DevOps'ish

DevOps, Cloud Native, Hybrid Cloud, Open Source, industry news, culture, and the ‘ish between.

DevOps’ish 229: Kubernetes 1.22, KubeCon schedule announced, security fails abound, Zoom’s paltry fine, finally death to 996, NSA Kubernetes Hardening Guidance, and much more

Kubernetes 1.22 shipped this week. I suggest you, at a minimum, read the release blog post or take a gander at the CHANGELOG and definitely read the No, really, you MUST read this before you upgrade. Some of the bigger changes: Audit log files are created with mode 0600 (owner read-only) Rootless mode containers moving to alpha: In my opinion, if you use Podman, you’re used to this. If you’re not, you should be using rootless containers intentionally for security reasons (more on that later). Read more →

124: Kubernetes Tools, Google Anthos and Cloud Run, Fenrir for Serverless, Five Abstractions Make an Inception, Ports on Linux, and More

I hope you had a wonderful week and are looking forward to the week ahead. I have been heads down working on Red Hat Summit work, upcoming releases, and trying to properly define DevOps this week. But, it has left me little time to really think about solving new problems. What do you do when you have complex problems to solve but only short bursts of time to work on them in? Read more →

122: Chefnanigans, Emotional Intelligence, Derek the DevOps Dinosaur, BPF, Envoy Convoy, Crates of k8s, OPA, and More

Chef announced this week they were giving up on letting users have binaries for free. Instead, you now can have all the source code for free but, not any of the binaries. Adam Jacob cited one company as having already adopted this model; Red Hat (my employer, see disclaimer). It’s a rather dubious claim because this Free Software Product model, developed mostly by Adam Jacob in the past sixth months, definitely does not predate Red Hat. Read more →

121: Kubernetes 1.14, Cloudy with a Chance of Complexity, Accelerate State of DevOps survey, and More

There is something to be said about simplicity. The amount of yak shaving needed these days is enormous. I’ve been on and off trying to get a container up and running in a cloud native manner. I’ve tried all of the major cloud providers and a few more. But, to a cloud, they all have inadequacies of one sort or another. If one has weird load balancing, the other has an absurdly expensive database service (compared to the competition). Read more →