SRE / DevOps / Kubernetes Weekly Collection#16(Week 21)

13 min readJul 16, 2020

In this blog post series, I collect the following 3 Weekly Mailing List I subscribe to, leave some comments as an aide-memoire and useful links.
Actually, I have already published the same content in my Japanese blog and am catching-up in English in this series.
I hope it contributes to the people browsing this kind of information as a reference.

DEVOPS WEEKLY ISSUE #490 May 17th, 2020
SRE Weekly Issue #219 May 18th, 2020
KubeWeekly #217 May 22nd, 2020

DEVOPS WEEKLY ISSUE #490 May 17th, 2020

News

A talk from last year’s GoTo Copenhagen on Why Your Private Cloud is Probably a Bad Idea.

The title is “Why Your Private Cloud is Probably a Bad Idea”.
A YouTube video containing a presentation at GOTO COPENHAGEN 2019 by Sam Newman, author of “Building Microservices.” There is also a slide at the link destination.
An attractive presentation. All lines have intentions and intentions, which shows the sincerity of sharing ideas. I will keep it as an example.

This post looks at the promise of AIOps, and its relationship to both operations and observability.

The title is “Observability and the Misleading Promise of AIOps”.
It explains the expectations, actual conditions, misunderstandings, alternatives, etc. that the author thinks in the word “AIOps” created by Gartner in 2017.

A look at the relationship between observability and controllability.

The title is “Git Ops Part 3-Observability”.
Weaveworks blog. A fairly old article dated October 17, 2017. Part 3 of the GitOps-themed series focuses on Observability. The other articles are rich in content and can be read all the time (not saying I have read them).

A detailed series of posts on detection engineering, looking at identifying attackers and exploring core concepts like detection in depth and capability abstraction.

A trilogy blog with the theme “Detection Engineering”. The titles are “Capability Abstraction”(Linked above), “Detection Spectrum”, and “Detection in Depth”.
The link is only attached to the title. Each blog Medium has an estimated reading time of 10 minutes or more, so be sure to see each.
Although the textual information is in its own way, the figures are inserted so that the reader can imagine it.

A look at some powerful new Helm features in Helm 3 which allow for generating a secret on installation which is then reused for upgrades.

The title is “Auto-Generated Helm Secrets.”
An article explaining how to automatically generate Secret of Kubernetes with Helm when upgrading.

A tutorial for managing Azure infrastructure using ARM templates deployed via Azure DevOps pipelines.

The title is ”Deploying Azure ARM Templates From Azure DevOps — With A Complete Example”.
An article that explains how to deploy an ARM template in the DevOps repository of Azure by using a pipeline on Azure. He said that “Admittedly, I’ve tried this before, lost patience, and abandoned it. This time, I persisted and succeeded.”

It’s often useful to be able to grab a proper virtual machine locally, for testing or development purposes. This post introduces multipass, which provides a handy way of provisioning local VMs.

The title is “How to Quickly Launch Ubuntu Virtual Machine with Multipass”.
An article explaining how to use “Multipass” as a lightweight VM manager that can launch Ubuntu VMs quickly.

A look at using Conftest and Open Policy Agent to test Dockerfiles for various best practices and issues.

The title is “Docker file Security Checks using OPA Rego Policies with Conftest”.
Before deploying the code to the production environment, as a tool that encodes security as a policy and checks whether there is a potential risk in the Dockerfile, “Conftest” “OPA (Open Policy Agent)” “docker-security-checker” are used for explanation.
The author gave a quick link to “ Katacoda playground “ and said that “I had built this scenario to try out yourself to learn and practice rather reading it and forgetting ;)”

Jobs

King is looking for new members for the infrastructure engineering teams to help develop, manage and expand our software based networking setup across datacenters and (Google) cloud. Please take a look at the open role for networking engineers. We’re also still looking for both database and streaming data engineers, if that is more your style.

Job information from King, which was also available the other day. The number of posts is increasing. It seems that we are looking for SRE, Database SRE, Network SRE(at that moment).

Events

Software Circus is back. A 12 hour event, happening on 21st May, has talks on bare metal, API gateways, container registries, building your own PaaS as well as a costume contest and yoga sessions. Some fun and lots of learning to be had.

CLOUD NATIVE VIRTUAL FESTIVAL “Software Circus” web page to be held on May 21(at that moment). The participation fee was free, and Kelsey Hightower and others participated.
The event would be held from 5/21 10:00 to 22:00 CEST (Central European Time), so under summer time +7 hours is Japan time, so 5/21 17:00–5/22 05:00 JST (Japan Standard Time).

Tools

cdk8s is a framework for defining Kubernetes applications and reusable abstractions using different programming languages, including TypeScript and Python with more planned.

The io page of the new OSS tool “cdk8s” that I checked in KubeWeekly’s Webinar last week . Click here for the GitHub page .
The supported languages are TypeScript, JavaScript, Python, Java and .NET, and other languages will be supported in the future. Those who have already written such programming languages can use their know-how to define Kubernetes apps using supported languages instead of YAML.

Kubie is a CLI tool to help with management of Kubernetes context and namespace information. Handy if working with multiple clusters.

The GitHub page of “Kubie”, which is an OSS CLI tool that is an alternative tool of “kubectx”, “kubens” and “k on”. The character is cute.

K9s is a terminal based UI to interact with your Kubernetes clusters. It aims to make it easier to navigate, observe and manage your deployed applications from the command line.

Kubernetes cluster management CLI tool “K9s” io page. Click here for the article.
I will skip it because I commented on it in the previous blog .

SRE Weekly Issue #219 May 18th, 2020

Articles

Download our new on-call book [Atlassian]

Check out this new 100-page ebook on incident response from Atlassian, great for folks setting up a brand new on-call structure or improving their existing one. It even has a section on compensating teams for being on-call.

Serhat Can — Atlassian

Atlassian’s “On Call” free e-book introductory article. If you enter your name, affiliation, title, email address, etc., you will be prompted to download the e-book by email.

How Many Is Too Much? Exploring Costs of Coordination During Outages

Laura Maguire discusses the compelling data from her PhD dissertation that the Incident Command System actually makes incident response less efficient, along with lots of other interesting findings.

Laura Maguire

QCon presentation video that reveals the hidden costs of collaboration and explains how resilient performance is directly linked to collaboration.
You can get interesting keywords and viewpoints such as the request for coordination and cognition, and the coordination paradox. I wanted to see the video, so I registered as an InfoQ account (linked to a Google account).

“The Future of DevOps is Resilience Engineering” Incident Retrospective

A summary of a great talk by Amy Tobey at Failover Conf, amusingly framed as a “retrospective”.

Hannah Culver — Blameless

Focusing on Amy Tobey ‘s presentation at the Failover Conf, “ The Future of DevOps is Resilience Engineering, “ Q&A is covered in chronological order. The link takes you to the Failover Conf playlist page on YouTube so you can see other presentations too.

Operations in the Cloud

In this case, the “cloud” refers to actual clouds, the ones in the sky. It’s a comparison between concepts in aviation and SRE, fields that have significant overlaps.

Bill Duncan

Bill Duncan’s article whose blog appears frequently in this blog. It’s dated August 08, 2018, so it’s a pretty old article.
He said he was very fortunate to have received “pilot training” as an SRE, citing many similarities to system operation.

Five causes of poor availability to watch out for

My favorite:

The fact that you need to make changes to maintain availability, will itself threaten your availability.

Lee Atchison — diginomica

An article describing “5 things to watch out for that cause poor availability”.

How a Facebook Bug Took Down Spotify, TikTok, and Other Major iOS Apps

A bug in a new release of the Facebook SDK caused some iOS apps to crash.

Brian Barrett — WIRED

A WIRED web article about a disability that affected many of the most prominent apps (TikTok, Spotify, Pinterest, Venmo, etc.) due to a bug in Facebook’s SDK.
It was interesting and noticed that even apps that do not implement “login with Facebook” were affected by using the SDK.

Making peace with “root cause” during anomaly response

[…] I’m no longer going to try do get engineers to stop saying root cause while they are engaged in an incident. If the experts at anomaly response find it a useful phrase while they are doing their work, we should recognize this as a part of their expertise.

Loren Hochstein

An article on the theme of “Reconciling with the technical term “Root Cause” when dealing with a problem”. I feel that it is better to deal with abnormalities (detection) than to deal with “anomaly response” as a fault response, but in the excerpt above, “[…] I’m no longer going to try to get engineers to stop saying I defeated it while respecting “ root cause while they are engaged in an incident “.
In the context of root cause analysis, Toyota’s “5 Why analysis” is also mentioned.
I really feel the need to correct if the words I’m using are technical terms that aren’t widely used, are domain-specific, or are misleading. The author encouraged others to change their expressions, but I found that “I don’t know the root cause” is an effective term for coordinating when dealing with a disability, so I don’t use it myself, but it is worth fighting for. The story that he stopped to fight for the term because he knew it was not something to struggle with.

Outages

Slack
Slack’s server infrastructure scales up every day to handle volume in North America by increasing the size of the server pool available to handle requests. Some of these servers did not successfully register with our load balancing infrastructure during this process of scaling up, and this ultimately led to a decline in the health of the server pool over time.

KubeWeekly #217 May 22nd, 2020

The Headlines

Editor’s pick of the highlights from the past week.

Last chance: Please fill out the 2020 CNCF Cloud Native Survey!

Our 1H 2020 cloud native survey is in full swing and closes FRIDAY May 22 (today)!

The goal of this survey is to capture the current state of Kubernetes, CNCF projects, and cloud native technologies such as service mesh, serverless, and storage. The information gathered from the survey is used by CNCF to better understand the current cloud native ecosystem. It can be used by the community as a data point to consider as they develop their cloud native strategies.

Help out CNCF and the community by filling out the survey! The results will be open sourced and shared on GitHub as well as a report in the June time frame.

They conducted surveys as well the previous week(at that moment).

ICYMI: CNCF Webinars

Weekly recap of CNCF member and project webinars that you might have missed.

You can view all CNCF recorded and upcoming webinars here.

CNCF Ambassador Webinar: Influencing DevOps without Authority — how “DevOps engineer” can advance real DevOps

Baruch Sadogursky, Head of Developer Advocacy @JFrog and Leonid Igolnik, Founding Investor and Advisor @Clearlaw

A Webinar video introducing an intuitive and Kubernetes-native policy management method using a certain “Kyverno”.
I didn’t check Kyverno at all, but I want to touch it, so it is my homework.

CNCF Member Webinar: How to keep your clusters safe and healthy

Shuting Zhao, Software Engineer @Nirmata and Jim Bugwadia, Founder and CEO @Nirmata

A webinar video that explains a story.
It is not a technical story, but an organizational theory, discussing how to think, learn, and act as an individual.

CNCF Member Webinar: Take Your Monitoring to the Next Level

Liran Haimovitch, Co-Founder & CTO @Rookout and Mickael Alliel, DevOps @Rookout

It is for practical examples, how to start, how to choose and use tools with specific advice and they said that “we are going to debunk the myth of how hard this process is.
The slides for multi-layer monitoring are easy to read and have a business perspective, so I would like to watch them again later.

The Technical

Tutorials, tools, and more that take you on a deep dive into the code.

How to make a Helm chart in 10 minutes

Jessica Cherry, Opensource.com

An article that explains how to make a chart of Helm, an application package manager of Kubernetes, in 10 minutes.
For the environment, they used Kubernetes, a test environment of a single node, built with minikube. I’m writing a small Nginx Web server app.

Canary deployment with Argo

Romain Guichard, Argo

An article that introduces canary deployments using Argo, a suite of CD tools.
The author encouraged everyone to read and revisit the previous articles describing Argo. CICD is a genre that I personally want to deepen my understanding and design with it.

Running Dockerized Laravel Applications On Top Of Kubernetes

Adeyemo Qudus, Magalix

An article explaining the token authentication linkage of Kubernetes of GitLab’s CICD pipeline used in my environment, with the theme of “Running Dockerized Laravel application on Kubernetes”.
The procedure and explanation are simple and it is easy to see the environment variable settings of CICD.

Linux Containers in a few Lines of Code

Serge Zaitsev

A container version of an article that was previously described under the theme of “KVM HOST IN A FEW LINES OF CODE”. An article that explains how the container works when you run the busyboxy Docker image.

The Editorial

Articles, announcements, and morethatgive you a high-level overview of challenges and features.

Rook, the storage operator made in CNCF with Sébastien Han

Electro Monkeys Podcast

A French podcast talking about Rook 1.3 , storage operator at Kubernetes. I couldn’t hear French, so I could only look at the translation. I would like to learn other languages more easily as the automatic subtitles and learning functions evolve.

Scale the Harbor with Pierre Péronnet and Maxime Hurtrel

Electro Monkeys Podcast

The same French podcast as above, with the theme of Harbor.
It seems that you are talking about Trivy, Operator SDK, Kubebuilder, etc., but after hearing a little, I was unfortunately able to hear only French terms and “merci” in French.

Carving out a Cloud Native Culture in Established Organizations

Cornelia Davis (WeaveWorks) and Chris Short (Red Hat)

It mentioned things like “The reason for not practicing, such as being a monolith, has risen, but as long as the DevOps methodology is practiced, that is not a problem.” I thought it was important to contact, consult, and hear the opinions of people who have the perspective to solve the problem. I also want to have a viewpoint, a method, and an idea to solve a problem.

A Pandemic Plan for Application Architecture

Pankaj Gupta, The New Stack

This article describes microservices architecture as providing business continuity and business agility when an event that cannot be read ahead occurs.
The second question to ask the SaaS app vendor, “Is your service microservice-based?”, doesn’t seem very meaningful for me. I don’t think the person being asked can really understand what they mean, so if the term microservices meets the expected requirements, I’d like them to break it down and convey it specifically.

The Past, Present, and Future of API Gateways

Richard Li, InfoQ

An article that describes the past, present, and future of API gateways. Good articles that explain the Internet in chronological order from the early days. I want to check it again.

Microsoft Azure Arc Previews Kubernetes Focus

Dan Meyer, SDxCentral

A commentary on “Microsoft Azure Arc Previews” released at the Microsoft Build 2020 conference. Kubernetes clusters can be attached and configured inside and outside Azure (data centers, edge locations, other clouds).

LOTE #6: Dana Lawson on Kubernetes, Local Development Loops, and Constant Learning

GitHub’s Dana Lawson (VP of Engineering) was invited as a guest and talked about “Impact of Kubernetes on operation”, “Impact of cloud on local development experience”, “Benefit of continuous learning”, etc.

5 open source projects that make Kubernetes even better

Gordon Haff, Red Hat

An article introducing the following five cloud-native OSS projects that provide additional functionality to Kubernetes.

Prometheus
Operator framework
Knative
Tekton
Kubeflow

Kubernetes deployments: 6 security best practices

Kevin Casey, Red Hat

An article that shares tips for improving overall software development and deployment security. Describes the six things that Kubernetes development should and should not do.

Upcoming CNCF webinars

You can check some Recorded Webinars and Upcoming Webinars here. The following are posted as Upcoming CNCF webinars at that moment.

Member Webinar: Zero Trust Services in Kubernetes
Randy Abernethy, Managing Partner @RX-M
May 22, 2020 10:00 AM Pacific Time

Member Webinar: Integrating multi-location ADC with Prometheus+Grafana
Dave Blakey, CEO @Snapt Inc
May 26, 2020 10:00 AM Pacific Time

Member Webinar: Discover, Deliver and Secure your APIs Anywhere
Jakub Pavlik, Director of Engineering @Volterra
Madhukar Nayakbomman, Lead Solutions Engineer @Volterra
May 27, 2020 7:00 AM Pacific Time

Member Webinar: Update on and Demo of Piraeus Datastore (LINSTOR)
Philipp Reisner, CEO @LINBIT
May 27, 2020 10:00 AM Pacific Time

Project Webinar: Harbor, the trusted cloud native registry for Kubernetes
Michael Michael, VMware
May 28, 2020 10:00 AM Pacific Time

Member Webinar: Securing Service Mesh with Kubernetes, Consul and Vault
Nicole Hubbard, Developer Advocate @HashiCorp
May 29, 2020 10:00 AM Pacific Time

Member Webinar: Trivy Open Source Scanner for Container Images — Just Download and Run!”
Teppei Fukuda, Open Source Engineer @Aqua Security
June 3, 2020 10:00 AM Pacific Time

Member Webinar: Develop your Cloud Native use cases at the Edge with K3s
Pranay Bakre, Staff Technical Marketing Engineer @Arm
Julio Suarez, Staff Engineer @Arm
June 10, 2020 7:00 AM Pacific Time

Member Webinar: Hybrid Cloud Kubernetes with Nodeless
Madhuri Yechuri, Founder @Elotl
June 10, 2020 10:00 AM Pacific Time

Member Webinar: The Definitive Checklist for Delivering Reliable
Kubernetes-based Applications

Brandon Groves, Senior Software Engineer @OverOps
Ben Morrise, Software Engineer @OverOps
June 11, 2020 10:00 AM Pacific Time

Member Webinar: Multitenancy Webinar: Better walls make better tenants
Adrian Ludwin, Senior Engineer @Google
June 17, 2020 8:00 AM Pacific Time

Member Webinar: Learning from the visible past to accelerate the observable future
Curtis Hrischuk, Technical Product Manager @Instana
June 17, 2020 10:00 AM Pacific Time

Member webinar: Kubernetes Cost Allocation Done Right
Webb Brown, Co-founder and CEO @Kubecost
June 24, 2020 10:00 AM Pacific Time

Member Webinar: Pivoting Your Pipeline from Legacy to Cloud Native
Tracy Ragan, CEO of DeployHub and CDF Board Member
July 1, 2020 1:00 PM Pacific Time

How about those articles? Do you have any interest in any?

Actually, I have some contents which I can not digest at this stage, I’ll make use of this aide-memoire and links for catching-up for myself too.

Bye now!!

Yoshiki Fujiwara