SRE / DevOps / Kubernetes Weekly Collection#59(Week 11, 2021)

  • In this blog post series, I collect the following 3 Weekly Mailing List I subscribe to, leave some comments as an aide-memoire and useful links.
  • Actually, I have already published the same content in my Japanese blog and am catching-up in English in this series.
  • I hope it contributes to the people browsing this kind of information as a reference.

DEVOPS WEEKLY ISSUE #533 March 14th, 2021

News

  • The title is “The Future of Ops Careers”.
  • While recommending watching “Lambda: A Serverless Musical”, the content of the title is explained according to the following items. The video was interesting.
    ○ Where Does Ops Fit, Anyway?
    ○ What Is Infrastructure?
    ○ *-As-a-Service Is Really Just Code for “Outsourcing”
    ○ How to Outsource Things Well
    ○ What This Means For Operationally Minded Engineers
  • The title is “File types that most commonly contain sensitive information”.
  • It reviews the data collected by security company GitGuardian in 2020 and explains how to prevent secret leaks and the following 10 file extensions where secrets are leaked most frequently.
  1. py — Python files
  2. js — Javascript
  3. env — Environment files
  4. json — JSON files
  5. properties — Properties files
  6. pem — PEM files
  7. PHP — PHP files
  8. xml — XML ​​files
  9. yml & .yaml — Yaml files
  10. ts — TypeScript files
  • The title is “LINTING REGO WITH … REGO!”.
  • The title and the comments from the Editor above speak eloquently. I feel pressure to need to learn REGO.
  • The title is “Open Source solutions for chaos engineering in Kubernetes”.
  • It introduces a little history of chaos engineering and the following tools.
  1. be a monkey
  2. chaoskube
  3. Chaos Mesh
  4. Litmus Chaos
  5. Chaos Toolkit
  6. KubeInvaders (and similar projects)
    Cuba DOOM
  7. Other tools
    PowerfulSeal
    Pod-reaper
    It was entropy
    Fabric8 Chaos Monkey
    Kubernetes by Gremlin
    Mangle by VMware
  • The title is “Mage is My Favorite Make”.
  • It explains the goodness of the author’s favorite build tool “Mage”.
  • The title is “5 best practices to get to production readiness with Hashicorp Vault in Kubernetes”.
  • As the title suggests, it describes the following five best practices to help you deploy, run, and configure your Vault server securely and securely on Kubernetes.
  1. Initialize and bootstrap a Vault server
  2. Run Vault in isolation
  3. Implement end-to-end encryption
  4. Ensure traffic is routed to the active server
  5. Configure and manage Vault for tenants with Terraform

Tools

  • A GitHub page of SQL database “Dolt” with the function in the above Editor comment.
  • A web page for PacBot (Policy as Code Bot), a platform for continuous cloud compliance monitoring, compliance reporting, and security automation.
  • Click here for the GitHub page.
  • The above link is the web page of the title “Open Source Microservice Mocking: Introducing Mockintosh”.
  • Click here for Mockintosh’s web page.
  • A tool that provides regular HTTP mock service functionality with a small resource footprint and is suitable for microservices applications.

SRE Weekly Issue #261 March 14th, 2021

Articles

  • There was much to be learned from fighter pilots like the importance, ideal, and influence of the retrospective scenes.
  • A post in 2020 that updates the post on the same theme in 2014. In addition to the Editor’s comments above, I got the impression that the document itself is more readable.
  • Along with the content of the title, it describes aspects of the architecture that play an important role in the scalability of the site.
  • The author explains with the aim of this post as follows.
    ○ Read on to learn more (and nerd out) about all that goes into making sure every Squarespace site is reliable and running smoothly.
  • As shown in the above article excerpt, the answers of the leaders of each company on the following themes are summarized.
    ○ How does your organization think about resilience and reliability writ large?
    ○ Does your organization have dedicated reliability engineers?
    ○ What measures or metrics do you use to capture investment in reliability?
    ○ When it’s been a while since your last incident, how do you keep your teams sharp and ensure continued investment in reliability?
    ○ How do you think about and/or fund projects to address low-probability but high-risk events?
    ○ What would you share with rapidly growing tech companies to help them on their own reliability journeys?
  • The bottom line is as follows.
    ○ The bottom line: Have transparency and clear communication around decisions and trade-offs, while having the flexibility to align with business priorities and meet hard deadlines.
  • An interesting case study, including the situation of COVID-19 in India.
  • As the title suggests, Canary Deployment is explained with the following points with figures.
    ○ Benefits of a canary release
    ○ Canary deployments give you more control and confidence over releases
    ○ Visual Example: Canary deployment followed by a progressive rollout based on geography
    ○ Blue-green deployments and what a canary release is not
    ○ Can you do Kubernetes canary deployments?
    ○ An effective deployment strategy
  • The following is explained with a comparison table of Growth mindset and Fixed mindset.
    ○ What a growth mindset is and why it helps your SRE team
    ○ How to hire for a growth mindset
    ○ How to develop people into SREs with a growth mindset
    ○How a blameless culture empowers a growth mindset

Outages

  • Fastly
    Full disclosure: Fastly is my employer.
  • OVH Cloud
    This week, there was a major fire at an OVH Cloud datacenter. As a result, Rust (an MMOG) permanently lost data, according to its creators.
  • All domains containing “t.co” in Russia
    It appears that Russia tried to impair access to Twitter’s URL-shortening domain t.co, but their pattern-matching was overzealous and affected any domain that contained “t.co” (think reddit.com, microsoft.com, and many others).
  • Dyn
    Dyn had a DNS outage. I noted impact to Heroku, but I didn’t see any other related outage postings.
  • Chef
  • GitHub

The Headlines

  • As mentioned above, CNCF GM Priyanka Sharma has called for the importance of solidarity and diversity with AAPI and Asian colleagues in the face of rising racism and attacks on the global Asian community.

The technical

  • As the title suggests, a series on building CI/CD using Tekton. This time, it starts by deploying, installing, and customizing Tekton, and then introduces you to a native CI/CD journey to the cloud on Kubernetes.
  • The “Tekton CI/CD Kickstarter”, an environment where the author has put together all the resources, scripts, and files needed to use CI/CD with Tekton, can be found in this GitHub repository.
  • It introduces “cosign”, a tool for signing container images created by the author.
  • Cosign is developed as part of the “ sigstore “ project featured in DEVOPS WEEKLY ISSUE #533.
  • Crossplane is explained using LLVM as a comparison material.
  • It explains how to migrate Kubernetes’s Container Runtime Interface (CRI) from “docker shim” to “containerd”.
  • The layer between Kubernetes and containerd, dockershim, has been deprecated as a container runtime since Kubernetes v1.20 and will be removed after v1.22.
  • An article explaining the resources of Kubernetes. It explains the “Endpoint” that runs behind the “Deployment” when using the “Service”.
  • It explains how to migrate the development tool Docker Compose to Skaffold and Minikube from the background it tried to execute.
  • I will skip it because it is taken up in the above DEVOPS WEEKLY ISSUE #533.
  • It explains general monitoring and Prometheus from a beginner’s point of view. In the next post, It will explain the PromQL query language in detail.
  • OpenFaaS Founder Alex Ellis explains:
    ○ What is OpenFaaS
    ○ What is deployed when you install OpenFaaS
    ○ How to test OpenFaaS changes using Kubernetes
    ● An overview of approaches that will help new and potential contributors to experiment quickly for the first time.
  • It explains the procedure and commands for building the environment described in the title.
  • It Introduces “Ingress Builder” , a tool for correctly configuring Ingress resources developed by Jetstack.
  • It deploys OpenFaaS on a GKE Autopilot cluster and explains how the two work together.
  • The tools needed to carry out hands-on articles are:
    ○ gcloud: the CLI tool to create and manage Google Cloud resources
    arcade : portable Kubernetes marketplace
    ○ kubectl: the Kubernetes command-line tool, allows you to run commands against Kubernetes clusters
    faas-cli: the official CLI for OpenFaaS
    hey: (optionally) a tiny program that sends some load to a web application

ICYMI: CNCF online programs this week

  • It discusses seven key considerations for Kubernetes native backup and demonstrates its importance in implementing a cloud-native backup strategy to protect business-critical data on a developer-centric platform.
  • It explains how to make and assemble your own choices for themes such as which one to choose from the various options of the Kubernetes ecosystem, what is the difference, etc.
  • Each slide was easy to see and the image was conveyed, so I want to learn from it.
  • It uses “Ezuri”, a memory loader, to break into the K8’s live environment, load fileless malware that is not detected by common security tools, and steal SSL keys. It also explains how measures can be taken against it.

The Editorial

Articles, announcements, and morethatgive you a high-level overview of challenges and features.

  • The following points are explained along with the content of the title.
    ○ What Is Open Policy Agent?
    ○ What Problem Does OPA solve?
    ○ Do Enterprises Need OPA?
    ○ When Should You Adopt OPA?
    ○ Which Skills Do You Need to Adopt OPA?
    ○ Learn More about OPA
  • It explains what Kubernetes autoscaling is, and this automation feature eliminates the need to manually provision and scale down resources as demand changes.
  • Kubernetes Podcast by Google employees. The hosts this time are Craig Box and Guest Host Vic Iglesias(a Solutions Architect at Google Cloud and a maintainer of the Helm charts repository).
  • Gianluca Arbezzano, Principal Engineer of Equinix Metal and Maintainer of “Tinkerbell”, is invited as a guest.
  • The topics I was interested in in the News of the week are as follows.
    Fairwinds introduces Saffire
    Announcing Private Clusters on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE)
    Left hand 2.10
  • It introduces the new Special Interest Group (SIG) for Events, “Events SIG” from the Continuous Delivery Foundation (CDF).
  • The following points are explained along with the content of the title.
    ○ How It All Began
    ○ Growing Up — The Big Migration
    ○ Where Are We Standing in 2021?
    ○ What’s Next
    ○ The Kubernetes Dashboard in Numbers
    ○ Join Us
  • The author, who uses Kubernetes on his blog and small side projects, explains why he likes Kubernetes.
  • It introduces a Microsurvey on CNCF edge computing and Kubernetes.
  • This survey provides insights into Kubernetes IoT/Edge scenarios, challenges, and opportunities. The CNCF will summarize the data and share its insights at the KubeCon + CloudNativeCon EU — Virtual 2021 and Kubernateson Edge Day co-located events on May 4.
  • CNCF and Docker collaborate on an experiment called “Container Garage”. It focuses on a specific theme for each event, such as runtime, image, security, etc.
  • Docker Captains and CNCF Ambassadors will lead the planning and execution of Container Garage events. This includes recruiting speakers for lectures, demos and live panels.
  • The first event will take place on April 1st on the topic of container runtimes. Click here to register.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yoshiki Fujiwara

・Cloud Solutions Architect - AWS@NetApp in Tokyo, Japan. #AWS Certified Solution Architect&DevOps Professional, #Kubernetes, ・Opinions are my own.