As mentioned last week, I was able to finish my KubeCon + CloudNativeCon NA 2018 recap this week. It’s not an exhaustive list of things I did but, it covers the big ones. One point of emphasis for me was to assess the physical toil I managed along the way. It’s important to note that life doesn’t stop because you’re at a conference. Videos from the Kubernetes Contributor Summit are now available too.

I’m on PTO this week. I thought about DevOps’ish taking its first week off ever. But, I don’t think that’s necessary so here’s to over two years of uninterrupted DevOps’ish!

Continuous delivery on modern infrastructure - Run GoCD on Kubernetes
Model Docker-based build workflows more effectively with our GoCD Kubernetes integration. Run GoCD natively on Kubernetes, define your build workflow and let GoCD provision and scale build infrastructure on the fly. SPONSORED

The real story on container, cloud, and data adoption
Poll results reveal where and why organizations choose to use containers, cloud platforms, and data pipelines. SPONSORED


The Mom Project, a job site for moms returning to work, nabs $8M from Initialized and more

Google’s Secret China Project “Effectively Ended” After Fight — Well… That’s done.

Oracle’s Ellison: No way a ’normal’ person would move to AWS — Because Larry Ellison knows so much about “normal” people.

How to become an AWS expert — Because being an AWS expert will serve you far better than being an Oracle expert.

Gladys West, the ‘hidden figure’ of GPS, inducted into Air Force hall of fame

Lawmakers push to create a three-digit suicide hotline number — Nice to see this happening.

Moving on From Red Hat — Christian Posta is leaving Red Hat 😕

Burnout, stress lead more companies to try a four-day work week — That’s not going to help me I don’t think (see Tweet of the Week from last week).


We need Sustainable Free and Open Source Communities

Reuters Exclusive: China hacked HPE, IBM and then attacked clients — “Hackers working on behalf of China’s Ministry of State Security breached the networks of Hewlett Packard Enterprise Co and IBM, then used the access to hack into their clients’ computers, according to five sources familiar with the attacks.”

How China’s Elite APT10 Hackers Stole the World’s Secrets — “The MSP hacks don’t just show China’s hacking sophistication; they demonstrate its ruthless efficiency and determination.”

Here’s What VMware Paid for Kubernetes Startup Heptio — You too can have your own Heptio for $550 million.

As cloud-native matures, CNCF sees mainstream adoption of open source — “CNCF, cloud-native and Kubernetes all have matured a lot in the last three years,” Chris Aniszczyk said. “The wider ecosystem is going to continue to grow.”

SQLite bug impacts thousands of apps, including all Chromium-based browsers — That sqlite database you used with that one script to do that thing in production that one time and is now part of your standard process… Yea… Patch that.

DevOps Research and Assessment Joins Google Cloud — I’m happy but, I have mixed feelings. I love the fact Nicole, Jez, and Gene exited to such a great place for their work to flourish. But, one of the first things I tried to do at Red Hat was convincing the team to sponsor the DORA report. That wasn’t in the cards this year and I’m not sure Red Hat will ever get the chance again.

How Rancher Discovered the Kubernetes Vulnerability — “We identified it. It was kind of kept quiet until the fixed that were pushed out, and then everyone had the ability to patch really quickly last week.”

Applying Best Practice Security Controls to a Kubernetes Cluster — “In this article, we’re going to address the application of best-practice security controls, using some of the cluster’s inherent security mechanisms.” Puja is always keeping it real.

Clueless on Kubernetes? You’re not alone, says Heptio — “The pain of adoption is being felt most acutely early on according to a Heptio 2018 State of Kubernetes survey, which found 41 per cent of respondents require most help with architecture design.”

Celebrating 20 Years of OpenSSL — “The 20th year looks to be an exciting one, with a major change to the version number scheme, the switch to the Apache License 2.0, and a new FIPS validation project just for starters. And although all the versions of SSL are now deprecated, it’s not likely we’ll rebrand back to OpenTLS any time soon.”

The business case for serverless — “[Serverless] is the best way to achieve maximum development velocity over time.”

Stop Calling Everything Serverless! — The definition of serverless is fuzzier than the definition of DevOps. There’s a lot of ways to interpret “serverless”. Jeremy tackles the varying meanings and comes to a nicely packaged conclusion.

The Cyclical Theory of Open Source

The Three Principles of Excellent API Design — Purpose, Usability, and Constraints

How to Properly Engage with AWS Enterprise Support — I made fun of Oracle for writing a similar article but, it was very much a HOWTO where this is a gentle reminder of what Enterprise support gets you with AWS. In general, AWS Enterprise Support is absolutely phenomenal.


Understanding Golang TLS mutual authentication DoS - CVE-2018-16875 — “The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.” Your software supply chain is VERY important.

7 CI/CD tools for sysadmins — An easy guide to the top open source continuous integration, continuous delivery, and continuous deployment tools.

Bye bye Mongo, Hello Postgres — Guardian’s path from Mongo to Postgres.

Getting started with Prometheus — Learn to install and write queries for the Prometheus monitoring and alerting system.

Re-Imagining Virtualization with Kubernetes and KubeVirt — The march to Kubernetes on bare metal continues.

SSH on Windows Server 2019 (including how to sudo) — “How to elevate permissions via SSH on Windows, sudo but way more complicated. This guide is also applicable on Windows 10, build 1809 and up.”

SRE Challenges: Taming the Tool Sprawl — Embrace heterogeneity, for the win

15 Useful Helm Charts Tools — “Devs have found Helm Charts extremely useful, so they’ve begun developing tools, add-ons, and plugins for specific functions to enhance it further.”

DNS over TLS: Encrypting DNS end-to-end — I’ve gone to using a CoreDNS based DNS server in the house to push all DNS requests outbound over TLS (or HTTPS). Improving your privacy starts at home (uninstalling the Facebook app is a good start).

Four Tools That Support Your DevSecOps Process — Some solid suggestions from Daniel Oh.

Project Mu — “Mu is built around the idea that shipping and maintaining a UEFI product is an ongoing collaboration between numerous partners.”

Ansible Tips and Tricks: Dealing with Unreliable Connections and Services — The world isn’t fully connected yet. Here are some tricks to help with that.

aws-quickstart/quickstart-awx — Want to get AWX running on AWS? Here’s a quick way to get up and running.

mholt/certmagic — Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

amir20/dozzle — Realtime docker logs through the browser

Terraform CLI Cheat Sheet

A New Font, Sans Forgetica, Helps You Remember What You Read — “Australia’s RMIT University recently introduced a new typeface, Sans Forgetica, that uses clever tricks to lodge information in your brain.” Got an onboarding doc?

Minikube v0.32.0 released!

VirtualBox 6.0 Released — Some pretty big features added to Virtualbox.

HAProxy 1.9 Has Arrived — A lot of improvements and future proofing in this release.

10 books for your DevOps reading wishlist — This list of books will help fine-tune your DevOps practice.

Linux ip Command Examples — I’ve never used ip link set dev {DEVICE} {up|down} before. It’s been a long time since I’ve bounced an interface on a Linux server come to think about it.

DevOps’ish Tweet of the Week

Happy holidays to everyone who is on call, may your rotation be emergency free, your shells always be owned by you, your networks never partition, and the failures not cascade.

— Jessie Frazelle (@jessfraz) December 22, 2018

Notes from this week’s issue can be found on GitHub.