- In this blog post series, I collect the following 3 Weekly Mailing List I subscribe to, leave some comments as an aide-memoire and useful links.
- Actually, I have already published the same content in my Japanese blog and am catching-up in English in this series.
- I hope it contributes to the people browsing this kind of information as a reference.
DEVOPS WEEKLY ISSUE #529 February 14th, 2021
- The title is “Kubernetes Liveness Probes — Examples & Common Pitfalls”.
- It was covered in KubeWeekly #250 last week, so I will skip it.
- The title is “Top 8 DevOps Trends for 2021”.
- As the title suggests, the first half explains the following eight trends, and the second half talks about the future outlook under the title of “The Future of DevOps in 2021 (and Beyond)”.
- Maturation of Infrastructure Automation (IA) Tools
- The Use of Application Release Orchestration (ARO) Tools
- More Complex Toolchains
- The Rise of DevSecOps
- Application Performance Monitoring (APM) Software
- A Wider Scope of Cloud Management Platforms (CMPs)
- More Uncertain Goals and Requirements
- Further Growth of AgileOps
- The title of the paper is “The Tyranny of Openness: What Happened to Peer Production?”.
- It discusses the ongoing “cultural war” among the software peer-production communities. I will read it again later.
- The title is “Automated release process for (Lerna) mono repo”.
- It explains how to automate the process of releasing a new version of software with a mono-repository managed by “Lerna”.
- Lerna is a tool that optimizes your workflow for managing multi-package repositories using git and npm.
- The title is “Log4j Tutorial: How to Configure the Logger for Efficient Java Application Logging”.
- It provides information for understanding the current Log4j setup (specifically the log4j 2.x version).
- Although log4j 1.x is EOL, it is widely used in legacy apps all over the world, so it takes up space for being EOL and migrating to the 4j 2.x version.
- A GitHub page of “KonK (Knative on Kind)”. I will try this.
- As the name suggests, the GitHub page of “ebs-autoresize”, a tool that automatically resizes AWS EBS.
- A GitHub page of Secret Scanner, a tool that allows users to scan a container image or local directory on a host and output a JSON file containing details of all the secrets found.
- The “Disclaimer” clearly states that it should not be used for hacking purposes.
SRE Weekly Issue #257 February 14th, 2021
This one really got me thinking. Make sure you document why an alert exists, not just what it checks for.
- A post written by the author in the wake of “Somewhat recently I saw people saying negative things about common alerting practices, specifically such as generating some sort of alert when a TLS certificate was getting close to expiring” I think what the author wants to convey is as the Editor comment above.
If you start with a monolith and adopt a microservice architecture, your incident response process will need to change as well.
Mya Pitzeruse — effx
- An article that explains the content of the title with the following five points.
○ Know the key differences
○Establish developer accountability
○ Enable teams with visibility and access
○ Invest in your SRE team and practices
○ Parting thoughts
Another one that needs a disclaimer: there’s no single “root cause” for an incident, and this article is not about that. This is about using statistical software to aid humans in debugging by looking at the activities performed by different users before they encounter a given bug.
Vijay Murali, Edward Yao, Umang Mathur, Satish Chandra — Facebook
- An article on Facebook’s Engineering blog that introduces “Minesweeper” that identifies the root cause of a bug caused by a symptom and automates RCA (Root cause analysis) . See Editor’s comments above for Disclaimer.
A new SRE at Honeycomb shares insight on the job and SRE attitudes in general.
Fred Hebert — Honeycomb
- An article the author wrote in its first week as Honeycomb’s first dedicated SRE it explained the scene as “I was asked if I wanted to write a blog post about my first impressions and what made me decide to join the team?”. The content is as commented by the above Editor, and it proceeds with the following three points.
○ Fostering Human Processes
○ Sociotechnical systems and context awareness
○ Adapting and sharing observability
Slack’s Jan 2021 outage: a tale of saturation This post considers the January 4th Slack outage as a set of cases of saturation.
- The company’s engineering blog “Jan. 4, 2021 outage”, which summarizes Slack’s 2021/1/4 outage, is taken up and explained from the perspective of saturation.
- The following is quoted from Slack’s blog article “Building the Next Evolution of Cloud Networks at Slack”, which mentions when Slack operated AWS with a single account, and explains three types of saturation. Based on these circumstances, it is easy to get an image.
○ As our customer base grew and the tool evolved, we developed more services and built more infrastructure as needed. However, everything we built still lived in one big AWS account. This is when our troubles started. Having all our infrastructure in a single AWS account led to AWS rate-limiting issues, cost-separation issues, and general confusion for our internal engineering service teams.
- Certainly I don’t want to think about hundreds of accounts for CIDR management of VPC Peering. Then, the following technology is adopted.
○ AWS shared VPCs
○ AWS Transit Gateway Inter-Region Peering
KubeWeekly #251 February 19th, 2021
Editor’s pick of the highlights from the past week.
Chris Short, Red Hat
Cool resource! Find out what books to read to learn more about Kubernetes. Please submit pull requests for books, tutorials, or other assets that would be useful to folks.
- This looks good to get into the world of Kubernetes. As Chris of the above one of the editors of KubeWeekly says, you can send PR, so if you have any useful English resources, I think you should suggest it.
Tutorials, tools, and more that take you on a deep dive into the code.
Mike Calizo, Opensource.com
- It explains how to partition a single Kubernetes cluster and take advantage of this built-in Kubernetes tool using Kubernetes Namespace and some basic RBAC configurations.
Sergey Generalov., Isovalent
- It introduces “Network Policy Editor”, a tool that supports the creation of YAML files for Kubernetes Network Policy.
- It looks good. But it does not work for my PC/monitor environment. I couldn’t use it with the message “Policy Editor doesn’t support small screens Please use desktop or expand the window”. I tried to enlarge the browser window by moving it from the monitor to the main unit, but it didn’t work.
Carlos Santana, IBM
- The GitHub page of “KonK”, which is also featured in DEVOPS WEEKLY ISSUE #529 above.
Jason Froehlich, Red Hat
- It explains that Argo provides a convenient way to access Red Hat OpenShift secrets, but if you’re using Vault as a company, how to use it and package it in a Helm Chart for easy installation and reuse.
Andrew Sullivan, Christian Hernandez, Chris Short, Red Hat
- A Webinar video with the above title. The blog post is here, and this video is also embedded, so it might be better to watch it from there.
Ivan Mikheykin, flan
- It explains new features of Shell-operator and addon-operator which is for Kubernetes administrators developed by Flant since it has a lot after the previous company’s articles and presentations of KubeCon EU’2020, it has a lot of new features.
- The content of the title is explained in the following section structure.
○ WHAT IS RATE LIMITING?
○ WHAT’S IN A CONTROLLER?
○ WHAT HAPPENS WHEN WE FAIL?
○ THE DEFAULT CONTROLLER RATE LIMITER
○ USING YOUR OWN RATE LIMITER
○ WRAPPING UP
Cristian Klein, Elastisys
- The observability is explained in detail from the following two viewpoints.
○ Various types of observability
○ The technical implications of implementing observability
- The reader aims to understand the following:
○ At the end of this post, you will understand why you should resist the temptation to save a few bucks on observability.
- When I was given the number as follows, “In fact, observability is so critical that as of February 2021, the Cloud Native Computing Foundation (CNCF) lists 102 projects in that category” I saw twice the number of related projects.
Sahil Lakhwani, InfraCloud
- It explains how to use Crossplane to create your own control plane on top of your cloud provider. This time, as an example, it explains with a pattern that uses the AWS environment.
Joe Duffy, Pulumi
- A Pulumi’s blog post that explains how to build, publish, and use a simple container image across the cloud using just a few lines of code.
○ Prepare a Container Registry
○ Build and Publish Your Container
○ Consume the Container Image
○ Wrapping Up
ICYMI: CNCF online programs this week
A weekly summary of CNCF online programs from this week.
Gil Vernik @IBM
- It takes a deep dive into how to make serverless computing easy to use in a wide range of scenarios, including high performance computing, Monte Carlo simulation, Big Data pre-processing, and molecular biology.
- A session in Spanish. I think it would be nice to have regular CNCF Online Programs in Japanese as well.
Articles, announcements, and morethatgive you a high-level overview of challenges and features.
Craig Box, Kubernetes Podcast from Google
- The Kubernetes Podcast by Google employees. The current Co-host is Craig Box. Adam Glick goes to greener pastures. Past guests will be invited as guest hosts for several weeks.
- This week, guest host is Saad Ali of Google, who led the development around storage of Kubernetes including CSI (Container Storage Interface) and volume subsystem that appeared in Episode #103.
- The guest is Michael Gerstenhaber, Director of Product Management of Datadog and curator of the company’s annual Container Report.
- The topics I was interested in in the News of the week are as follows.
○ Jetstack Secure
○ Kong Konnect is GA
- Following 10 Docker anti-patterns in its blog, the 15 Kubernetes Deployment anti-patterns are explained in three articles below. Click here for part 2 and part 3.
- Deploying images with the “latest” tag
- Hardcoding configuration inside container images
- Coupling the application with cluster constructs
- Mixing infrastructure deployments with application releases
- Doing manual deployments using kubectl
- Using kubectl for debugging clusters
- Not understanding the Kubernetes network model
- Wasting resources on static environments instead of dynamic ones
- Mixing production and non-production workloads in the same cluster
- Not understanding memory and CPU limits
- Misusing health probes
- Not understanding the benefits of Helm
- Not have effective application metrics
- Handling secrets in an ad-hoc manner
- Adopting Kubernetes even when it is not the proper solution.
Regis Wilson, Release
- It describes certain advanced concepts related to Kubernetes init containers, sidecars, config maps, and probes.
Emeka Nwafor, Product Manager, and Jeremy Olmsted-Thompson, Staff Software Engineer, Google Cloud
- An Introductory article with GA of MCS (multi-cluster services), which is a Kubernetes native cross-cluster service discovery and calling mechanism.
- In Common MCS use cases, the following comments were introduced by Mercari as an early adopter.
○ “We have been running all our microservices in a single multi-tenant GKE cluster. For our next-generation Kubernetes infrastructure, we are designing multi-region homogeneous and heterogeneous clusters. Seamless inter-cluster east-west communication is a prerequisite and multi-cluster Services promise to deliver. Developers will not need to think about where the service is running. We are very excited at the prospect.” — Vishal Banthia, Engineering Manager, Platform Infra, Mercari
Upcoming CNCF Online Programs
CNCF End User technology radar, February 2021 — Secrets Management
James Nugent @Apple, Steve Nolan @RStudio, Andrea Galbusera @AuthKeys, and Tyler Gass @Peloton
February 23, 2021
This Week in Cloud Native (Livestream): Fluent Bit updates and Stream Processing
Anurag Gupta @FluentBit
February 24, 2021 at 12:00 pm PT
The Container Security Checklist
Liz Rice @Aqua Security
February 25, 2021
CNCF Online Programs Playlist on YouTube
Check out our playlist for more curated content you don’t want to miss! New content is added every Friday.
- For more information, please visit our updated Online Programs page.
How about those articles? Do you have any interest in any?
Actually, I have some contents which I can not digest at this stage, I’ll make use of this aide-memoire and links for catching-up for myself too.