DevOps'ish

DevOps, Cloud Native, Open Source, industry news, and the ‘ish between.

157: Kubernetes, BPF, container security, re:Invent, PagerDuty, .org debacle, and more

I had a long week with a lot of ups and downs. But, the real downer was delivered on Friday afternoon when I learned my insurance provider had denied a trial run at a new nerve stimulator. I had been talking to friends and family about this new nerve stimulator because it was way less invasive to implant. In a nutshell, the nerve stimulator is synthesized to produce a cancellation signal that keeps the brain from feeling the pain. One friend described it as being akin to Iron Man. Instead of keeping metal out of my heart, the nerve stimulator would keep pain from my brain. It also featured technology like Bluetooth and wireless power which means that I could have a cordless device that’s inert in my body with no exposed wiring. No issue with TSA or any government facilities I might find myself in or around again someday (never know if or when a friend will call). Back to the drawing board…

If you’re looking for news from AWS re:Invent 2019, look no further.

Pulumi is Focused on Community
We’re looking for a passionate Developer Advocate to lead our community outreach, helping devs and ops folks build innovative cloud software together. The community is warm and welcoming, and growing organically. Join our vision to help every team program the cloud! SPONSORED

X-Team is Hiring Go developers with strong AWS skills (Remote)
We are looking for passionate Go developers with strong AWS skills to work with the world’s leading brands, from anywhere. We love to work with Kubernetes, Docker, Serverless, and AWS tools. Travel the world while being part of the most energizing community of developers. We provide the funding needed to help you achieve your goals and grow as a remote developer. Join X-Team! SPONSORED

Events

Cloud-Native: Start Here (Remote)
Online
December 11, 2019
This meetup will be 100% remote via Zoom, and will be recorded. There will be about a 45 min presentation and 45 minutes to an hour for questions and discussion. Sabree is a security & privacy nerd at-large and a CNCF Ambassador. He is passionate about open source and helping engineers develop & deploy secure distributed systems and applications.

DeliveryConf
Seattle, WA
January 21-22, 2020
DELIVERY|CONF 2020 is being held to give people a place to get deeper technical information about Continuous Integration (CI) and Continuous Delivery (CD). Our goal isn’t to just tell you to “do the technical thing”; it is to show you real world examples of how others have done it. DELIVERY|CONF 2020 is a not-for-profit event being created by an all-volunteer team with many years of experience both in the technology and with creating conferences.

People

Top things to remember in preparation for this Christmas party season — ”The advice from the HR experts is to act now to prevent problems at your office Christmas party.”

A letter from Larry and Sergey — They gone! Sundar’s in charge.

10 thrilling tech jobs to watch in 2020 — DevOps is still going strong in 2020.

Stop Using Facebook — If you haven’t massively curtailed using Facebook and its properties, maybe it’s time?

Process

Digging into OnCallOps — I talked, “with Matt Stratton, DevOps Advocate, PagerDuty about how to better manage OnCall Rotations, integrating DevOps concepts with OnCall, and suggestions about better organizing to handle alerting and observability.”

Creating Kubernetes distributions — Kubernetes wouldn’t be here without Linux and its release concepts (and systemd /troll; not really). Also, my friends, Tim and Stephen made LWN!

PSA: There is a fake version of this package on PyPI with malicious code · Issue #984 · dateutil/dateutil — Trust but verify.

Internet Society says opportunity to sell .org to private equity biz for $1.14bn came out of the blue. Wow, really? — This stinks to high heaven.

Born in a Garage — Jessie Frazelle talks about what she has been working on lately, her new company, Oxide Computer Company.

Microsoft, not Amazon, is going to win the cloud wars — “Brace yourselves, because I’m about to share a theory that may be a little unpopular: I believe it’s only a matter of time before Microsoft Azure overtakes AWS as the dominant force in the world of public cloud. I know that may sound crazy, and many of you are probably already reaching for the ‘close tab’ button, but hear me out.”

Alibaba’s growing open source stature — Alibaba has been trying to make some big waves in the open source world lately.

The Requirements For Aftermath Projects

Physicists Have Identified a Metal That Conducts Electricity But Not Heat — This could be a game changer that enables a host of new capabilities.

Agile teams: 5 signs of trouble — ”That small, self-organizing team may look agile, but is it actually delivering the benefits? Consider these warning signs that a team isn’t as agile as you think”

Canonical announces Ubuntu Pro for Amazon Web Services — The operating system is becoming a commodity (if it hasn’t already done so). Maintaining operating systems is harder than it should be and I feel like Ubuntu is making that case here.

The “Great Cannon” has been deployed again — “The Great Cannon is a distributed denial of service tool (“DDoS”) that operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable” We should all be afraid of this.

A visual guide on troubleshooting Kubernetes deployments — When in doubt, flow chart. Good stuff.

Tools

Container Security: Fundamental Technology Concepts that Protect Containerized Applications — “Many organizations are running applications in cloud native environments, using containers and orchestration to facilitate scalability and resilience. But how do you know whether your deployment is secure? To fully grasp the security implications of containers and their operation, you need an understanding of what they are and how they work. This practical book dives into the underlying technologies and components that these systems rely on to leave you better equipped to assess the security risks and potential solutions applicable to your environment. Author Liz Rice explores the building blocks and security boundaries commonly used in container-based systems and how they’re constructed in Linux.”

BPF: A New Type of Software — “BPF originally stood for Berkeley Packet Filter, but has been extended in Linux to become a generic kernel execution engine, capable of running a new type of user-defined and kernel-mode applications. This is what BPF is really about…”

What’s new in Kubernetes 1.17? K8s 1.17 release… So hot right now. The release team has done a tremendous job of getting this Kubernetes release out the door. Shout out to Guinevere Saenger and the entire release team. Note: if you ever want me to reach out as far and wide as possible for help, be the release lead and tell me you have a problem on a Friday evening.

Digging Into etcd by Benjamin Elder — “Kubernetes uses etcd as the backing store for cluster data, which drove my own interest in collecting the information in this post. Clearly a lot of clusters out there are using etcd for critical data storage, but how does it work?”

Gardener Project Update — “Gardener’s main principle is to leverage Kubernetes primitives for all of its operations, commonly described as inception or kubeception. The feedback from the community was that initially our architecture diagram looks “overwhelming”, but after some little digging into the material, everything we do is the ‘Kubernetes way’. One can re-use all learnings with respect to APIs, control loops, etc.”

Debugging Software Deployments with strace — I feel like learning strace relatively early on in my DevOps journey unlocked a lot of skills and ability I didn’t have until I learned it.

Do things right in VSCode — “Here are some settings that I change when I install VS Code on a new computer.”

How Shopify Implements Custom Autoscaling Rules in Kubernetes “Andy Kwiatkowski from Shopify talked at the Velocity conference in Berlin about why they had to create a custom autoscaler in Kubernetes. Existing solutions for autoscaling didn’t fulfill Shopify’s needs, mainly because of the large and sudden influx of traffic requests they receive. Also, they needed a cost-efficient solution when scaling down or to configure complex scaling conditions.”

Four ex-Google engineers ask for federal probe of Thanksgiving week firings — I’d like someone to act like this was perfectly business as usual, yes.

How to idempotently change file attributes (e.g. immutable) with Ansible

Start Using Git on the Command Line Like a Pro in Five Minutes — “A quick tour of basic Git commands”

psFried/roperator — Experimental Kubernetes Operator kit written in Rust

The status quo of Kubernetes operators — ”Container technology is spreading like wildfire in the software world – possibly faster than any other technology before. Kubernetes, in particular, has had a banner year and continues to rise. But what are the key learnings so far? Learn about existing Kubernetes operators in detail with Red Hat’s Roland Huss.”

OOMyPod: Nothin’ To CRI-O-bout — “Gather around the fire for a story about the unlikely partnership of bugs that led to a partial container escape. While this is a fairly technical post covering some container and Kubernetes components, we included links throughout if you want to learn about them or need a refresher while reading.”

Tweet of the Week


Sponsor DevOps'ish and put your brand in front of thousands of highly skilled operators, maintainers, developers, and leaders from Amazon, Apple, Google, IBM, Intel, Microsoft, Red Hat, many of the Fortune 100, and beyond. Download the DevOps'ish Sponsorship Prospectus now!


Join the Conversation

Join the DevOps'ish group on Telegram for insight and in-depth discussions about real technical challenges facing real people. Also, join //devopsish for a stream of news and content throughout the week.


Share