DEVOPS WEEKLY ISSUE #439 - 26th May 2019
Some content this week from KubeCon and CloudNativeCon. But lots of content from outside the Kubernetes space as well with posts on the need for a new security model, right-sizing cloud instances, service mesh, severity levels and more.
From our sponsor, VictorOps
[Free Webinar] Did you know that up to 80% of outages are preventable? Check out the recording of our recent webinar with Puppet and Splunk to see how analytics, incident response and automation can drive continuous improvement.
http://try.victorops.com/devopsweekly/continuous-improvement
KubeCon
My talk from KubeCon last week, looking at applying open policy agent to local testing and continuous integration of Kubernetes configs and other infrastructure as code tools.
https://speakerdeck.com/garethr/unit-testing-your-kubernetes-configuration-with-open-policy-agent
Another Open Policy Agent talk, this one looking at the Kubernetes admission controller Gatekeeper.
https://www.slideshare.net/ritaglm/opa-gatekeeper
One of the announcements at KubeCon was SMI, or Service Mesh Interface. SMI provides a spec describing a standard interface for service meshes on Kubernetes as well as a basic feature set for the most common service mesh use cases.
https://cloudblogs.microsoft.com/opensource/2019/05/21/service-mesh-interface-smi-release/
https://smi-spec.io/
Kubectl dig is a kubectl plugin which provides a powerful command line user interface for digging into the details of a Kubernetes cluster.
https://github.com/sysdiglabs/kubectl-dig
Conftest (mentioned in my talk above) is a tool for testing policy against structured data. Policy is written using Open Policy Agent and the rego assertion language, and the repo has examples testing Kubernetes configs, Terraform, Serverless configs and more.
https://github.com/instrumenta/conftest
News
The Puppet State of DevOps survey for 2019 is open and this year, along with more general devops adoption questions the survey is focusing on how people are integrating security into the software delivery lifecycle.
https://polls.onresearch.net/xsurvey/19JT001/19JT001T1/Survey.aspx?ckie=true
An interesting discussion of the changing needs of securing workloads, with the tools we have mainly focused on file permissions and users that where more suitable in the early days of computing.
https://medium.com/@benlaurie_18378/how-to-ruin-a-perfectly-good-container-d33250fca595
A post on the use of severity levels in various operations contexts, from urgency to customer impact to quality accounting and more.
https://www.adaptivecapacitylabs.com/blog/2019/05/20/the-negotiability-of-severity-levels/
A solid argument that right-sizing cloud instances, especially in AWS, is likely to be harder than you first thing, and is nearly never the best starting point when it comes to cost optimisation.
https://www.lastweekinaws.com/blog/right-sizing-your-instances-is-nonsense/
A good angle to look at the place of service mesh, comparing it to what you may choose to build yourself based on previous technologies.
https://jpetazzo.github.io/2019/05/17/containers-microservices-service-meshes/
A detailed tutorial for building a Docker-based development environment for a PHP project.
https://www.pascallandau.com/blog/structuring-the-docker-setup-for-php-projects/
A short series of posts on what to monitor when operating the Solr search engine, and some of the open source tools to help do so.
https://sematext.com/blog/solr-key-metrics-to-monitor/
https://sematext.com/blog/solr-open-source-monitoring-tools/
Tools
The Tekton project provides a set of resources for describing build pipelines, and the ability to run those pipelines on Kubernetes. Kitten takes the same resources and allows for running atop Docker.
https://github.com/ndeloof/kitten
YTT is a YAML templating tool that works on YAML structure instead of text
https://github.com/k14s/ytt
https://get-ytt.io/
Conprof is a tool for continuous profiling, collecting pprof profiles from HTTP endpoints and exposing them similar to a time series.
https://github.com/conprof/conprof
[Free Webinar] Did you know that up to 80% of outages are preventable? Check out the recording of our recent webinar with Puppet and Splunk to see how analytics, incident response and automation can drive continuous improvement.
http://try.victorops.com/devopsweekly/continuous-improvement