A packed issue this week, with everything from security to containers and running better retrospectives to cloud pricing. Lots of interesting events coming up this year too, with a couple of discounts for newsletter readers below..

Sponsor

Interested in ChatOps? Get the free 75 page O’Reilly report covering everything from basic concepts to deployment strategies.
http://try.victorops.com/DOWeekly/chatops

Sponsored

Practical Tips to Start Your DevOps Journey

In this webinar replay, learn practical tips that all IT groups from Dev to Ops can use to start their DevOps journey quickly. With experience from hundreds of DevOps deployments, Andreas Grabner, Chief DevOps Activist at Dynatrace, will provide insights it would take your team months or years to learn firsthand.
http://ow.ly/yJpv306Zlyy

News

An excellent presentation on application security, focused on threat modelling. Some great examples of building attack trees.
https://docs.google.com/presentation/d/1zzZ0jWqQUs4aUDmHE5oCIQX17yPuCYhuUTElW2KF8FE

A good case for the typical pricing models employed for IaaS today being ill-suited to modern, on-demand, cloud architectures.
https://m.subbu.org/state-of-aws-compute-pricing-600abe1a3ff6#.l5qkl15gp

Lots of people are using Docker images but not everyone will have delved into what a Docker image actually is. This post takes you through dissecting an image from Hub using basic shell commands.
http://blog.jeduncan.com/docker-image-dissection.html

A look at how one organisation has adopted devops practices over the past 5 years, starting with bottom-up evangelism and later introducing roles, team structures and technologies to support the changes.
https://blog.newrelic.com/2017/01/26/how-new-relic-does-devops/

Applying continuous delivery in the same way for different types of system, without taking into account different risks or other factors, is a bad idea. Some great examples of why in this post.
http://cloudscaling.com/blog/devops/continuous-delusion-at-the-infrastructure-layer/

An interesting survey on the disposition of infrastructure and infrastructure tools, covering everything from cloud and bare metal, deployment tooling, provisioning and services. Look for the results in a future issue.
https://goo.gl/forms/fZeuQjRmtB4GKNQy2

It’s often too easy to get carried away with new technologies, so it’s always interesting to read solid experience reports covering the good and still work-in-progress. This post does just that for Kubernetes.
https://blog.nelhage.com/post/kubernetes/

A solid set of talks for anyone wanting to delve into modern monitoring practices. Everything from core concepts to real-world stories.
https://techbeacon.com/10-monitoring-talks-every-developer-should-watch

SELinux has a reputation of being something people disable, even though it provides some solid protections from certain types of attack. This post explains how to use Puppet o enable and configure SELinux, in this case for Drupal application.
https://tag1consulting.com/blog/stop-disabling-selinux-manage-it-with-puppet

Some good tips for anyone running retrospectives, including a framework for collecting input, ideas for grouping things along a timeline and other ideas to keep retrospectives useful and fresh.
https://speakerdeck.com/madtypist/retrospectives-look-back-to-move-forward

A look at realtime streaming replication of MySQL using Kafka as the backend. The post goes into the why, as well as the technical details of how.
https://wecode.wepay.com/posts/streaming-databases-in-realtime-with-mysql-debezium-kafka

Some handy tricks for interacting with Docker containers via the Docker API, and via lower-level pieces like cgroups and namespaces. Code samples are in Python but you’ll likely find similar libraries for other languages too.
https://hackernoon.com/3-tricks-for-mastering-docker-with-python-99876412348d#.qmoob275t

An interesting comparison of Docker Swarm with Kubernetes, focused on the user experience and smaller surface area for configuration with Swarm.
https://gist.github.com/jonathan-kosgei/dac620fed9d9aeec35050bcc0a146647

CNCF

An introduction to Linkerd with William Morgan of buoyant.io

Linkerd is the latest hosted project to join the CNCF alongside Kubernetes, Prometheus, OpenTracing and Fluentd. Linkerd is an open source, resilient service mesh for cloud-native applications. Used by companies like Twitter, Soundcloud, Pinterest and ING. Linkerd brings scalable, production-tested reliability to cloud-native applications in the form of a service mesh, a dedicated infrastructure layer for service communication that adds resilience, visibility and control to applications without requiring complex application integration.
https://www.cncf.io/event/webinar-introtolinkerd

Jobs

Finding a Job Shouldn’t Feel Like Work. Try Hired Today.
http://hrd.cm/2jHrf1B

Events

The Study of Enterprise Agility Conference is coming up in London on April 10th, with some interesting talks on devops topics particularly relevant to large organisations. I have the good fortune to be speaking at this event, if you’re interest in attending use the code GARETH20 for 20% off the early bird price through the end of the month.
http://www.seacon-uk.com

dotScale, a conference on scalability, DevOps and distributed systems, is coming up on April 24th in Paris. Some excellent talks already announced, and tickets are 20% off for devops weekly readers.
https://dotscale2017.eventbrite.com/?discount=DEVOPSWEEKLY

Tools

An interesting set of tools for managing security in Google Cloud, focused on enforcing firewall rules across multiple projects.
https://labs.spotify.com/2017/02/22/google-cloud-security-toolbox/
https://github.com/spotify/gcp-firewall-enforcer
https://github.com/spotify/gcp-audit

Interested in ChatOps? Get the free 75 page O’Reilly report covering everything from basic concepts to deployment strategies.
http://try.victorops.com/DOWeekly/chatops