I hope you had a wonderful week and are looking forward to the week ahead. I have been heads down working on Red Hat Summit work, upcoming releases, and trying to properly define DevOps this week. But, it has left me little time to really think about solving new problems. What do you do when you have complex problems to solve but only short bursts of time to work on them in? It’s a balancing act for sure. Good luck this week in your endeavors!

Log Management Modernized
With LogDNA’s fast, multi-cloud logging platform, DevOps and Engineering teams can easily and quickly aggregate all system and application logs into one efficient platform.
Whether on-premise, in the cloud, or a hybrid solution, we have you covered. Don’t take our word for it. Try it yourself.

Get started logging in a few minutes with a free trial. SPONSORED

170+ live online training courses opened for March and April
Get hands-on training in machine learning, AWS, Kubernetes, Python, Java, and many other topics SPONSORED

DevOps’ish Top Five from Last Week

  1. How to Get Into SRE
  2. A beginner’s guide to building DevOps pipelines with open source tools
  3. Lessons from 300k+ Lines of Infrastructure Code
  4. Google’s remote work employee survey
  5. Hannah Montana Linux 👀🤣🤣🤣


Want an awesome job, working in a great team, with a tremendous leader? — If you’re in Europe and want to work on the Ansible team with other fellow Red Hatters. This is the job for you (maybe)!

Sonatype, Senior Technical Ambassador, DevOps Community — My friends at Sonatype are looking for an awesome DevOps person to talk about their great products and practices.

The 5 communication problems that destroy company morale — “Missing Empathy” and “Communication that triggers anxiety” are two big ones for me personally. Come to folks with problems but show that you’re interested in learning more about the context. Also, if you send four separate DMs, one after another triggering four separate notifications on Slack, you’re part of the problem.

The introvert’s guide to Red Hat Summit — If you’re like me, going to Red Hat Summit but, have to ninja off to be a normal version of yourself for a little bit every once in a while, this guide is for you. Yes, I’ll be at Red Hat Summit in Boston. Let me know if you’ll be attending.

What Happened When The DEA Demanded Passwords From LastPass — LastPass couldn’t give the DEA the passwords because of their encryption implementation. But, there is always metadata and metadata can sometimes paint an even better picture than the data itself. An interesting tale of how you can do everything right and still screw your customers (or yourself, depending on the point of view).

How much does a DevOps engineer make? — Putting debates around the term DevOps engineer aside, let’s explore data points on salaries for this hot job title

Alibaba founder Jack Ma says companies forcing staff to work overtime are ‘foolish’ — “He also calls enforced 996 schedule – working 9am to 9pm, six days a week – ‘inhumane’ and ‘unsustainable'”


Accelerate: State of DevOps 2019 Survey: Nicole Forsgren, PhD is conducting the State of DevOps 2019 Survey. Your input is incredibly important. On several occasions, I have referenced the 2018 report since its release for real-world work that impacts real numbers. Nicole’s group also wrote, Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations, which I cannot recommend enough either.

Note: DevOps’ish may earn compensation for sales from links on this post through affiliate programs.

Homeland Security warns of security flaws in enterprise VPN apps — A hole in OpenVPN means there’s a hole in your backdoor, eek! Seriously, upgrade ASAP. I stepped back from OpenVPN a couple of years ago for a few reasons. If you need an alternative I’d recommend WireGuard (for personal use there is also Outline).

Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong. — “Zurich Insurance said it would not be sending a reimbursement check. It cited a common, but rarely used, clause in insurance contracts: the ‘war exclusion,’ which protects insurers from being saddled with costs related to damage from war. Mondelez was deemed collateral damage in a cyberwar.”

The top two most popular Docker base images each have over 500 vulnerabilities — “The last scan as of March 11, 2019 shows that the official Node.js image ships with 567 vulnerable system libraries. The remaining nine images ship with at least 31 publicly known vulnerabilities each.” Remember, containers make it easy to ship software vulnerabilities too.

How Monzo built a bank with open infrastructure — Miles Bryant, platform engineer at Monzo, shared some observations from the microservices-based challenger bank at the recent Open Infrastructure Day event in London.

The Problem with SSH Agent Forwarding — If you use SSH in an even remotely complicated way, please read this article. ProxyJump is your best friend in a lot of different situations.

Sometimes Kanban is Better Than Scrum - Yes, I Said It — “In some situations, other approaches are called for. Usually, it will still be some variant of an agile approach. Most commonly that means Kanban.”


Introducing Fenrir: How Coinbase is Scaling Serverless Applications — “Fenrir is our AWS SAM deployer; at its core is a reimplementation of the sam deploy command as an AWS Step Function, so it’s a serverless serverless (serverless²) deployer.” 🤯🤯🤯

Linkerd 2.3 introduces Zero-Trust Networking for Kubernetes — “In this release, the mTLS is out of experimental to a fully supported feature. Along with several important security primitives, the important update in Linkerd 2.3 is that it turns authenticated, confidential communication between meshed services on by default.”

The Future of Serverless is… Functionless? — “With [AWS] AppSync, DynamoDB Tables, SQL Databases (via Aurora Serverless), Lambda Functions, and ElasticSearch domains have all been elevated as first-class “Data Sources” for GraphQL resolvers.”

Monitoring container vitality and availability with Podman — Healthchecks in Podman are now a thing.

How Google Cloud Run Combines Serverless with Containers — Cloud Run is a Google-made layer on top of knative on top of Kubernetes on top of compute (which on GCP is probably a container in a container of containers). We might have finally hit enough abstractions to start measuring them by “inceptions” (five abstractions is one inception). Thoughts?

CRI-O + Container Linux: How to Install — This post is showing how you can install and run CRI-O for Kubernetes on Container Linux

How do I check if a port is in use on Linux? — The thing that shocked me the most about this article was the number of people that told me they had never heard of ss before. I’ve known about it since before RHEL 7 was released (2014). I discovered it in this handy set of cheat sheets from Red Hat that shows you the difference in common commands between RHEL 5, 6, 7, and now RHEL 8. Full disclosure: I still use sudo netstat -tupan a lot more than I should (that command along with perl -pie solidifed my first position as a full-time Linux SysAdmin).

Announcing Packer v.1.4.0 — Some interesting features for Packer users including a bevy of Windows features and some new provisioners (including Vagrant and InSpec).

Kubernetes External Secrets — “This blog post describes a generalized approach and implementation for supporting secret management systems, like AWS Secrets Manager, in Kubernetes. We call this system Kubernetes External Secrets and we have open sourced our initial implementation.”

Go is on a trajectory to become the next enterprise programming language — This article makes a lot of good cases for Go. It makes a case Go being a de facto Java replacement in enterprise applications.

Everything You Want To Know About Anthos - Google’s Hybrid And Multi-Cloud Platform — Speaking of abstractions, there’s now a thing call Google Anthos. One shocking thing I learned, “It’s important to note that GKE On-prem runs as a virtual appliance on top of VMware vSphere 6.5.” That’s interesting for sure.

The Fargate Illusion — AWS Fargate is a great idea but, maybe not such a great implementation. GCP has the one container per instance feature that makes it a little bit easier to “run my damn container.”

Is Helm used just for templating? — TL;DR: Helm is used for templating, sharing charts and managing releases. If you’re looking just for templating, you should check out kustomize.

Introducing kube-iptables-tailer: Better Networking Visibility in Kubernetes Clusters — “We needed a mechanism to seamlessly deliver alerts about those iptables packet drops based on their network policies to help app owners quickly diagnose the corresponding issues.”

OpenSSH 8.0 released — “OpenSSH 8.0 has been released with a bunch of new features and some bug fixes, including one for a security problem”

chaosblade-io/chaosblade - An easy to use and powerful chaos engineering experiment toolkit.(一款简单易用、功能强大的混沌实验注入工具)(from Alibaba)

Alikhll/golang-developer-roadmap — Roadmap to becoming a Go developer in 2019

jarun/ddgr — DuckDuckGo from the terminal

nayafia/lemonade-stand — A handy guide to financial support for open source

DevOps’ish Tweet of the Week

This from @tinder engineering is honestly a great case study in when not to run kubernetes (even if the post isn’t framed as such) https://medium.com/tinder-engineering/tinders-move-to-kubernetes-cda2a6372f44

— Dan Woods 🥁 (@danveloper) April 18, 2019

Notes from this week’s issue can be found on GitHub.