New technology and discussion of operations this week; from on-call and incident investigations to package management and logging.

From our sponsor, VictorOps

The core of DevOps is all about continuous improvement. Thorough post-incident reviews drive innovation and system reliability. Leverage this free post-incident review template to start conducting highly effective post-incident reviews today:
http://try.victorops.com/devopsweekly/post-incident-review-guide

News

A good personal take on being on-call, with tips to make it more manageable; from good hardware and connectivity, to self-care and notification hygiene.
https://www.hostedgraphite.com/blog/surviving-on-call-tips-from-a-hosted-graphite-sre

Slides from a talk I gave this last week on Cloud Native Application Bundles, or CNAB. CNAB is a new specification for packaging distributed applications with multiple toolchains. The slides cover some of the problem, details of the spec and the emerging tooling.
https://speakerdeck.com/garethr/cnab-packagaging-for-applications-with-multiple-toolchains

It’s common to hold some sort of investigation into an outage, but how those investigations are conducted, and what we get out of them can vary wildly. This post digs into one detail; when to end an investigation.
https://ryanfrantz.com/posts/when-does-an-investigation-end.html

There are lots of discussion going on at the moment about using OCI registries for distributing other types of content. This post explores why that’s interesting, and how it might apply to Helm.
https://blog.bacongobbler.com/post/2019-01-25-distributing-with-distribution/index.html

Analysing failures is a great way of learning how systems behave in the real world. This repository is collecting tales (mainly links to blog posts and talks) of Kubernetes-related outages.
https://github.com/hjacobs/kubernetes-failure-stories

A post describing different approaches to logging for PHP applications running on Kubernetes, showing a few problems and their solutions.
https://pracucci.com/php-on-kubernetes-application-logging-via-unix-pipe.html

A detailed post on migrating from a self-hosted technology to a new managed service from a cloud provider. Lots of good general takeaways.
https://medium.com/bench-engineering/from-activemq-to-amazon-mq-why-and-how-we-moved-to-awss-managed-solution-afeba3ea7e23

A post on a newly discovered (and patched) vulnerability in the Apt package manager, which also comes back to the issue of HTTP vs HTTPS for package repositories.
https://justi.cz/security/2019/01/22/apt-rce.html

A walkthrough of setting up security scanning for Docker images in your CI system of choice. Examples using Microscanner as well as GitLab and Jenkins.
https://aboullaite.me/docker-security-scan/

Tools

Img2lamda allows for using the Docker image build tools to create an image, and then convert that into AWS Lambda layers, and publishes those as new layer versions to Lambda.
https://github.com/awslabs/aws-lambda-container-image-converter/

The core of DevOps is all about continuous improvement. Thorough post-incident reviews drive innovation and system reliability. Leverage this free post-incident review template to start conducting highly effective post-incident reviews today:
http://try.victorops.com/devopsweekly/post-incident-review-guide