SRE / DevOps / Kubernetes Weekly Collection#19(Week 24)

  • In this blog post series, I collect the following 3 Weekly Mailing List I subscribe to, leave some comments as an aide-memoire and useful links.
  • Actually, I have already published the same content in my Japanese blog and am catching-up in English in this series.
  • I hope it contributes to the people browsing this kind of information as a reference.

DEVOPS WEEKLY ISSUE #493 June 7th, 2020
SRE Weekly Issue #222 June 7th, 2020
KubeWeekly #220 June 12th, 2020

DEVOPS WEEKLY ISSUE #493 June 7th, 2020

News

If you’re in tech and thinking about the Black Lives Matter movement then please read this article on how the tech community can provide support.

  • The title is “Black Lives Matter: How the Tech Community Can Provide Support”.
  • He explained to the Black Lives Matter in the US how the tech community could solve immediate and urgent needs.
  • He introduced actions/ideas and background like where you can donate (funds, organizations), wear masks/maintain social distances during peaceful protests, monitor police, support local journalism, report fake news, etc..

Successfully adopting devops practices takes good management. This collection of books covers lots of good topics for new or experienced managers.

  • The title is “I’m new to Engineering Management, what books should I read?”.
  • An article that introduces the ten books a new engineering manager should read by category: “Moving to a management role,” “Motivation and Empowerment,” “Communication,” and “Project Delivery.” if you disagree or want to add your recommendation then please let him know.

A look at how COVID-19 and surrounding events has affected on-call; remote work, new schedules and anxiety.

  • The title is “On call and COVID-19 Survey Results”.
  • The article first mentions that it was a pre-Black Lives Matter study in the article above, and it’s unclear how it will impact the data and what the results will be.
  • The figures are visually checked and analyzed by the author. He commented that “After seeing the responses to the survey, I feel more optimistic. In a way, I shouldn’t have been surprised. Humans are very adaptable. “ and he thanked the people who cooperated in the survey.

A talk looking at the benefits of chaos engineering, and testing in production, when it comes to security.

  • The title is “Dev SecOps and Security Chaos Engineering-Aaron Rinehart”.
  • Session video of the online tech conference “AllTheTalks.online”.
  • The speaker is the author of security part of “Chaos Engineering” and “Security Chaos Engineering”. It provides an overview of Chaos Engineering, the environment to be implemented, and use cases.

An introduction to CNAB, a packaging format for applications composed of multiple components. A good update on upcoming additions to the set of specifications.

  • The title is “CNAB: A package format for the cloud”.
  • An article introduces CNAB (Cloud Native Application Bundle) Project Goals: “Just as it is easy to run an installer on our laptops or put a new app on our phone, it should be easy to install a new cloud application.”, current tools, immediate goals, and how to participate.

A look at comparative performance of intel and ARM chips, in this case with detailed benchmarks on AWS using the Minio object storage server.

  • The title is “Impact of Intel vs. ARM CPU Performance for Object Storage”.
  • An article comparing CPU performance for Intel and ARM object storage using the AWS S3-compatible OSS tool MinIO. According to AWS, the performance of ARM servers has been reviewed, triggered by the news that the Graviton2 server with ARM-based chips has become GA, “New — EC2 M6g Instances, powered by AWS Graviton2”.

An interesting discussion of Kubernetes through the lens of a database, considering infrastructure as data, views, query languages and more.

  • The title is “Fundamentals of Declarative Application Management in Kubernetes”.
  • Alibaba Cloud’s Staff Engineer, CNCF Ambassador, CNCF SIG App Delivery Co-chair, and Kubernetes maintainer Zhang Lei quoted on Twitter as “Kubernetes is the new database”, and the author “Kubernetes” It means that Kubernetes itself works like a database, rather than being used as a database.”
  • Keywords such as Infrastructure as Data (IaD) are scattered.

A look at different ways of managing Helm charts, from a chart monorepo to per-chart repositories to storing the charts alongside the application code.

  • The title is “What’s the best way to manage Helm charts?”.
  • An article discussing and explaining the best ways to manage Helm charts. Commentary from the perspective of team structure, company size, and DevOps culture.

An example repository for anyone interested in a real-world gitops workflow using Kustomize, Flux and Helm.

  • If you’re interested in real-world GitOps workflows, an email newsletter editor takes you to the GitHub repository page, which contains examples of using Kustomize, Flux, and Helm.

Jobs

King is looking for new members for the infrastructure engineering teams to help develop, manage and expand our software based networking setup across datacenters and (Google) cloud. Please take a look at the open role for networking engineer. We’re also still looking for both database and streaming data engineers, if that is more your style.

  • Continued job information from King(at that moment). There seemed to be no change in posts from the week before last. It seemed that they were looking for SRE , Database SRE , Network SRE.

SRE Weekly Issue #222 June 7th, 2020

Articles

Meaningful availability: How many nines do you actually need?

This article in a nutshell:

Kolton Andrus — Gremlin

  • It is described in the following perspectives.
    ○ What do your customers want?
    ○ Long-term vs. short-term outages
    ○ Be proactive with chaos engineering

Byzantine and non-Byzantine distributed systems

I hadn’t heard of this distinction before. If you haven’t either, click through to find out more.

Ayende Rahien — RavenDB

  • Like the editor of the e-mail magazine, I didn’t know the distinction of the “Byzantine Generals Problem” of distributed systems, so learned. I also want to read the paper later.

Using SRE to meet reliability challenges

In our experience, the three big sources of production stress are:

Cheryl Kang — Google

  • An article on the GCP Web page that explains how to achieve the challenge of ensuring reliability using the SRE principle.

Faulty Equipment, Lapsed Training, Repeated Warnings: How a Preventable Disaster Killed Six Marines

ProPublica picks apart the incident in exhaustive detail, showing how multiple problems interwoven in the organization contributed to this tragedy.

Robert Faturechi, Megan Rose and T. Christian Miller — ProPublica

  • It highlights the 2018 US Marine Corps accident in Japan that occurred despite repeated warnings about poor equipment, lack of training, etc. YouTube video is embedded.

SRE, CSE, and the safety boundary

There’s a great review of Rasmussen’s safety boundary model, which I wasn’t previously familiar with. A system moves between three boundaries:

  • the boundary to economic failure
  • the boundary of unacceptable work load
  • the boundary of functionally acceptable performance

Lorin Hochstein

  • This article explores the differences between SRE (Site reliability engineering) and CSE (Cognitive systems engineering), and since the author was not working directly with SRE and CSE, he was trying to analyze from the perspective of “outsiders.”

The Tail at Scale Revisited

This one includes a really nifty graph showing how reliable your N backend microservices need to be in order to hit a given reliability target R.

Bill Duncan

  • An article that presents graphs to help you understand how it relates to the user experience and explores ways to dramatically improve overall performance.

Oncall and COVID-19 Survey Results

Here are the results of the survey I linked here a couple weeks ago. There are some interesting and surprising results, well worth a read.

Rich Burroughs — FireHydrant

  • I will skip it because I mentioned it in DevOps Weekly above.

The mystery of the expiring Sectigo web certificate

A commonly-used CA’s Root certificate expired, causing some havoc. Even though Sectigo did everything right, some software didn’t handle the transition to the new root well.

Paul Ducklin — Naked Security

  • An article about the fuss when certificates from the Certificate Authority Sectigo (formerly Comodo) have expired in the web hosting community.

Outages

KubeWeekly #220 June 12th, 2020

The Headlines

Editor’s pick of the highlights from the past week.

Priyanka Sharma Chats With Kubernetes Podcast from Google

The new general manager of the CNCF, Priyanka Sharma, joins the Kubernetes Podcast from Google. She chats with hosts Craig Box and Adam Glick about what to expect in 2020, talks about virtual events, and gives some hints on how to rename projects. Listen now!

  • Kubernetes Podcast by Google employees. The current co-hosts are Craig Box and Adam Glick.
  • The guest is Priyanka Sharma, who became the new General Manager of CNCF on behalf of Dan Kohn. I covered it in another podcast last week, but here I was told about my career from the story before the start of my career, and I am able to convey how I enjoy communicating with people and my personality.
  • It seems that Dan Kohn’s future activities will be announced by himself again soon, so Priyanka says he does not tell much.
  • The topics of my interest in News of the week are: There were a lot of interesting news items such as changes in CVE and CKA programs.
    ○ Fairwinds Polaris is GA
    ○ Solo Developer Portal for Istio
    ○ CVE-2020–10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
    ○ CVE-2020–8555: Half-Blind SSRF in kube-controller-manager
    ○ Ambassador 1.5 released
    ○ CKA program changes

Deadline Extended to June 28: KubeCon + CloudNativeCon North America 2020 Call for Proposals

Great news — the CFP for KubeCon + CloudNativeCon North America has been extended to June 28! CNCF events are an excellent way to get to know the community and share your ideas and the work that you are doing. You do not need to be a chief architect or long-time industry pundit to submit a proposal, in fact, we strongly encourage first-time speakers to submit talks for all of our events.

CNCF events are working conferences intended for professional networking and collaboration in the CNCF community and they work closely with our attendees, sponsors, and speakers to help keep these events professional, welcoming, and friendly. If you have any questions on how to submit a proposal or the event in general, please contact cfp@cncf.io. We invite you to submit today!

  • KubeCon + CloudNativeCon North America 202 CFP (Call for Proposals) deadline extended until June 28th(at that moment).

ICYMI: CNCF Webinars

Weekly recap of CNCF member and project webinars that you might have missed.

You can view all CNCF recorded and upcoming webinars here.

CNCF Member Webinar: Self-service of Cloud Resources for Kubernetes Applications

Lewis Marshall, Cloud-Native Delivery Advocate @Appvia

  • Webinar video explaining the following points by Mr. Lewis Marshall (SRE, Cloud-Native Delivery Advocate) of Appvia.
    ○ Discuss best practices around self-service of Cloud Services for Kubernetes applications; ensuring security, supporting agile development and reducing workloads
    ○ Talk about Kubernetes extensibility, from open service broker API through to Operators
    ○ Discuss major cloud vendors approaches, GCP, AWS and Azure and the direction they’re heading in when it comes to cloud service automation through Kubernetes
    ○ Talk about how to adopt an approach for portability across the changing and evolving landscape
    ○ Compare varying solutions in the industry with pros and cons

CNCF Member Webinar: Hybrid Cloud Kubernetes with Nodeless
Madhuri Yechuri, Founder @Elotl

  • It lists the motivations for a hybrid cloud control plane, and explains the open source Nodeless projects such as virtual-kubelet, Kip, the latest technology, and current limitations.

CNCF Member Webinar: Things to consider to operate a Multi-Tenant Kubernetes Cluster // Multi-Tenant Kubernetes Cluster를 운영하기 위해 고려할 사항

Han Sol Park // 박한솔, Senior Engineer @Samsung SDS and Kyle Choi // 최규황, Principle Engineer @Samsung SDS

  • The presentation was held in Korean. The slides were made in English, and the speaker commented, “We will do it in Korean to facilitate the activities of the Korean community of CNCF, but if you can ask an email in English,”. It seems good to do the session in Japansese from the same viewpoint. I think there are various conditions such as sponsorship.

CNCF Member Webinar: Develop your Cloud Native use cases at the Edge with K3s

Pranay Bakre, Staff Technical Marketing Engineer @Arm and Julio Suarez, Staff Engineer @Arm

  • It explains CI/CD use cases at the edge and smart city use cases using K3s and K3s.

CNCF Community Webinar: Cluster API (CAPI) — A Kubernetes subproject to simplify cluster lifecycle management

Katie Gamanji, Cloud Platform Engineer @American Express and Naadir Jeewa, Senior Member of Technical Staff @VMware

  • It explains the Cluster API project through an overview, live demo using AWS and Azure, and Q & A.

CNCF Member Webinar: The Definitive Checklist for Delivering Reliable Kubernetes-based Applications

Brandon Groves, Senior Software Engineer @OverOps Ben Morrise, Senior Software Engineer @OverOps, and Alex Zhitnitsky, Director of Product Marketing @ OverOps

  • It explains the following points.
    ○ Implementing code quality gates and driving go/no-go decisions in your CI pipeline
    ○ Defining rollback criteria for CD pipelines and identifying production issues
    ○ Creating a feedback loop between live environments and development

The Technical

Tutorials, tools, and more that take you on a deep dive into the code.

Provision Kubernetes NFS clients on a Raspberry Pi homelab

Chris Collins, Opensource.com

5 ways to boost your Kubernetes knowledge

Seth Kenlon, Opensource.com

  • An article that introduces 5 ways to deepen your knowledge of Kubernetes (deep dive/hands-on) in line with Kubernetes’ 6th anniversary.
  • I am grateful that the information for getting my hands dirty is well organized.

Technical Deep Dive: Developer Portal for Istio

Christian Posta, Solo.io

  • The Solo.io Web page that introduces the components added to Istio by using the Developer Portal for Istio and the main API resources.

Open Source Service Mesh Hub — Technical Overview

Rick Ducott, Solo.io

  • Continuing from the above article, the Solo.io web page. Introducing “Service Mesh Hub” announced by the company as OSS. This is information as of April 8th.
  • There is a demo video. They are looking for questions and feedback.

Log Monitoring and Alerting with Grafana Loki

Ruturaj Kadikar, InfraCloud

  • An article describing the architectural differences between PLG (Promtail, Loki, Grafana) and other major logging and monitoring stacks like Elasticsearch-FluentD-Kibana (EFK).
  • Check it out with “ Logging in Kubernetes: EFK vs PLG Stack “ that was taken up in Week 22.

When it’s not only about a Kubernetes CVE…

Brice Augras, Groupe Asten Company and Christophe Hauquiert, Nokia

  • An article by a security researcher from two French researchers (Brice Augras Christophe Hauquiert, who call themselves Reeverzax and Hach on the bug bounty platform, respectively) who together discovered the Kubernetes vulnerability.
  • I was thrilled to see the excitement, technical details, and timeline of our discoveries.

The Editorial

Articles, announcements, and morethatgive you a high-level overview of challenges and features.

Longhorn: Rancher’s Journey from Zero to GA

William Jimenez

  • As mentioned above, it is a web page of Rancher that depicts the path from zero to GA for OSS “Longhorn”.

Beda, Burns and McLuckie: the Creators of Kubernetes Look Back

David Cassel, The New Stack

  • In a personal podcast by Sysdig’s Dan Papandrea (field chief technology officer), to celebrate Kubernetes’s 6th anniversary, Brendan Burns (Episode 17), Joe Beda/Craig McLuckie (known as ``Kubernetes’s creator’’)(Episode 18) are welcomed as guests.
  • The New Stack takes the content of this podcast and embeds a video.

The Container Security Maturity Model, a Step-by-Step Approach to Cloud Native Security

Michelle McClean, StackRox

  • An article based on the “ Container Security Maturity Model “ created by StackRox to address new and different security challenges that legacy tools cannot address due to the move to cloud-native environments.

Multi-cluster Kubernetes with Ambassador and Linkerd

Richard Li, Datawire

  • In celebration of Kubernetes’s six obsessions, he highlights six points as “six facts you may not know about Kubernetes as of 2020.”
  • What about “Kubernetes is becoming the de facto standard not only for cloud natives but also for on-premises control planes?” I want some numbers that can be helpful.

The state of Kubernetes: 6 facts you might not know

Laurianne McLaughlin, Red Hat

  • Celebrating Kubernetes’s 6th anniversary, the author highlights six points as “six facts you may not know about Kubernetes as of 2020.”
  • What about “Kubernetes is becoming the de facto standard not only for cloud natives but also for on-premises control planes?” I want some numbers that can be helpful.

CNCF Project Spotlight: Helm

CNCF Blog

  • CNCF spotlighted “Helm” in the blog corner of the web page, with two maintainers Matt Butcher (Helm co-founder & Principal Software Development Engineer at Microsoft) and Matt Farina (Senior Staff Engineer at Samsung SDS) ), asked “How the project reached this point and where it’s headed next.”.

How to Contribute to Open Source: The Ultimate Guide

Tatum Hunter, Built In

  • A guide that specifically describes how to contribute to OSS. While explaining, he answers the questions that many people may have, such as “WHEN MAINTAINERS SAY ‘NO’”, “WHAT IF I DON’T CODE?” and so on.

Announcing Linkerd 2.8: simple, secure multi-cluster Kubernetes

Willam Morgan, Buoyant

Lessons Learned From Two Years Of Kubernetes

Noah Kantrowitz, Ridecell

  • The author wrote the lessons and ideas that he has learned over the past two years using Kubernetes for several years with the Ridecell infrastructure team in the following seven points (I would like to point out any mistakes because of my understanding). ing.
  1. Kubernetes Is Not Just Hype
  2. Traefik + Cert-Manager + Ext-DNS Is Great
  3. Prometheus Rocks, Thanos Is Not Overkill
  4. GitOps Is The Way
  5. You Should Write More Operators
  6. Secrets Management Is Still Hard
  7. Native CI And Log Analysis Are Still Open Questions

Upcoming CNCF webinars

You can check some Recorded Webinars and Upcoming Webinars here. The following are posted as Upcoming CNCF webinars at that moment.

Community Webinar: What end users really recommend for Continuous Delivery
Cheryl Hung, Director of Ecosystem @CNCF
June 12, 2020 8:00 AM Pacific Time

Project Webinar: Charting Your Voyage To Helm 3
Matt Farina, Lead Engineer @Samsung SDS
Martin Hickey, Senior Software Engineer @IBM
Adam Reese, Senior Engineer @Microsoft
June 12, 2020 10:00 AM Pacific Time

Member Webinar: Multi-Cluster Service Mesh Operations and Extensibility with WebAssembly
Idit Levine, Founder and CEO @Solo.io
Christian Posta, Global Field CTO @Solo.io
June 16, 2020 10:00 AM Pacific Time

Member Webinar: Multitenancy Webinar: Better walls make better tenants
Adrian Ludwin, Senior Engineer @Google
June 17, 2020 8:00 AM Pacific Time

Member Webinar: Learning from the visible past to accelerate the observable future
Curtis Hrischuk, Technical Product Manager @Instana
June 17, 2020 10:00 AM Pacific Time

Member Webinar: How to better understand K8s workloads using Octant
Wayne Witzel III, Octant Maintainer @VMware
June 17, 2020 1:00 PM Pacific Time

Member Webinar: How to Promote the use of Best Practices and Automate Security Policies Using Tools Like OPA and Kubernetes
Gary Duan, CTO and Co-Founder @NeuVector
June 18, 2020 10:00 AM Pacific Time

Member Webinar: Fast packet processing with KubeVirt
David Vossel, Principal Software Engineer @RedHat
Petr Horacek, Senior Software Engineer @Red Hat
June 19, 2020 10:00 AM Pacific Time

Member Webinar: Cloud Infrastructure for Network Functions — Requirements and testing
Dana Nehama, Director, Product Management Network Cloud @Intel Corporation
Petar Torre, Principal Engineer @Intel Corporation
June 24, 2020 7:00 AM Pacific Time

Member webinar: Kubernetes Cost Allocation Done Right
Webb Brown, Co-founder and CEO @Kubecost
June 24, 2020 10:00 AM Pacific Time

Member Webinar: Monitoring Kubernetes clusters by “chatting” with them Prasad Ghangal, Creator of BotKube and Software geek @InfraCloud
Vishal Biyani, CTO @InfraCloud
Hrishikesh Deodhar, Director of Engineering @InfraCloud
June 25, 2020 10:00 AM Pacific Time

Ambassador Webinar: Commoditise Kubernetes with cluster-api
Gianluca Arbezzano, Senior Staff Software Engineer @Packet
June 26, 2020 10:00 AM Pacific Time

Member Webinar: Best Practices for Running and Implementing Kubernetes
Kendall Miller, President @Fairwinds
Robert Brenna, Director of Open Source @Fairwinds
June 30, 2020 10:00 AM Pacific Time

Member Webinar: 7 Critical Reasons for Kubernetes-Native Backup
Niraj Tolia, CEO and Co-Founder @Kasten
Mark Severson, Member of Technical Staff @Kasten
July 1, 2020 7:00 AM Pacific Time

Member Webinar: Pivoting Your Pipeline from Legacy to Cloud Native
Tracy Ragan, CEO of DeployHub and CDF Board Member
July 1, 2020 1:00 PM Pacific Time

Member Webinar: Stay on top of ongoing Kubernetes security hygiene
Zohar Kaufman, Co-Founder and VP R&D @Portshift.io
Ariel Shuper, VP Product @Portshift.io
July 2, 2020 10:00 AM Pacific Time

Member Webinar: The Challenges and Countermeasures of Service Mesh Practice
裴斐 (Fei Pei), 网易 杭州研究院 云计算技术专家、架构师 @网易*
This webinar will be delivered in Chinese.
July 8, 2020 10:00 AM China Standard Time

Project Webinar: What’s new in Linkerd 2.8 : Multi-cluster Kubernetes made simple and secure by default
Oliver Gould, Linkerd Project Lead, co-founder & CTO @Buoyant
July 8, 2020 10:00 AM Pacific Time

Member Webinar: Building Production-ready Services with Kubernetes and Serverless Architectures
Mike Metral, Software Architect and Engineer @Pulumi
Jason (Jay) Smith, App Modernization Specialist @Google Cloud
July 8, 2020 1:00 PM Pacific Time

Member Webinar: 如何落地 Service Mesh — 从技术选型到实践
马若飞 FreeWheel 北京研发中心首席工程师 @FreeWheel
This webinar will be delivered in Chinese.
July 9, 2020 10:00 AM China Standard Time

Member Webinar: The top 10 most-useful Kubernetes APIs for comprehensive cloud-native observability
Caleb Hailey, Co-founder and CEO @Sensu
July 9, 2020 10:00 AM Pacific Time

Member Webinar: Securing and Accelerating the Kubernetes CNI Data Plane with Project Antrea and NVIDIA Mellanox ConnectX SmartNICs
Antonin Bas, Maintainer of Project Antrea and Staff Engineer @VMware**
Moshe Levi, Sr. Staff Engineer @NVIDIA*
July 14, 2020 10:00 AM Pacific Time

Member Webinar: Serving Millions of Customers with Cloud Native and DevSecOps
Chris Hollies, CTO, Oracle Practice @Capgemini
Akshai Parthasarathy, Principal Director, Cloud Native and DevOps @Oracle Cloud
July 15, 2020 7:00 AM Pacific Time

Member Webinar: Kubernetes and storage. Kubernetes for storage. An overview.
Kiran Mova, Chief Architect at MayaData and core maintainer of OpenEBS @MayaData
July 16, 2020 10:00 AM Pacific Time

How about those articles? Do you have any interest in any?

Actually, I have some contents which I can not digest at this stage, I’ll make use of this aide-memoire and links for catching-up for myself too.

Bye now!!

Yoshiki Fujiwara

Written by

An infra engineer in Tokyo, Japan. Grew up in Athens, Greece(1986–1992). #Network, #Kubernetes, #GCP, #AWS SAP, #National Tour Guide for English

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store