One week into 2018 and we have the first big security issues with Spectre and Meltdown. A big shout out to the kernel engineers and others working to mitigate the problems, and the operators dealing with the fallout in production.

Sponsor

Curious about the state of on-call, but don’t have a ton of time to do the research? VictorOps has gathered the most important stats in one place for you to skim.
http://try.victorops.com/DevOpsWeekly/OnCallStats

News

This week saw the announcement of the Spectre and Meltdown show stopping bugs. I won’t fill the newsletter with posts on the subject, but this post from the stable kernel release manager is worth reading, and has good links to other sources too. The advice is to update your kernels, don’t delay, and don’t stop.
http://kroah.com/log/blog/2018/01/06/meltdown-status/

A detailed post on learning to operate Kubernetes, which walks through a real-world story and outlines the strategies used (which are relevant for adopting other complex software too.)
https://stripe.com/blog/operating-kubernetes

When considering architecture it’s super important to consider future changes, and often why that means not trying to solve problems you don’t have now. A good post on evolutionary architecture explains.
https://codeburst.io/evolutionary-architecture-27dae14b323d

Brigade is a new workflow tool for Kubernetes. This post explains why the interface is a full-blown scripting language rather than just data like other tools used for some of the same purposes. A good post for anyone interested in user interface design for operations tools.
http://technosophos.com/2018/01/04/why-brigade-doesn-t-do-yaml.html

An interesting experience report from operating an application on Google App Engine. Covers the built-in functionality for GAE, but it’s also useful for anyone thinking about what changes when you run applications in any kind of restrictive platform.
https://blog.stephanbehnke.com/3-years-on-google-app-engine-an-epic-review/

A good post on immutable infrastructure and the importance of running you containers with read-only file systems. Contains good examples for Docker and Kubernetes based systems.
http://lucasvanlierop.nl/blog/2017/12/31/truly-immutable-deployments-with-docker-or-kubernetes/

A look at building minimal containers, with lots of examples, tips and tools for building smaller containers without the typical overhead of a VM.
https://blog.kintoandar.com/2018/01/Building-healthier-containers.html

CNCF - Cloud Native Computing Foundation

Free Webinar - What’s New in Kubernetes 1.9 January 9, Online

Join members of the Kubernetes 1.9 release team to learn about the major features in this release including Windows and Docker support, storage, admission control, and the workloads API.
https://goo.gl/Q7FPck

Free Webinar - Introducing Jaeger 1.0 January 16, Online

Learn about the features released in Jaeger 1.0, its architecture, deployment options, integrations with other CNCF projects, and the roadmap.
https://goo.gl/AWfDaZ

Tools

Dysk might be a useful tool for anyone running on Azure. It allows for attaching Azure disks in < 1 second. Dysk mounts Azure disks as Linux block devices directly on VMs without dependency on the host.
https://github.com/khenidak/dysk

Airflow is a toolset for to programmatically authoring, scheduling and monitor workflows. It’s based on directed acyclic graphs and provides a Python-based DSL and a set og GUI tools for management.
https://airflow.incubator.apache.org/

Umoci is a tool for manipulating and building OCI compatible container images. It’s particularly handy for building containers without root users and for specific file-system layer manipulations.
https://umo.ci/

Curious about the state of on-call, but don’t have a ton of time to do the research? VictorOps has gathered the most important stats in one place for you to skim.
http://try.victorops.com/DevOpsWeekly/OnCallStats