DEVOPS WEEKLY ISSUE #437 - 12th May 2019
A later than usual issue this week due to some travel shenanigans. But lots of content this week on everything from modern architecture patterns, securing database passwords, configuration fragmentation in a world of lots of repositories and more.
From our sponsor, VictorOps
[You’re Invited] Puppet, Splunk and VictorOps are teaming up for a live webinar on powering continuous improvement by combining analytics, incident response and automation. Learn best practices for releasing better applications faster, without the fire drills.
http://try.victorops.com/devopsweekly/continuous-improvement
News
A few posts from a series on decoupling distributed systems, the series has lots of bite size posts on useful architecture concepts.
http://verraes.net/2019/05/patterns-for-decoupling-distsys-domain-query/
http://verraes.net/2019/05/patterns-for-decoupling-distsys-summary-event/
Open Policy Agent is finding lots of use cases at the moment, and lots of folks using Kubernetes are starting to experiment with it for policy control. This survey aims to investigate what people are doing.
https://styra.typeform.com/to/xQhn5g
I included a post on using OCI registries to distribute different types of content previously. This post goes into details for anyone wanting to do this with their own content.
https://stevelasker.blog/2019/05/11/authoring-oci-registry-artifacts-quick-guide/
A blog post on what the explosion of many small code repositories may mean for configuration drift, and some interesting looking analysis tools for you to track software version and Docker image usage.
https://blog.atomist.com/this-will-surprise-you/
A look at implementing short-lived ephemeral credentials for database access using Vault.
https://medium.com/bench-engineering/ephemeral-database-credentials-bc2a8b83b821
A post arguing that firmware is a larger security risk than people might think, and the answer may lie in wider adoption of open source in this space.
https://blog.jessfraz.com/post/why-open-source-firmware-is-important-for-security/
A really interesting look at the costs of running a popular, but relatively small, web service. Looks at infrastructure, monitoring, bandwidth, etc. costs that are usually kept private.
https://medium.com/unsplash/what-does-unsplash-cost-in-2019-f499620a14d0
A nice deep-dive into how DNSSEC works and details of DNS-based Authentication of Named Entities or DANE. Includes some of the counter arguments for implementing as well.
https://www.netmeister.org/blog/dnssec-dane.html
A look at monitoring node.js. What metrics are worthwhile collecting, and what tools are available to do so.
https://sematext.com/blog/top-nodejs-metrics-to-watch/
https://sematext.com/blog/nodejs-open-source-monitoring-tools/
A look at the best Docker base images to be using for your Python projects.
https://pythonspeed.com/articles/base-image-python-docker-images/
Events
KubeCon and Cloud Native Con Europe are coming up in just a weeks time, in Barcelona from May 20th until the 23rd. Expect a fantastic range of technical talks and an unparalleled opportunity to discuss all things modern infrastructure, cloud native software and open source. Hopefully see a few newsletter readers there.
https://bit.ly/2VTfMl9
Tools
A set of small Kubernetes utilities that aim to be simple, modular, and extensible. Includes simple deployment and templating tools.
https://github.com/k14s
[You’re Invited] Puppet, Splunk and VictorOps are teaming up for a live webinar on powering continuous improvement by combining analytics, incident response and automation. Learn best practices for releasing better applications faster, without the fire drills.
http://try.victorops.com/devopsweekly/continuous-improvement