SRE / DevOps / Kubernetes Weekly Collection#41(Week 46)
- In this blog post series, I collect the following 3 Weekly Mailing List I subscribe to, leave some comments as an aide-memoire and useful links.
- Actually, I have already published the same content in my Japanese blog and am catching-up in English in this series.
- I hope it contributes to the people browsing this kind of information as a reference.
DEVOPS WEEKLY ISSUE #515 November 8th, 2020
SRE Weekly Issue #243 November 8th, 2020
KubeWeekly #241 November 14th, 2020
DEVOPS WEEKLY ISSUE #515 November 8th, 2020
News
- The title is “BPF binaries: BTF, CO-RE, and the future of BPF perf tools”.
- BTF and CO-RE are the following abbreviations. Brendan Gregg’s blog post discussing the possibilities and content of these two new technologies.
○ BTF: BPF Type Format
○ CO-RE: BPF Compile-Once Run-Everywhere
- The title is “Rust vs Go”.
- An article that attempts a friendly and even-handed comparison between Rust and Golang. Focusing on the strengths, suitable use cases, similarities and differences of both, it recommends trying both. The title is easy to understand and has vs, but I felt that it was conscientious and good as a comparison article.
- The title is “Configuration security is a developer problem”.
- A slide from a recent presentation by Gareth Rushgrove, the editor of this DEVOPS WEEKLY. The proposals after raising issues for config management from a security perspective are easy to understand.
- The title is “Reminiscing control theory and the future of observability”.
- I will skip it because it was covered in KubeWeekly last week.
- The title is “Contract Testing for Node.js Microservices with Pact”.
- The content is as the title. Both Pact and Contract Test were interesting.
- Recently, Kentaro Wakayama ‘s articles have been featured in this newsletter in a row.
- The title is “Mitigating Serverless Challenges”.
- A continuation of last week’s article, “Microservices & Serverless Functions — The difference”.
- It describes the challenges developers face when using serverless platforms and how to mitigate them.
- When I hear “Catalyst “, I can only think of Cisco’s Catalyst. I confirm that I am a resident of a network field yet.
A nice introduction to using Traefik for canary deployments and weighted load balancing.
- The title is “Traefik: canary deployments with weighted load balancing”.
- A comparison of Traefik’s weighted load balancing canary releases in Traefik versions 1 and 2.
- I have never used Traefik itself, I have only read the article, but versions 1 and 2 were totally different from the configuration image and interesting.
Events
- Continuing from last week, it covered Container Solutions events. As mentioned above, a 90-minute course was held at 11/12 (Thursday) 13:00 CET (Central European Time.
Books
- There is no “Tools” section this week, and the “Book” introduces the free e-book “Git Ops: What You Need to Know Now” provided by Container Solutions.
- Enter your full name and email address and you will be directed to the download page by email. It has 38 pages.
SRE Weekly Issue #243 November 8th, 2020
Articles
Keeping Netflix Reliable Using Prioritized Load Shedding
Sometimes I come across a simple but mind-blowingly awesome new idea. This is one of those times.
During periods of high load and errors, Netflix’s edge load balancer sends feedback to the apps running on users’ devices, adjusting their retry and backoff strategy to keep the service running as smoothly as possible but avoid a thundering herd. Brilliant.
Manuel Correa, Arthur Gonigberg, and Daniel West — Netflix
- A tech blog article that introduces how Netflix’s streaming reliability of their service, which is used by many people, is supported.
- Building a request taxonomy, prioritized load shedding, and Chaos Testing efforts have made it possible to recover without affecting viewers such as slowing SPS (Stream Per Second).
- The articles from this tech blog are covered on a weekly basis here. I recommend this tech blog, which is constantly implementing and disseminating improvement efforts, including Chaos Engineering and the centralized SRE team (CORE). The service is familiar and easy to imagine, and many people are paying attention to it, and this article is also applauded by 1.2K (as of November 14, 2020).
Correlation in Latency Analysis
I helped to invent new approaches to correlate telemetry signals (exemplars, correlation between tracing and logging, profiler labels) that helped our engineers to navigate latency problems faster.
- It is her response to Amazon’s writing assessment when she was interviewed by AWS when she was at Google. The content itself was interesting, and I thought, “I should always ask myself this kind of question.”
- “What is the most inventive or innovative thing you’ve done? It doesn’t have to be something that’s patented. It could be a process change, product idea, a new metric or customer facing interface — something that was your idea… [retracted]
Scaling Live streaming for millions of viewers
Facebook has two very different users for live streaming: “normal” users and broadcasters streaming sporting events and the like.
Hemal Khatri, Alex Lambert, Jordi Cenzano and Rodrigo Broilo — Facebook
- It explains Facebook’s efforts in live streaming.
- It was interesting to see some of the efforts, such as the UEFA Champions League final, dealing with different traffic on New Year’s Eve and events, laying new submarine cables, and working with ISPs.
Debugging incidents in Google’s distributed systems
This article covers the outcomes of research performed in 2019 on how engineers at Google debug production issues, including the types of tools, high-level strategies, and low-level tasks that engineers use in varying combinations to debug effectively.
Charisma Chan and Beth Cooper — Google
- A Google engineer describes the results of a survey conducted in 2019 to find out how to debug production issues. We are investigating the types of tools engineers use to effectively debug in different combinations, high-level strategies, low-level tasks, and more.
Basic patterns in how adaptive systems fail
The three patterns discussed in this paper are:
● decompensation
● working at cross purposes
● getting stuck in outdated behaviors
David Woods and Matthieu Branlat
- A link to Chapter 10 “Basic patterns in how adaptive systems fail” in “Resilience Engineering in Practice”. The three basic patterns explained are as above.
Outages
- Gmail
- Microsoft 365
- Apple iCloud
- Netflix
- GitHub
Apparently GitHub also had an expired TLS certificate later in the week. - Tabcorp
KubeWeekly # 241 November 14th, 2020
The Headlines
Editor’s pick of the highlights from the past week.
Don’t forget to register for KubeCon + CloudNativeCon North America Virtual 2020!
KubeCon + CloudNativeCon North America 2020 Virtual — THE open source conference of the year — is happening next week, November 17- 20. Have you reserved your spot?
Join us for nearly 200 sessions and the opportunity to hear from the cloud native community. Register now and begin planning your week today!
- It will be a few days until the event is finally held. It is also the last to guide you here.
ICYMI: CNCF Webinars
You can view all CNCF recorded and upcoming webinars here.
CNCF Member webinar: Developer-friendly platforms with Kubernetes and infrastructure as code
Lee Briggs, Staff Software Engineer @Pulumi
- It explains how to build a Kubernetes-based platform using a language that is familiar not only to DevOps operations but also to developers.
- Techniques are introduced to help developers automate Kubernetes configuration, management, and deployment tasks and improve their operational knowledge.
CNCF Member webinar: Kubernetes in the context of on-premises edge and network edge computing
Amr Mokhtar, Network Software Engineer @Intel Corporation and Prakash Kartha, Segment Director @Intel Corporation
- Introducing OpenNESS (Open Network Edge Services Software), an open source reference cloud native architecture. It provides the following functions.
○ Abstracted platform & network complexity
○ Enhanced dataplane
○ Hardware accelerators management
○ Dynamic discovery & optimal apps/services placement
○ Open integration with Cloud Native Functions (CNFs)
CNCF Member webinar: MicroK8s HA under the hood: Kubernetes with Dqlite
Konstantinos Tsakalozos, Senior Software Engineer @Canonical
- Thematically, it explains how Canonical’s team distributed the most widely used databases (SQLite) on the planet, and how automated devops for such distributed databases provide seamless HA.
CNCF Project webinar: What’s new in Linkerd 2.9: mTLS for all TCP connections, ARM support, and more
Oliver Gould, Linkerd creator and CTO @Buoyant
- Oliver Gould, the creator of Linkerd, describes Linerd version 2.9 with the following points:
○ Linkerd performs encryption and authentication to the pod boundary, providing “encryption in transit” in a modern, zero-trust form.
○ The new multi-core proxy runtime further improves performance over Linkerd’s already lightning-fast latency profile
○ Linkerd’s new service topology support can provide significant performance improvements and cost savings for Kubernetes applications
○ What the future of Linkerd holds!
Mike Stahnke, VP of Platform @CircleCI and Ron Powell, Technical Content Manager @CircleCI
- It takes a view of anonymized team data from millions of DevOps workflows and shares insights, behaviors, and metrics to help teams build better software faster.
The Technical
Tutorials, tools, and more that take you on a deep dive into the code.
Geographically Distributed Stateful Workloads Part One: Cluster Preparation
Raffaele Brusholi, Red Hat
- It explains how to deploy stateful apps in three cloud regions with near zero RTOs and RPOs.
powerfulseal/powerfulseal: A powerful testing tool for Kubernetes clusters
- The GitHub page of Powerful Seal, a tool for chaos engineering that injects failures into Kubernetes clusters and detects problems as soon as possible.
Jessica Cherry, opensource.com
- A tutorial to run the app using Knative and Minikube.
How to use Docker Security Scan Locally
Brian Christner
- Introducing “Docker Scan,” which is realized by a partnership between Docker and Snyk that scans containers for vulnerabilities in a local environment.
- If you refer to the built image and Dockerfile, it will also show which layer of Dockerfile is vulnerable.
Jim Ramsay, Red Hat
- A challenge and guide whether it is possible to limit some of the privileges of NET_ADMIN with seccomp.
metal3-io / baremetal-operator: Bare metal host provisioning integration for Kubernetes
- I will skip it because it was covered in the same part of last week’s article.
Low-budget self-hosted Kubernetes
Tobias Huebner
- At the beginning, it says that “Kubernetes doesn’t need to be something you only use on insanely large projects. It provides countless benefits even for small enterprises”.
- The goal of this series is to give you a hands on tutorial on setting up your own cluster, and everything you need to truly make it functional. It is published in four parts.
Platforms on k8s with Golang — Watch any CRD
Ryan Dawson, Hackernoon
- If you want to do more with Kubernetes than run off-the-shelf apps, it explains that Golang gives you a lot more flexibility in interacting with Kubernetes.
The Editorial
Articles, announcements, and morethatgive you a high-level overview of challenges and features.
Announcing Linkerd 2.9: mTLS for all, ARM support, and more!
William Morgan, Linkerd
- Similar to “CNCF Project webinar: What’s new in Linkerd 2.9: mTLS for all TCP connections, ARM support, and more” in “ICYMI: CNCF Webinars” , it describes the updates and future of Linkered version 2.9.
Linkerd, with Thomas Rampelberg
Adam Glick and Craig Box, Kubernetes Podcast from Google
- Kubernetes Podcast by Google employees. The current Co-hosts are Craig Box and Adam Glick.
- A Software engineer at Buoyant , Linkerd’s creator and core maintainer, Service Mesh Interface co-author, and DC/OS co-creator Thomas Rampelberg welcomed as a guest.
- The topics I was interested in in the News of the week are as follows.
○ Helm chart deprecation
● Episode 11, with Vic Iglesias
○ CyberArk looks at threats to Kubernetes
Episode 42 — Veterans Day Special with Red Hat’s Chris Short and Marky Jackson
Dan Papandrea (Sysdig), Chris Short (Red Hat), Marky Jackson (Equinix Metal)
- The above members appear in a podcast with the theme “Veterans”. It was interesting because there are few opportunities to contact with this kind of theme in Japan.
Chaos Experiments on Kubernetes using Litmus to ensure your cluster is production ready
Saiyam Pathak, Civo
- A tutorial that installs the open source tool “Litmus” for performing Chaos Experiments on Kubernetes clusters on Kubernetes clusters, and creates/executes the following experiments.
○Pod Deletion
○ Pod Autoscaler
China’s government-anointed Git operator says it will become a Linux Foundation mirror
Simon Sharwood, The Register
- A Chinese Git-as-a-service outfit named “Gitee” has dealt with the Linux Foundation to mirror the Linux Foundation’s projects behind the Great Firewall. Currently, there are only two projects, edge computing “Baetyl” and IoT edge computing framework “EdgeX Foundry”, but Gitee says that all projects will be mirrored in the future. It seems that the Linux Foundation also acknowledges as follows.
- The Linux Foundation has confirmed the new relationship.
CNCF Releases Free Training Course Covering Basics of Service Mesh with Linkerd
CNCF
- Introducing a new training course for Service Meshes using Linkerd, “Introduction to Service Mesh with Linkerd” by CNCF and the Linux Foundation.
- Anyone can attend for free. If you need a certificate of completion, you can upgrade for $ 149.
- For SREs, DevOps professionals, cluster administrators, and developers who want to know more about service meshes and Linkerd.
- KubeWeekly puts a lot of topics and pushes Linkerd forward this week.
What Will It Take to Shift Kubernetes Security Left?
Bill Doerrfeld, Container Journal
- It says in the first part that “For experts in the Kubernetes arena, securing the platform involves shifting security left. In other words, security forethought must come earlier on in the development journey, with policy-driven automation in place to detect potential issues. ”
- He explains the necessity to respond by combining the following four.
○ Policies
○ Integrative Security Tooling
○ Developer Experience
○ Great Error Messages
Amazon Web Services will build its own public registry for Docker container images
Mike Wheatley, SiliconANGLE
- It describes a new public container registry announced by AWS as a countermeasure for the Docker Hub image pull rate limit that started on November 2.
vSphere 7 with Tanzu Integrates with HAProxy for Load Balancing Enterprise-grade Kubernetes
HAProxy
- As the title suggests, VMware has partnered with HAProxy Technologies to integrate HAProxy load balancer into vSphere 7 and adopt HAProxy as the default load balancer for Tanzu Kubernetes clusters.
Upcoming CNCF webinars
You can check some Recorded Webinars and Upcoming Webinars here. The following are posted as Upcoming CNCF webinars at that moment.
Member Webinar: Discover, analyze, and secure your APIs…anywhere
Pranav Dharwadkar, VP of Products @Volterra.io
Jakub Pavlik, Director of Engineering @Volterra.io
Dec 1, 2020 10:00 AM Pacific Time
REGISTER NOW »
Member Webinar: A look at how hackers exploit Prometheus, Grafana, Fluentd, Jaeger & more
Omer Levi Hevroni, Application Security Engineer @Synk
Dec 8, 2020 10:00 AM Pacific Time
REGISTER NOW »
Member Webinar: Metal³: Kubernetes-native bare metal host management
Maël Kimmerlin, Senior Software Engineer @Ericsson Software Technology
Dec 10, 2020 10:00 AM Pacific Time
REGISTER NOW »
How about those articles? Do you have any interest in any?
Actually, I have some contents which I can not digest at this stage, I’ll make use of this aide-memoire and links for catching-up for myself too.
Bye now!!