SRE / DevOps / Kubernetes Weekly Collection#59(Week 11, 2021)
- In this blog post series, I collect the following 3 Weekly Mailing List I subscribe to, leave some comments as an aide-memoire and useful links.
- Actually, I have already published the same content in my Japanese blog and am catching-up in English in this series.
- I hope it contributes to the people browsing this kind of information as a reference.
DEVOPS WEEKLY ISSUE #533 March 14th, 2021
Infrastructure and operations. Two words that folks typically consider as a moment in time, rather than as something more fundamental. A good post on the changes in infrastructure, and in how we operate it, and why change is always part of a career in operations.
- The title is “The Future of Ops Careers”.
- While recommending watching “Lambda: A Serverless Musical”, the content of the title is explained according to the following items. The video was interesting.
○ Where Does Ops Fit, Anyway?
○ What Is Infrastructure?
○ *-As-a-Service Is Really Just Code for “Outsourcing”
○ How to Outsource Things Well
○ What This Means For Operationally Minded Engineers
- The title is “File types that most commonly contain sensitive information”.
- It reviews the data collected by security company GitGuardian in 2020 and explains how to prevent secret leaks and the following 10 file extensions where secrets are leaked most frequently.
- py — Python files
- env — Environment files
- json — JSON files
- properties — Properties files
- pem — PEM files
- PHP — PHP files
- xml — XML files
- yml & .yaml — Yaml files
- ts — TypeScript files
- The title is “LINTING REGO WITH … REGO!”.
- The title and the comments from the Editor above speak eloquently. I feel pressure to need to learn REGO.
- The title is “Open Source solutions for chaos engineering in Kubernetes”.
- It introduces a little history of chaos engineering and the following tools.
- be a monkey
- Chaos Mesh
- Litmus Chaos
- Chaos Toolkit
- KubeInvaders (and similar projects)
○ Cuba DOOM
- Other tools
○ It was entropy
○ Fabric8 Chaos Monkey
○ Kubernetes by Gremlin
○ Mangle by VMware
- The above is the web page of the new Linux Foundation project “sigstore”. And the Editor picked up an introductory article, the title is “Introducing sigstore: software signing for the masses”.
- Points that raise questions such as “Why not blockchain?” Are described in the Web page.
- The title is “Mage is My Favorite Make”.
- It explains the goodness of the author’s favorite build tool “Mage”.
- The title is “5 best practices to get to production readiness with Hashicorp Vault in Kubernetes”.
- As the title suggests, it describes the following five best practices to help you deploy, run, and configure your Vault server securely and securely on Kubernetes.
- Initialize and bootstrap a Vault server
- Run Vault in isolation
- Implement end-to-end encryption
- Ensure traffic is routed to the active server
- Configure and manage Vault for tenants with Terraform
Dolt is a SQL database that you can fork, clone, branch, merge, push and pull just like a git repository. Connect to Dolt just like any MySQL database to run queries or update the data using SQL commands.
- A GitHub page of SQL database “Dolt” with the function in the above Editor comment.
PacBot is is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. Custom rules in Java, as well as a plugin model for ingesting other data sources.
- A web page for PacBot (Policy as Code Bot), a platform for continuous cloud compliance monitoring, compliance reporting, and security automation.
- Click here for the GitHub page.
- The above link is the web page of the title “Open Source Microservice Mocking: Introducing Mockintosh”.
- Click here for Mockintosh’s web page.
- A tool that provides regular HTTP mock service functionality with a small resource footprint and is suitable for microservices applications.
SRE Weekly Issue #261 March 14th, 2021
I find it really refreshing that fighter pilots have a retrospective about every single mission, successful or not. There’s always something to learn.
Jessica Abelson — Transposit
- There was much to be learned from fighter pilots like the importance, ideal, and influence of the retrospective scenes.
Heroku applies the Incident Management System, designating an Incident Commander who keeps the incident on track and oversees communications, both external and internal.
Guillaume Winter — Heroku
- A post in 2020 that updates the post on the same theme in 2014. In addition to the Editor’s comments above, I got the impression that the document itself is more readable.
This story is becoming common: Khan had a sudden influx of traffic when pandemic lockdowns began. Their strategy involved the use of the cloud and a CDN.
Marta Kosarchyn — Khan Academy
Full disclosure: Fastly, my employer is mentioned.
- Along with the content of the title, it describes aspects of the architecture that play an important role in the scalability of the site.
Under the Hood: Ensuring Site Reliability
Here’s a great summary of how Squarespace does SRE.
Franklin Angulo — Squarespace
- The author explains with the aim of this post as follows.
○ Read on to learn more (and nerd out) about all that goes into making sure every Squarespace site is reliable and running smoothly.
Leaders at Deliveroo, DigitalOcean, Fastly, and Headspace share how their organizations think about reliability and resiliency and their advice to engineering orgs embarking on reliability journeys.
The leaders each answer a series of questions about how their organization handles reliability, giving an interesting compare-and-contrast overview.
Full disclosure: Fastly is my employer.
- As shown in the above article excerpt, the answers of the leaders of each company on the following themes are summarized.
○ How does your organization think about resilience and reliability writ large?
○ Does your organization have dedicated reliability engineers?
○ What measures or metrics do you use to capture investment in reliability?
○ When it’s been a while since your last incident, how do you keep your teams sharp and ensure continued investment in reliability?
○ How do you think about and/or fund projects to address low-probability but high-risk events?
○ What would you share with rapidly growing tech companies to help them on their own reliability journeys?
- The bottom line is as follows.
○ The bottom line: Have transparency and clear communication around decisions and trade-offs, while having the flexibility to align with business priorities and meet hard deadlines.
Using a disaster plan created after a devastating hurricane, Freshworks survived and thrived during the pandemic, delivering a major new product by its pre-pandemic deadline.
Ipsita Agarwal — Increment
- An interesting case study, including the situation of COVID-19 in India.
This one explains what a canary deployment is, how it can help you, and how canary deployments differ from blue/green deployments.
- As the title suggests, Canary Deployment is explained with the following points with figures.
○ Benefits of a canary release
○ Canary deployments give you more control and confidence over releases
○ Visual Example: Canary deployment followed by a progressive rollout based on geography
○ Blue-green deployments and what a canary release is not
○ Can you do Kubernetes canary deployments?
○ An effective deployment strategy
This article explains the meaning of a growth mindset and shows how it applies to SRE.
Emily Arnott — Blameless
- The following is explained with a comparison table of Growth mindset and Fixed mindset.
○ What a growth mindset is and why it helps your SRE team
○ How to hire for a growth mindset
○ How to develop people into SREs with a growth mindset
○How a blameless culture empowers a growth mindset
Full disclosure: Fastly is my employer.
- OVH Cloud
This week, there was a major fire at an OVH Cloud datacenter. As a result, Rust (an MMOG) permanently lost data, according to its creators.
- All domains containing “t.co” in Russia
It appears that Russia tried to impair access to Twitter’s URL-shortening domain t.co, but their pattern-matching was overzealous and affected any domain that contained “t.co” (think reddit.com, microsoft.com, and many others).
Dyn had a DNS outage. I noted impact to Heroku, but I didn’t see any other related outage postings.
Editor’s pick of the highlights from the past week.
- As mentioned above, CNCF GM Priyanka Sharma has called for the importance of solidarity and diversity with AAPI and Asian colleagues in the face of rising racism and attacks on the global Asian community.
Tutorials, tools, and more that take you on a deep dive into the code.
Martin Heinz, IBM
- As the title suggests, a series on building CI/CD using Tekton. This time, it starts by deploying, installing, and customizing Tekton, and then introduces you to a native CI/CD journey to the cloud on Kubernetes.
- The “Tekton CI/CD Kickstarter”, an environment where the author has put together all the resources, scripts, and files needed to use CI/CD with Tekton, can be found in this GitHub repository.
Dan Lorenc, Google Cloud
- It introduces “cosign”, a tool for signing container images created by the author.
- Cosign is developed as part of the “ sigstore “ project featured in DEVOPS WEEKLY ISSUE #533.
Daniel Mangum, Crossplane
- Crossplane is explained using LLVM as a comparison material.
- It explains how to migrate Kubernetes’s Container Runtime Interface (CRI) from “docker shim” to “containerd”.
- The layer between Kubernetes and containerd, dockershim, has been deprecated as a container runtime since Kubernetes v1.20 and will be removed after v1.22.
Arseny Zinchenko, ITNext
- An article explaining the resources of Kubernetes. It explains the “Endpoint” that runs behind the “Deployment” when using the “Service”.
Vic Iglesias, Google Cloud
- It explains how to migrate the development tool Docker Compose to Skaffold and Minikube from the background it tried to execute.
Vasily marble breeze
- I will skip it because it is taken up in the above DEVOPS WEEKLY ISSUE #533.
Deepankur Singh Baliyan, Infracloud
- It explains general monitoring and Prometheus from a beginner’s point of view. In the next post, It will explain the PromQL query language in detail.
Alex Ellis, OpenFaaS
- OpenFaaS Founder Alex Ellis explains:
○ What is OpenFaaS
○ What is deployed when you install OpenFaaS
○ How to test OpenFaaS changes using Kubernetes
● An overview of approaches that will help new and potential contributors to experiment quickly for the first time.
Kristijan Mitevski, Mitevski Tech Blog
- It explains the procedure and commands for building the environment described in the title.
Viewer Fadeyi, Jetstack
- It Introduces “Ingress Builder” , a tool for correctly configuring Ingress resources developed by Jetstack.
- It deploys OpenFaaS on a GKE Autopilot cluster and explains how the two work together.
- The tools needed to carry out hands-on articles are:
○ gcloud: the CLI tool to create and manage Google Cloud resources
○ arcade : portable Kubernetes marketplace
○ kubectl: the Kubernetes command-line tool, allows you to run commands against Kubernetes clusters
○ faas-cli: the official CLI for OpenFaaS
○ hey: (optionally) a tiny program that sends some load to a web application
ICYMI: CNCF online programs this week
A weekly summary of CNCF online programs from this week.
Michael Cade, Cabinets
- It discusses seven key considerations for Kubernetes native backup and demonstrates its importance in implementing a cloud-native backup strategy to protect business-critical data on a developer-centric platform.
Adam Kozlowski, GrapeUp
- It explains how to make and assemble your own choices for themes such as which one to choose from the various options of the Kubernetes ecosystem, what is the difference, etc.
- Each slide was easy to see and the image was conveyed, so I want to learn from it.
Ben Hirschberg, ARMO
- It uses “Ezuri”, a memory loader, to break into the K8’s live environment, load fileless malware that is not detected by common security tools, and steal SSL keys. It also explains how measures can be taken against it.
Articles, announcements, and morethatgive you a high-level overview of challenges and features.
Nigel Kersten, Puppet
- Following the 10th anniversary of the research on the State of DevOps, which defines the industry, we are providing a retrospective and survey guide.
- Click here to participate in the survey.
Christopher Tozzi, Fix me
- The following points are explained along with the content of the title.
○ What Is Open Policy Agent?
○ What Problem Does OPA solve?
○ Do Enterprises Need OPA?
○ When Should You Adopt OPA?
○ Which Skills Do You Need to Adopt OPA?
○ Learn More about OPA
Kevin Casey, Red Hat
- It explains what Kubernetes autoscaling is, and this automation feature eliminates the need to manually provision and scale down resources as demand changes.
Craig Box, Kubernetes Podcast from Google
- Kubernetes Podcast by Google employees. The hosts this time are Craig Box and Guest Host Vic Iglesias(a Solutions Architect at Google Cloud and a maintainer of the Helm charts repository).
- Gianluca Arbezzano, Principal Engineer of Equinix Metal and Maintainer of “Tinkerbell”, is invited as a guest.
- The topics I was interested in in the News of the week are as follows.
○ Fairwinds introduces Saffire
○ Announcing Private Clusters on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE)
○ Left hand 2.10
- It introduces the new Special Interest Group (SIG) for Events, “Events SIG” from the Continuous Delivery Foundation (CDF).
Marcin Maciaszczyk & Sebastian Florek, Kubermatic
- The following points are explained along with the content of the title.
○ How It All Began
○ Growing Up — The Big Migration
○ Where Are We Standing in 2021?
○ What’s Next
○ The Kubernetes Dashboard in Numbers
○ Join Us
- The author, who uses Kubernetes on his blog and small side projects, explains why he likes Kubernetes.
- It introduces a Microsurvey on CNCF edge computing and Kubernetes.
- This survey provides insights into Kubernetes IoT/Edge scenarios, challenges, and opportunities. The CNCF will summarize the data and share its insights at the KubeCon + CloudNativeCon EU — Virtual 2021 and Kubernateson Edge Day co-located events on May 4.
Ihor Dvoretskyi, CNCF
- CNCF and Docker collaborate on an experiment called “Container Garage”. It focuses on a specific theme for each event, such as runtime, image, security, etc.
- Docker Captains and CNCF Ambassadors will lead the planning and execution of Container Garage events. This includes recruiting speakers for lectures, demos and live panels.
- The first event will take place on April 1st on the topic of container runtimes. Click here to register.
Upcoming CNCF Online Programs
Cloud Native Live: Crossplane — GitOps-based Infrastructure as Code through Kubernetes API
Viktor Farcic @CodeFresh
March 24, 2021 at 12pm PT
Automating SRE from “Hello World” to Enterprise Scale with Keptn
Jürgen Etzlstorfer & Andi Grabner @Dynatrace
March 25, 2021
Flux is Incubating + The Road Ahead
Stefan Prodan @Weaveworks
March 25, 2021
Securing Access to your Kubernetes Applications — Using Dex for Authentication and Role Based Access Control (RBAC) for Authorization
Deepika Dixit & Onkar Bhat @Kasten by Veeam
March 25, 2021
Scaling Monitoring at Databricks from Prometheus to M3
Martin Mao @Chronosphere
March 25, 2021
CNCF Online Programs Playlist on YouTube
Check out our playlist for more curated content you don’t want to miss! New content is added every Friday.
- For more information, please visit our updated Online Programs page.
How about those articles? Do you have any interest in any?
Actually, I have some contents which I can not digest at this stage, I’ll make use of this aide-memoire and links for catching-up for myself too.