DEVOPS WEEKLY ISSUE #439 - 26th May 2019

2 minute read

Some content this week from KubeCon and CloudNativeCon. But lots of content from outside the Kubernetes space as well with posts on the need for a new security model, right-sizing cloud instances, service mesh, severity levels and more.

From our sponsor, VictorOps

[Free Webinar] Did you know that up to 80% of outages are preventable? Check out the recording of our recent webinar with Puppet and Splunk to see how analytics, incident response and automation can drive continuous improvement.
http://try.victorops.com/devopsweekly/continuous-improvement

KubeCon

My talk from KubeCon last week, looking at applying open policy agent to local testing and continuous integration of Kubernetes configs and other infrastructure as code tools.
https://speakerdeck.com/garethr/unit-testing-your-kubernetes-configuration-with-open-policy-agent

Another Open Policy Agent talk, this one looking at the Kubernetes admission controller Gatekeeper.
https://www.slideshare.net/ritaglm/opa-gatekeeper

One of the announcements at KubeCon was SMI, or Service Mesh Interface. SMI provides a spec describing a standard interface for service meshes on Kubernetes as well as a basic feature set for the most common service mesh use cases.


https://cloudblogs.microsoft.com/opensource/2019/05/21/service-mesh-interface-smi-release/
https://smi-spec.io/

Kubectl dig is a kubectl plugin which provides a powerful command line user interface for digging into the details of a Kubernetes cluster.
https://github.com/sysdiglabs/kubectl-dig

Conftest (mentioned in my talk above) is a tool for testing policy against structured data. Policy is written using Open Policy Agent and the rego assertion language, and the repo has examples testing Kubernetes configs, Terraform, Serverless configs and more.
https://github.com/instrumenta/conftest

News

The Puppet State of DevOps survey for 2019 is open and this year, along with more general devops adoption questions the survey is focusing on how people are integrating security into the software delivery lifecycle.
https://polls.onresearch.net/xsurvey/19JT001/19JT001T1/Survey.aspx?ckie=true

An interesting discussion of the changing needs of securing workloads, with the tools we have mainly focused on file permissions and users that where more suitable in the early days of computing.
https://medium.com/@benlaurie_18378/how-to-ruin-a-perfectly-good-container-d33250fca595

A post on the use of severity levels in various operations contexts, from urgency to customer impact to quality accounting and more.
https://www.adaptivecapacitylabs.com/blog/2019/05/20/the-negotiability-of-severity-levels/

A solid argument that right-sizing cloud instances, especially in AWS, is likely to be harder than you first thing, and is nearly never the best starting point when it comes to cost optimisation.
https://www.lastweekinaws.com/blog/right-sizing-your-instances-is-nonsense/

A good angle to look at the place of service mesh, comparing it to what you may choose to build yourself based on previous technologies.
https://jpetazzo.github.io/2019/05/17/containers-microservices-service-meshes/

A detailed tutorial for building a Docker-based development environment for a PHP project.
https://www.pascallandau.com/blog/structuring-the-docker-setup-for-php-projects/

A short series of posts on what to monitor when operating the Solr search engine, and some of the open source tools to help do so.
https://sematext.com/blog/solr-key-metrics-to-monitor/
https://sematext.com/blog/solr-open-source-monitoring-tools/

Tools

The Tekton project provides a set of resources for describing build pipelines, and the ability to run those pipelines on Kubernetes. Kitten takes the same resources and allows for running atop Docker.
https://github.com/ndeloof/kitten

YTT is a YAML templating tool that works on YAML structure instead of text
https://github.com/k14s/ytt
https://get-ytt.io/

Conprof is a tool for continuous profiling, collecting pprof profiles from HTTP endpoints and exposing them similar to a time series.
https://github.com/conprof/conprof

[Free Webinar] Did you know that up to 80% of outages are preventable? Check out the recording of our recent webinar with Puppet and Splunk to see how analytics, incident response and automation can drive continuous improvement.
http://try.victorops.com/devopsweekly/continuous-improvement

Updated: