DevOps'ish

DevOps, Cloud Native, Open Source, and the ‘ish between.

118: Kubernetes, People, Say AMI, Ghidra, Terraform, Git, OperatorHub, and More

Life is more significant than tech. We all recognize this fact but, seldom do we internalize it and own it. This newsletter attempts to imitate life. Injecting needed doses of humanity and thought provocation into your inbox every week. People, Process, and Tools involves all facets of each. They’re in that order for a reason. I can load your inbox up every week with endless lists of tools. They aren’t going to fix your broken processes though. The people implementing those processes need to have their minds open to new ideas and methods.

People implementing processes they have real ownership in using tooling they find real value in using will go further towards improving outcomes than implementing any new piece of technology ever will. My long-held opinion that technology should improve life is only a part of the equation. Technology by itself gives people a way to improve something. People do the actual improving. The care, education, and growth of the people in your charge are dependent upon you. Treat this great responsibility with the attention it deserves and you will go very far in life.

“Don’t let the behavior of others destroy your inner peace.” —Dalai Lama

New Microsoft Azure Elastic Agent Plugin for GoCD
With GoCD’s new Azure plugin, run your CI/CD pipelines on Azure virtual machines, and let GoCD scale up on-demand agents based on your need. Remove bottlenecks and reduce the cost of your agent infrastructure.

Learn more about GoCD: www.gocd.org
Learn more about GoCD’s Azure plugin: https://extensions-docs.gocd.org/azure/current/ SPONSORED

This newsletter won't run without sponsors. Sponsor DevOps'ish and connect with thousands of motivated DevOps, cloud native, and open source professionals from across the globe.

DevOps’ish Top Five from Last Week

  1. xkcd: Modern OSI Model
  2. Killing Kubernetes
  3. Common Assumptions to Avoid When Starting with Kubernetes
  4. How I passed the CKA (Certified Kubernetes Administrator) Exam
  5. Linus Torvalds pulls pin, tosses in grenade: x86 won, forget about Arm in server CPUs, says Linux kernel supremo

People

AMI has three syllables — “Say ‘ahh-mee’ again. Say ‘ahh-mee’ again, I dare you, I double dare you motherfucker, say what one more Goddamn time!” —Jules Winnfield, Pulp Fiction

New adventures at Slack! — Best of luck, Nora!

Portland startup Stackery sticks by CEO despite ex-spouse’s allegation of verbal abuse, threats — I know nothing of this situation but, I’m really glad I’m not married to someone in the industry. I feel like that’d be really hard.

Camille Fournier on Scaling, Structure, and Growing as an Engineering Manager

Companies Need to Pay More Attention to Everyday Unethical Behavior — “The standard you walk past is the standard you accept.”

The saddest thing I’ve ever heard on an airplane

Process

Goodbye Docker and Thanks for all the Fish — Someone else that thinks Docker is Dead. I wonder if Docker is going to bad mouth the author like they’ve bad mouthed me.

You Don’t Need All That Complex/Expensive/Distracting Infrastructure — “So, finally getting that next Unicorn idea down into code? You don’t need all of that infrastructure you have planned out.”

IBM hunkers down for no-deal Brexit, warns of disruption to supply chain, data transfers — Brexit is about to get very real for a lot of folks. The fifth largest economy is about to make a move that will have ramifications for a very long time.

Google Chrome Zero-Day Vulnerability CVE-2019-5786 actively exploited in the wildSecurity Affairs — This is gnarly and I’m surprised isn’t happening more frequently.

Considerations on OpenShift PKIs and Certificates — Encryption and PKI is hard. I need to come up with a Drawing of some sort to help with this. Developers have told me they know nothing of encryption and that terrifies me.

NSA’s Ghidra Reverse Engineering Framework Stirs Up Malware Researchers — It’s interesting the NSA would release this.

The Thunderclap vulnerabilities — “At its core, Thunderclap exploits the ability of devices with direct memory access (DMA) capability to read system memory, including memory that is not at all related to the supposed function of the device.”

How to ace the Certified Kubernetes Administrator Exam in 7 days

Why I, A Serverless Developer, Don’t Care About Your Containers — Groan… Why I don’t care about what you care about and other life lessons (but y’all clicked it a lot).

Hardening Git for GitOps

Tools

Terraform Command: 0.12upgrade — “The terraform 0.12upgrade command applies several automatic upgrade rules to help prepare a module that was written for Terraform v0.11 to be used with Terraform v0.12.”

Ansible and Terraform: Better Together — Presenters from Red Hat and HashiCorp showcase workflows that integrate the best parts of Ansible and the HashiCorp stack for configuration and provisioning.

How to measure every API call in your Go app (in fewer than 30 lines of code) — You can only improve what you measure.

Murder On The Kubernetes Express: The Life And Death Of A Docker Container — “It’s a brutal existence but one that is extremely beneficial to you and me as developers.”

Do RHEL Containers Inherit Security Compliance from the Host? — “tl;dr: There are 363 configuration settings applicable to RHEL 7-based container hosts. 93 controls are not inherited and applicable to RHEL as a container image. 85 of the 93 controls are resolvable through automation. The remainder requires manual review.” Holy shit.

The Wireshark Foundation released Wireshark 3.0.0 — A long time in the making.

Julia’s cheat sheet for curl — I appreciate when developers appreciate the works of their users.

Linux 5.0 — AMD FreeSync support, Btrfs file-system restores support for swap files, and, Retpoline overhead reduction work are some of the things in the new kernel.

A surprisingly arcane little Unix shell pipeline example(echo red; echo green 1>&2) | echo blue

5 Best Serverless Security Platform for Your Applications — I corrected the title.

Building a Control Plane for Envoy — “In this series of blogs, we will share our experience of building Gloo, a multi-purpose control plane for the Envoy proxy. The first blog in the series will focus on Envoy design, and the technical architecture decisions we needed to make while building the first layer of the control plane.”

Getting started with Git and GitHub: the complete beginner’s guide — Git and GitHub basics for the curious and completely confused (plus the easiest way to contribute to your first open source project ever!)

How rootless Buildah works: Building containers in unprivileged environments

Load Balancing and Reverse Proxying for Kubernetes Services — Different load balancing and reverse proxying strategies to use in Production K8s Deployments to expose services to outside traffic

Red Hat, AWS, Google, Microsoft Launch Kubernetes Operator Registry — “Operators make life easier for Kubernetes users, but they’re so popular that finding good ones is not easy. Operatorhub.io is an attempt to fix that.”

CoreDNS-1.4.0 Release — My favorite DNS server’s first release since CoreDNS became a graduated CNCF project.

aiven/pghoard — PostgreSQL backup and restore service

Microsoft/frontend-bootcamp — Frontend Workshop from HTML/CSS/JS to TypeScript/React/Redux

derailed/k9s — Kubernetes CLI To Manage Your Clusters In Style! (I love this tool)

DevOps’ish Tweet of the Week


DevOps'ish is a weekly newsletter assembled by open source contributor, DevOps veteran, and CNCF Ambassador Chris Short. Join the 3,556 member community and subscribe now!


whoami

I'm Chris Short, 20+ veteran of the IT industry and 11 year veteran of the US Air Force. I help people and companies embrace DevOps practices and tools through writing and public speaking. I am a staunch advocate for transparency and open source solutions to problems. Follow me on Twitter and LinkedIn.

Join the DevOps'ish group on Telegram for insight and in-depth discussions about real technical challenges facing real people. If you're into Reddit, join /r/devopsish.


Share