- In this blog post series, I collect the following 3 Weekly Mailing List I subscribe to, leave some comments as an aide-memoire and useful links.
- Actually, I have already published the same content in my Japanese blog and am catching-up in English in this series.
- I hope it contributes to the people browsing this kind of information as a reference.
DEVOPS WEEKLY ISSUE #504 August 23rd, 2020
A great post on the changing role of operations. Some good tips for those wondering what modern ops looks like, with tips on vendor management, outsourcing infrastructure and the importance of understanding sociotechnical systems.
- The title is “The Future of Ops Jobs”.
- Ops’ Future Jobs are described by touching on the following three Changes afoot.
○ From monolith to microservices
○ From monitoring to observability
○ From magic autoinstrumentation to instrumenting with intent
- The author wishes good luck to those who “If your heart truly beats for working on infrastructure problems by joining an infrastructure company, as such issues are increasing.” Otherwise, she recommends building a system that allows a team of engineers to ship software that creates core business value from four perspectives: I’ve heard a lot about vendor control in other industries, but if it can be sublimated into engineering, it certainly has intervening value.
○ Vendor engineering
○ Product engineering
○ Sociotechnical systems engineering
○ Managing the portfolio of technical investments.
- The title is “How NAT traversal works”.
- An article that describes various issues/protocols/firewall components, starting from simple peer-to-peer connection, with NAT as the theme.
- Since there is a lot of volume, I skipped details. I will read it again.
- The title is “How to Choose Software Development KPIs for Your Board Deck”.
- For CTOs, KPIs for software development prepared for Board Meeting and points for productive dialogue on the spot are explained.
○ Start with Engineering Success Metrics
○ Drill Down with Revealing Engineering KPIs
○ Put Engineering Metrics in Conversation
○ Make Board Meetings Work for You
Ever wanted to ensure that messages between services are kept in order, with a retry mechanism for any lost messages? This post describes a specific pattern, but is also part of a set of articles on distributed computing patterns that’s worth exploring.
- The title is “Single Socket Channel”.
- The blog by Martin Fowler, a software development author, speaker and critic . It explains the problems and solutions that Single Socket Channel solves in the title.
- In the commentary, I’ve already linked to the themes explained in his blog in the past, which is very good. You can dig deep into web-related technologies.
- The title is “Improving Postmortems from Chores to Masterclass with Paul Osman”.
- I will skip it because it was taken up in SRE Weekly Issue #231 last week.
- The title is “A new journal for systems research”.
- An article that introduces and explains the Journal of Systems Research (jsysr.org) as an improvement measure by listing the current issues of the system research review process and the open model.
- The title is “Authoring CrossGuard Policy with Open Policy Agent (OPA)”.
- An article described by Pulumi after OPA (Open Policy Agent) Rego language support was added to the code framework as Pulumi’s CrossGuard policy.
Even if you’re not writing applications in Java, it’s often useful to have some knowledge of how logging works as you’ll probably end up running at least some Java applications. These posts provide a solid foundation.
- The title is “Java Logging Tutorial: Basic Concepts to Help You Get Started(Linked above)” and “Java Logging Best Practices: 10+ Tips You Should Know to Get the Most Out of Your Logs”
- The first article focuses on how to properly configure logging for your code to avoid known logging mistakes in Java and covers the following:
○ Logging abstraction layers for Java
○ Out of the box Java logging capabilities
○ Java logging libraries, their configuration, and usage
○ Logging the important information
○ Log centralization solutions.
- The second article discusses 14 best practices for Java logging:
- Use a Standard Logging Library
- Select Your Appenders Wisely
- Use Meaningful Messages
- Logging Java Stack Traces
- Logging Java Exceptions
- Use Appropriate Log Level
- Log in JSON
- Keep the Log Structure Consistent
- Add Context to Your Logs
- Java Logging in Containers
- Don’t Log Too Much or Too Little
- Keep the Audience in Mind
- Avoid Logging Sensitive Information
- Use a Log Management Solution to Centralize & Monitor Java Logs
- A GitHub page for the OSS tool “Aws tag helper” that tags hundreds of AWS resources with a few commands.
The GitOps Toolkit is a set of composable APIs and specialized tools that can be used to build a Continuous Delivery platform on top of Kubernetes. They should provide the underpinnings for the v2 of Flux, but could also be used to build other interesting high-level tools that take the same control loop approach.
- The io page of the “GitOps Toolkit”, a set of configurable APIs and specialized tools that you can use to build a continuous delivery platform on top of Kubernetes.
- The Kip(Kubernetes Cloud Instance Provider) GitHub page for the Virtual Kubelet provider that allows Kubernetes clusters to transparently launch pods into their own cloud instances.
SRE Weekly Issue #232 August 23rd, 2020
An engineer’s observation of a really effective Incident Command pattern.
- An article that analyzes and explains that the incident response system and the internal clock of 30 minutes were used as the standard and were able to respond effectively.
Here’s Lorin Hochstein’s take on the STAMP (Systems-Theoretic Accident Model and Processes) workshop he attended recently.
- An article that the author mentioned in the previous blog participated in the MIT STAMP workshop and described his STAMP impression after the workshop.
What’s the difference between Resilience Engineering and High Reliability Organizations? This paper (and excellent summary) explains.
Torgeir Haavik, Stian Antonsen, Ragnar Rosness, and Andrew Hale (original paper)
Thai Wood — Resilience Roundup (summary)
- The article “ HRO and RE: a pragmatic perspective is taken up and explained. As mentioned above, HRO=High Reliability Organization, RE=Resilience Engineering.
This one focuses on what I feel are really important parts of SRE, taken from the article’s subheadings:
● Vendor engineering
● Product engineering
● Sociotechnical systems engineering
● Managing the portfolio of technical investments
Charity Majors — Honeycomb
- I will skip it because it is covered in DEVOPS WEEKLY ISSUE #504 above.
Now that’s a for-serious incident report. Nice one, folks! This is an interesting case of theory-meets-reality for disaster planning.
giles — PythonAnywhere
- Python Anywher ‘s report of major outages since July 2017 . Storage system failure is the cause.
Equnix had a power failure in a London datacenter.
- Google Cloud Platform
Looks like it may have been an expired TLS certificate.
- G Suite
KubeWeekly #230 August 28th
Editor’s pick of the highlights from the past week.
Congratulations to the release team on getting Kubernetes 1.19 out the door. This release is all about extra time: the timelines were adjusted due to world events, and it will be the first to be supported for 12 months. This should allow an extra 30% of Kubernetes users to remain on a supported version on their regular upgrade cadence. The release includes 33 enhancements, including Ingress finally going to GA. Check out an interview with the release manager Taylor Dolezal on this week’s Kubernetes Podcast to learn more.
- Kubernetes 1.19 release article. COVID-19, George Floyd protests and other events have changed the normal release cycle. There are many changes such as the support period being changed to one year. Much is said in more detail in the Kubernetes Podcast linked as an interview ~ above.
- The interview link above is a Kubernetes Podcast by a Google employee. The current co-hosts are Craig Box and Adam Glick.
- The guest is Hashicorp's senior developer advocate, Kubernetes 1.19 release lead, and CNCF Ambassador Taylor Dolezal .
- A joke about "Communication is difficult as DNS '' came as a guest at the Kubenetes Podcast was talking about OSS.
- The topics of interest in News of the week are:
○ k3s to join the CNCF Sandbox
○ Serverless Framework Knative component
○ Palinurus, from Mailchannels
○ The Kubernetes Handbook by Farhan Hasin Chowdhury
Priyanka Sharma, CNCF
Priyanka Sharma recaps the first virtual KubeCon + CloudNativeCon and the event’s success thanks to our amazing community of doers — builders, operators and advocates! She writes, “we are so thrilled that the cloud native community came together with hope and positivity to make this a truly community-driven event we will remember for a long time. We may not have been able to meet in person this year but we are indomitable!” Read the recap blog here.
- A recap blog of KubeCon + CloudNativeCon Virtual by CNCF staff.
ICYMI: CNCF Webinars
You can view all CNCF recorded and upcoming webinars here.
Vinay Venkataraghavan, Cloud CTO, Prisma Cloud @Palo Alto Networks
- It explained with the following points.
- Survey the typical deployment pipeline and the threats that we should mitigate
- Propose a reference architecture for embedding security controls
- Conclude with some practical examples of security tools that can be embedded across the software delivery lifecycle
Yaron Haviv, Co-Founder and CTO @Iguazio
- It describes how the ML pipeline works, its main challenges, and the various steps involved in creating models and data products (data collection, preparation, training/AutoML, validation, model deployment, drift monitoring, etc.).
- It demonstrates the following methods that greatly simplify and automate the development and deployment process:
- Maximize the efficiency and collaboration between the various teams
- Harness Git review processes to evaluate models
- Abstract away the complexity of Kubernetes and DevOps.
Misha Gusarov, Software Architect @Ridge Cloud
- It describes how to regain interactivity by making application development and debugging as easy as possible. It takes a way to explore the Kubernetes components and recreate their functionality in a local development environment.
Alex Chircop, CEO & Founder @StorageOS and Ferran Castell, Product Reliability Engineer @StorageOS
- The following methods are explained. For those looking to migrate stateful workloads like databases on Kubernetes.
○ How to deploy databases in production in Kubernetes
○ How to implement automatic failover with high availability
○ How to migrate a database into a Kubernetes cluster
○ How to build a database as a service with Kubernetes
Tutorials, tools, and more that take you on a deep dive into the code.
Adrian Ludwin, Google
- An Introductory article on “Hierarchical Namespaces” by Kubernetes.io. A new concept developed by the Kubernetes Working Group for Multi-Tenancy(wg-multitenancy).
- Based on the concept of Ownership across Namespaces, the following two behaviors are added. Policy inheritance and resource delegation creation.
- Policy inheritance: if one namespace is a child of another, policy objects such as RBAC RoleBindings are copied from the parent to the child.
- Delegated creation: you usually need cluster-level privileges to create a namespace, but hierarchical namespaces adds an alternative: subnamespaces, which can be manipulated using only limited permissions in the parent namespace.
Tim Bannister, The Scale Factory
- An article that focuses on the beta of the Kubernetes Lifecycle .
- It touches on coding from Kubernetes Enhancement Proposal (KEP) and the flow of life cycle alpha→beta→stable (generally availability).
Raffaele Spazzoli, Trevor Box, and Joshua Mathianas at Red Hat
- An article that introduces a series of design patterns for traffic to and from the mesh.
Oliver Leaver-Smith, Sky Betting & Gaming
- It describes Core Customer’s work over the last few months to migrate their OIDC/OAuth2 identity services from a tactical container platform to an on-premises Kubernetes cluster and how to deploy Kubernetes with no downtime.
Thomas Graf, Isovalent
- Cilium.io article. Following the announcement of GCP that GKE’s Dataplane V2 will use Cilium and eBPF, the behind-the-scenes explanation of this result is explained.
Burr Sutter and Siamak Sadeghianfar, Red Hat
- A Webinar video on Twitch by the Red Hat Openshift team.
- I want to try something that I want to deploy by myself with CI/CD.
Shashank Nandishwar Hegde, Red Hat
- It describes the basic concepts of Prometheus and how to install it on minikube. In the next article, it’s going to explain application monitoring.
- The following three points explain the Kubernetes configuration management method using Kustomize.
- Build a small web application and then use Kustomize to manage your configuration sprawl
- Deploy your app to development and production environments with different configurations
- Layer these variable configurations using Kustomize’s bases and overlays so that your code is easier to read and thus easier to maintain
Articles, announcements, and morethatgive you a high-level overview of challenges and features.
Cesar Rodriguez, Accurics
- Prior to provisioning cloud-native infrastructure, it explained the history of Terrascan, an OSS tool that detects compliance and security violations across the infrastructure as code to mitigate risk, replacing regular expression-based rules with OPA engines, etc.
- Click here for Terrascan’s GitHub page . Click here for documentation.
Megan Friedman, The Keyword
- An article interviewing three engineers(Michelle Au, Janet Kuo and Purvi Desai) who have contributed to three GKE and Kubernetes in commemoration of GKE’s 5th anniversary on Google’s blog “The Keyword”.
- GKE, Kubernetes, favorite customer cases, advice on developers coming into the world, etc. are posted.
Chen Goldberg and Drew Bradstock, Google Cloud
- An article on GCP’s webpage. Thanks to GKE for its fifth anniversary and the launch of Virtual KubeCon, they thank the community for making Kubernetes such an industry standard for managing containerized applications.
- For the future, they share the following five ways to continue our efforts to make GKE the best place to run Kubernetes.
- Leaving no app behind
- Saving money with optimal price-to-performance by default
- Container-native networking: no more square pegs in round holes
- Bringing BeyondProd to containerized apps
- Democratizing access to learning Kubernetes
Joab Jackson, The New Stack
- The New Stack’s article. It explains that Accurics’s OSS “Terrascan” and Snyk ‘s Snyk IaC, which were taken up above, were released for the KubeCon EU.
Emily Omier, Nirmata
- An article on Nirmata’s webpage. Starting from the phrase that “Now as more organizations adopt Kubernetes and start to struggle with best practice enforcement as well as the management and resource utilization problems related to cluster sprawl, they are starting to apply the same virtualization techniques to clusters.”, it explained how to use Virtual Cluster and connected to their service introduction.
Emily Omier, Nirmata
- Another article on Nirmata’s webpage. It describes the complexity of Kubernetes.
- They conclude with “Organizations should focus on both minimizing Kubernetes inherent complexity by ensuring consistent configurations and consistent application design across clusters while also using tools that simplify the developer and operator experience. “ and it connected their service introduction as it helps organizations tame complexity at both the deployment and operations stage, so that Day 2 operations are as simple as possible.
- The jaeger v.19 release page on GitHub.
Noah Krause, ITNext
- An introductory article of K8s Initializer from Ambassador Labs . Tools to provide bootstrap networking, Ingress, CI/CD, observability for the new Kubernetes cluster.
Upcoming CNCF webinars
You can check some Recorded Webinars and Upcoming Webinars here. The following are posted as Upcoming CNCF webinars at that moment.
Member Webinar: Running the next generation of cloud-native applications using Open Application Model (OAM)
Ryan Zhang, Staff Software Engineer @Alibaba Cloud
Sept 3, 2020 10:00 AM Pacific Time
REGISTER NOW »
Member Webinar: Arm Developer Experience Spanning Cloud, 5G and IoT
Darragh Grealish, Co-Founder @56K.Cloud
Marc Meunier, Sr. Manager, SW Ecosystem Development @Arm
Sept 8, 2020 10:00 AM Pacific Time
REGISTER NOW »
Member Webinar: Building a Cloud-Native Technology Stack that Supports Full Cycle Development
Daniel Bryant, Product Architect @Datawire
Sept 9, 2020 7:00 AM Pacific Time
REGISTER NOW »
Member Webinar: Highly scalable SaaS Apps on Kubernetes: Real Life Case Studies
Ram Kailasanathan, Senior Director Product Management @Oracle
Sept 9, 2020 1:00 PM Pacific Time
REGISTER NOW »
Member Webinar: Kubernetes and Networks: why is this so dang hard?
Tim Hockin, Principal Software Engineer @Google
Sept 10, 2020 10:00 AM Pacific Time
REGISTER NOW »
Member Webinar: Achieving Least Privilege Access in Kubernetes
Eran Leib Co-Founder and VP Product Management @Apolicy
Gregg Ogden Senior Product Marketing Manager @Aqua Security
Sept 11, 2020 10:00 AM Pacific Time
REGISTER NOW »
Ambassador Webinar: Hybrid Serverless Development using Quarkus and Kubernetes
Daniel Oh, Principal Technical Marketing Manager @RedHat and CNCF Ambassador
Sept 11, 2020 1:00 PM Pacific Time
REGISTER NOW »
Member Webinar: ChubaoFS Best Practices
Wei Ding, Staff Engineer @JD.com
Sept 15, 2020 10:00 AM Pacific Time
REGISTER NOW »
Member Webinar: How To Run Kubernetes Securely and Efficiently
Joe Pelletier, VP, Products Fairwinds @Fairwinds
Robert Brennan, Director, Open Source @Fairwinds
Sept 16, 2020 7:00 AM Pacific Time
REGISTER NOW »
Member Webinar: Effective Kubernetes Onboarding
Kathleen Juell, Developer, DODX @DigitalOcean
Sept 16, 2020 1:00 PM Pacific Time
REGISTER NOW »
How about those articles? Do you have any interest in any?
Actually, I have some contents which I can not digest at this stage, I’ll make use of this aide-memoire and links for catching-up for myself too.