DevOps'ish

DevOps, Cloud Native, Open Source, and the ‘ish between.

123: Kubernetes, DevOps Pipelines, Trolls & Corporate Liability, How to Get Into SRE, Hannah Montana Linux, and More

I received my first credible death threat from someone over the internet when I was eighteen (I was working for an ISP and had to cancel an account for terms violations). No one knew what to do then. A few years later, I referred a credible threat to the FBI for investigation (Muslim extremists). No one knew what I should do then either. A few months ago, a Twitter troll hounded my personal and several corporate accounts FOR DAYS. Why? I liked a tweet telling the troll people aren’t obligated to talk to them because they released open source software. I liked a tweet and had to watch a troll degrade my team, background, and professionalism. But, corporate policy is don’t feed the trolls, so I didn’t. I know folks that have gotten a lot worse.

One of my coworkers did something awesome behind the scenes and I got credit for it. When I asked my coworker if I could credit them, they asked me not to. They didn’t want “that kind” of attention. That kinda sucked but, I completely understand. I talked to a friend of mine this week that was going through a hard time. They were getting all manner of trolls and “creepy fetish emails” this week. They protected their Twitter account and contacted their superiors as needed. But, at what point is the employer obligated to step in and digitally protect their employee? Sure, physical protection at events is excellent. But, the harassment on the internet this week alone has me thinking that employers do share some responsibility for it. We have these public personas for our jobs. The e-mails come to work addresses. At what point do we need to force Human Resources, Corporate Security, InfoSec, and others to sit at the table and figure this out?

“Doubt kills more dreams than failure ever will.” —Suzy Kassem

Log Management Modernized
With LogDNA’s fast, multi-cloud logging platform, DevOps and Engineering teams can easily and quickly aggregate all system and application logs into one efficient platform.
Whether on-premise, in the cloud, or a hybrid solution, we have you covered. Don’t take our word for it. Try it yourself.

Get started logging in a few minutes with a free trial. SPONSORED

Audiobook: Lean Enterprise
How well does your organization respond to changing market conditions, customer needs, and emerging technologies? This practical guide presents Lean and Agile principles and patterns that enable you to move fast at scale—and demonstrates why and how to apply these methodologies throughout your organization, rather than in just one department or team. Through case studies, you’ll learn how successful enterprises have rethought everything from governance and financial management to systems architecture and organizational culture in the pursuit of radically improved performance. SPONSORED

This newsletter won't run without sponsors. Sponsor DevOps'ish and connect with thousands of motivated DevOps, cloud native, and open source professionals from across the globe.

DevOps’ish Top Five from Last Week

  1. Derek the DevOps Dinosaur
  2. 9 open source tools for building a fault-tolerant system
  3. 10 signs of emotionally intelligent teams
  4. Announcing FireHydrant, a tool to manage incidents
  5. Turns out Amazon buying Eero wasn’t the startup success story we thought

People

How to Get Into SRE — Alice Goldfuss, one of the most brilliant engineers on earth, dives into how to get into Site Reliability Engineering.

The struggle (to innovate) is real. D&I is the answer. — ”Diverse teams are more resilient and higher performing, and diverse organizations are more capable of retaining world-class talent.”

Abby Wambach’s Leadership Lessons: Be the Wolfs — “When one person stands up and demands the ball, the job, the promotion, the paycheck, the microphone, that one gives others permission to do the same.” #GoGators

Analysts get hot under collar as ex-Oracle cloud guru ditches corporate wardrobe for Google — Thomas Kurian talked about, “taking a ‘sympathetic’ approach to legacy tech.”

At Google, women power the rise of Kubernetes — These women are awesome at their craft.

Email chain prompts Microsoft to investigate reports of sexual harassment ignored by HR — 90 pages of emails provoke response from head of HR.

Google’s remote work employee survey — ”There are three key tricks to optimizing a remote workforce.”

Stack Overflow Developer Survey 2019 — Last year 92% of respondents reported as male. This year they kinda buried those stats.

Process

Security Configuration Benchmarks for Kubernetes — ”With dozens or hundreds of different configuration parameters across the system, it’s challenging for Kubernetes administrators to know whether they have set them all up correctly with good security practices in mind. Fortunately, there is guidance available in the form of the Center for Internet Security’s benchmark recommendations.”

How to plan in a world full of unknowns — “What I am saying, however, is that organizations hoping to avoid being disrupted must change how they think about the future.”

A beginner’s guide to building DevOps pipelines with open source tools — If you’re new to DevOps, check out this five-step process for building your first pipeline.

Abuse of hidden well-known directory in HTTPS sites — The attackers use these locations to hide malware and phishing pages from the administrators. The tactic is effective because this directory is already present on most HTTPS sites and is hidden, which increases the life of the malicious/phishing content on the compromised site.

Lessons from 300k+ Lines of Infrastructure Code

Lessons learned porting 50k loc from Java to Go

Crash early and crash often for more reliable software — Code is a liability

Domain-Oriented Observability

Who Contains The Containers? — The same problems exist in Kubernetes that have existed in systems for years. Misconfiguration, unsecured services, and security issues are not going away with cloud native infrastructure.

Google Cloud announces new regions in Seoul and Salt Lake City — I can’t help but think of Book of Mormon when I hear or see Salt Lake City.

How bad can it git? Characterizing secret leakage in public GitHub repositories — I leaked a secret a few weeks ago. Before even thinking about the git history I revoked the key. Done. It happens but this report details some things to help.

PostgreSQL DBaaS Calculator — Nothing beats a good calculator when creating data gravity.

Why improving continuously speeds up delivery — Preach!

Tools

Managing sysctl knobs with BPF — ”The sysctl hook is just another example of how the kernel’s API is being transformed by BPF; expect a lot more of these hooks to be added in the future.”

CNCF to Host CRI-O — “As CRI-O is specifically tailored for Kubernetes, it is tuned for performance, stability, compatibility, and adherence to standards, particularly the Kubernetes Conformance tests. CRI-O is a building block of any Kubernetes cluster, and facilitates the life cycle of containers as required by the Kubernetes CRI.”

Using EBS and EFS as Persistent Volume in Kubernetes — ”In this blog we will see how to use EBS or EFS as a persistent volume for our Kubernetes cluster in AWS.”

Yet another reason your docker containers may be slow on EC2: clock_gettime, gettimeofday and… — ”TL;DR: on AWS EC2 M4 instances, calls to System.nanoTime() and System.currentTimeMillis() make system calls, and these system calls are subject to even more overhead when running in Docker due to Docker’s default seccomp profile filters. The new M5 instances no longer make system calls for these time methods, so you can upgrade to newer instances if available in your region and availability zone(s). If you are stuck on 4-series instances, you could switch the clocksource to tsc as Amazon recommends in this tuning FAQ.”

An eBPF overview, part 1: Introduction — ”Interested in learning more about low-level specifics of the eBPF stack? Read on as we take a deep dive, from its VM mechanisms and tools, to running traces on remote, resource-constrained embedded devices.”

Amazon EKS Control Plane Metrics with Prometheus

6 Kubernetes security questions, answered — What should you ask about Kubernetes security strategy? Kubernetes experts weigh in on 6 questions worth examining

Considerations on OpenShift PKIs and Certificates

From zero to Quarkus and Knative: The easy way — ”The superfast startup speed of Quarkus makes it the best candidate for working with Knative and serverless for your Function-as-a-Service (FaaS) projects.”

Linux server needs a RAM upgrade? Check with top, free, vmstat and sar. — htop is dope too.

Highly Available Control Plane with kubeadm 1.14+ — ”Kubernetes 1.14 introduced an ALPHA feature for dynamically adding master nodes to a cluster. This prevents the need to copy certificates and keys among nodes relieving orchestration and complexity in the bootstrapping process.”

Programming Kubernetes — “While Kubernetes has established itself as the industry standard for managing containers and their life cycles, there’s a definite need for good practices on how to write native applications. This practical guide shows application and infrastructure developers, DevOps practitioners, and site reliability engineers how to develop cloud native apps that run on Kubernetes.”

Hannah Montana Linux — One of the best gags ever played on me was when I started on the Technology team at McClatchy Interactive. We had a bunch of meetings and the engineer in charge of laptops, office servers, etc. Said my desk was all set and he slapped a fresh copy of the distro the team used the most on it. “Wow! Thanks, buddy.” I boot it up and it auto logins to Hannah Montana Linux. “What the fuck is this shit?!?” Laughter erupts from every cube within earshot as the damn theme song plays.

NanXiao/perf-little-book: A small book which introduces Linux perf tool.

hiddeco/cronjobber: Cronjobber is a cronjob controller for Kubernetes with support for time zones

kubeedge/kubeedge: Kubernetes Native Edge Computing Framework

metalkube/metalkube-docs: Architecture documentation that describes the components being built under MetalKube.

mvdan/gofumpt: gofmt, the way it should be pronounced

jamiehannaford/what-happens-when-k8s

DevOps’ish Tweet of the Week


DevOps'ish is a weekly newsletter assembled by open source contributor, DevOps veteran, and CNCF Ambassador Chris Short. Join the 3,523 member community and subscribe now!


whoami

I'm Chris Short, 20+ veteran of the IT industry and 11 year veteran of the US Air Force. I help people and companies embrace DevOps practices and tools through writing and public speaking. I am a staunch advocate for transparency and open source solutions to problems. Follow me on Twitter and LinkedIn.

Join the DevOps'ish group on Telegram for insight and in-depth discussions about real technical challenges facing real people. If you're into Reddit, join /r/devopsish.


Share