  • By Buoyant Co-Founder and CEO William Morgan, Paybase Systems Engineer Ana Calin, Subspace Founder and CTO William King, and EverQuote VP of Cloud Engineering Matt Young Webinar video explaining “best practices for deploying service mesh in production environment” and interactive Q&A between presenters.

CNCF Member Webinar: New Thoughts on Distributed File System in the Cloud Native Era

Shuoran Liu, Architect @JD.COM

  • JD.COM Architect Shuoran Liu entitled “New Idea in Distributed Systems in the Cloud-Native Era” titled “JD.COM’s Implementation in Production Environment” Webinar video explaining how to do it. Well, this is also a deeply digged content. homework.

The Technical

Tutorials, tools, and more that take you on a deep dive into the code.

Provisioning cloud resources (AWS, GCP, Azure) in Kubernetes

Daniele Polencic, LearnK8s

  • I will skip it because I touched upon it on KubeWeekly #210 last week.

Agile Stacks- Docs

The goal of this tutorial is to provide automation for developer workflows on Kubernetes through the Skaffold approach.

  • A tutorial by Agile Stacks on how to automate developer workflows using Skaffold on Kubernetes (101). I use ptvsd for remote debugging of apps on Kubernetes. There is also 201 “Working for stateful applications on Kubernetes” in relation to workflow for developers.

Controlling outbound traffic from Kubernetes

Monzo

  • In order to more secure the company’s banking platform, to repair the inside of traffic control in the second half of last year, Monzo, Inc. ran the network project to protect the customer from outside intrusion (the article here ).
  • In this article, we introduce that we also performed the same control for outbound traffic leaving the company’s platform.

Extending Kubernetes with Operators

Christopher Heppell, Redgate Software

  • As the title says, “Expanding Kubernetes with Operator”, I will explain the experience of the workshop of Red Hat that I participated in in the past.
  • It’s an article with a feeling of deja vu, but I can’t find past articles. I often see articles related to Operator, so I’m guessing.

Your own Kubernetes controller — Improving and deploying

Nicolas Frankel

Multi-tenant Kubernetes Clusters with the HAProxy Kubernetes Ingress Controller

Nick Ramirez, Haproxy

Working With Istio: Track Your Services With Kiali

Mohamed Ahmed, Magalix

Be Careful When Pulling Images by Short Name

Jason Shepard, Red Hat

  • An article that conveys the risk of image squatting by pulling the container image with a short name instead of the full URL, and explaining how to deal with it when using RHEL or Open Shift which is the foundation of Red Hat.

Bottlerocket with Fork, Clone, Run! — A Container Optimized OS with a GitOps model

Chanwit Kaewkasi, Weaveworks

  • An article that explains the Bottlerocker and GitOps models, which are the OSs optimized by AWS to run large-scale OSS containers.

Embrace and Replace: Migrating ZooKeeper into Kubernetes

James Kerbinger and Paul Furtado, HubSpot

  • A story of migrating hundreds of HubSpot ZooKeeper instances from their respective server instances to Kubernetes with no downtime.
  • Lastly, check the important prerequisites on the network.

Useful Interactive Terminal and Graphical UI Tools for Kubernetes

William Lam, VMware

  • When VMware Lam, Senior Staff Solution Architect of VMware, Inc. gave a workshop for internal marketing and support engineers to run their e Tanzu Kubernetes Grid (TKG) cluster on VMware Cloud on AWS environment, It is better to have a tool that improves the experience for those who use for the first time.” I wrote an article about the tool group at a later date after receiving introduction and feedback.
  • It covers Octant , Lens , Kubevious , Kubelive , K9s, etc.

Introducing Krustlet, the WebAssembly Kubelet

Dies Labs

  • Introductory article of the OSS tool Krustlet (Kubernetes-rust-kubelet) recently announced by Deis Labs.
  • The purpose of the tool is the following two.
    1. They want to easily deploy the WebAssembly workload on Kubernetes.
    2. Much of the Kubernetes ecosystem is written in Go, but I would like to provide tools written in other languages, Rust.

The Editorial

Articles, announcements, and morethatgive you a high-level overview of challenges and features.

Jaeger, with Yuri Shkuro

Craig Box and Adam Glick, Kubernetes Podcast

Kubevious

This GItHub repo is for Kubevious project, application-centric Kubernetes UI

Reliable, Self-Healing Kubernetes Explained Plus, the role of self-healing nodes and infrastructure management

Kublr team

  • “Many vendors say their platform is “self-healing” and Kubernetes also has self-healing by default, but there are three layers to self-healing, one of which Kubernetes is It covers only one of them,” and explains the layers one by one.

Five years of Raspberry Pi clusters

Alex Ellis, OpenFaaS

  • An article that looked back on “5 years with my house Raspberry Pi cluster” by Alex Ellis, who has appeared several times in other articles.
  • An article that begins with Swarm Classic and shows the evolution of both hardware and software technologies such as the introduction of k3s. There was much content that the last Take-aways personally stuck.

Kubernetes v1.18 advances Windows container support

Craig Peters and Mark Rossetti, Microsoft

  • An article on Microsoft’s Open Source Blog that introduces the advanced support for Windows containers in Kubernetes v1.18.
  • Introducing CSI Proxy for Windows. As a future function, a method of managing a cluster with mixed OS with Runtime Class is being considered.

Is there a Helm and Operators showdown?

Matt Butcher, Microsoft

  • In response to the question often asked by the author on Microsoft’s Open Source Blog, “Which is Helm or Operator?”, “Why Barcelona or NY Yankees win the superball?” As a comparison, an article that introduces each feature, difference in purpose, confusion due to terms, etc., and organizes issues.

Why Linux containers are a CIO’s best friend

Brian Gracely, Red Hat

  • An article that enlightens CIOs to learn Linux containers and become a powerful ally while giving keywords such as agility, Kubernetes, and no silver bullets.

Upcoming CNCF webinars

You can check some Recorded Webinars and Upcoming Webinars here. The following are posted as Upcoming CNCF webinars at that moment.

Declarative Host Upgrades From Within Kubernetes
Adrian Goins,Director of Community and Evangelism @Rancher Labs
Dax McDonald,Software Engineer @Rancher Labs
Jacob Blain Christen, Principal Software Engineer @Rancher Labs
Member webinar
April 14, 2020 10:00 AM Pacific Time

Helping App Developers Adopt Kubernetes with Tekton and Argo Automation
Roland Barcia, CTO Solution Engineering @IBM
Sean Sundberg, Lead Architect, Cloud Native Toolkit @IBM
Member webinar
April 15, 2020 10:00 AM Pacific Time

Enabling Cloud Native Storage for the Enterprise
Chris Merz, Principal Technologist for DevOps @NetApp
George Tehrani, Product Manager for Kubernetes and Cloud Native Data @NetApp
Member webinar
April 16, 2020 10:00 AM Pacific Time

KubeCarrier: The Operator of Operators
Nico Schieder, Software Engineer @Loodse
Member webinar
April 22, 2020 10:00 AM Pacific Time

如何让你的Windows应用运行在Kubernetes平台
杨雨 Alex Yang, 解决方案架构师 Solution Architect @Mirantis
张文墨Larry Zhang, 解决方案架构师 Solution Architect @Mirantis
Member webinar
This webinar will be delivered in Chinese
April 23, 2020 10:00 AM China Standard Time

Kubernetes 1.18
Kubernetes team
Project webinar
April 23, 2020 9:00 AM Pacific Time

Best Practices In Implementing Container Image Promotion Pipelines
Baruch Sadogursky, Head of DevOps Advocacy @JFrog
Member webinar
April 30, 2020 10:00 AM Pacific Time

How AWS uses Firecracker and Fargate to run serverless Kubernetes pods in Amazon EKS
Mo Ziyuan 莫梓元 解决方案架构师 @AWS
Member webinar
This webinar will be delivered in Chinese.
May 7, 2020 10:00 AM China Standard Time

Pivoting Your Pipeline from Legacy to Cloud Native
Tracy Ragan, CEO of DeployHub and CDF Board Member
Member webinar
June 30, 2020 10:00 AM Pacific Time

How about those articles? Do you have any interest in any?

Actually, I have some contents which I can not digest at this stage, I’ll make use of this aide-memoire and links for catching-up for myself too.

Bye now!!

Yoshiki Fujiwara

Written by

An infra engineer in Tokyo, Japan. Grew up in Athens, Greece(1986–1992). #Network, #Kubernetes, #GCP, #AWS SAP, #National Tour Guide for English

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store