Lots of posts this week covering topics as wide ranging as infrastructure as code, team culture, security testing and static analysis, metrics, on-call and more.

From our sponsor, VictorOps

In our latest guide, Resilience First, you’ll learn about the origin of SRE, how it’s evolved over the last few years, and the future of its impact on building highly observable, resilient applications and infrastructure.
http://try.victorops.com/devopsweekly/sre-golden-signals-guide

News

We often talk about the importance of teams when discussing devops practices, This post explains some of the common problems organisations face as they try and move embracing a team culture vs individual incentives.
https://agileoutloud.wordpress.com/2019/10/17/towards-a-culture-of-teams/

Testing for security alongside testing for functionality isn’t a new idea, although it’s only now becoming more popular. This post (written by yours truly) looks at the different tradeoffs involved in deciding where in the SDLC to test, based on feedback, coverage and cost.
https://snyk.io/blog/container-security-throughout-the-sdlc/

Some interesting thoughts on both the importance of infrastructure as code and its potential evolution into higher-level reusable architecture components.
https://aws.amazon.com/blogs/containers/containers-and-infrastructure-as-code-like-peanut-butter-and-jelly/

A solid side-by-side comparison of CloudFormation and Terraform, with a focus on AWS management.
https://medium.com/@cep21/after-using-both-i-regretted-switching-from-terraform-to-cloudformation-8a6b043ad97a

An introduction to the power of metrics, specifically looking at getting started with Prometheus from the point of view of a developer or operator producing/consuming metrics.
https://tech.showmax.com/2019/10/prometheus-introduction/

A good argument for deploying the simplest possible application end-to-end as quickly as possible, with a useful discussion of counter arguments and how to respond to them.
https://blog.thepete.net/blog/2019/10/04/hello-production/

A useful getting started post on Kubernetes manifests that has some tips for old timers as well. Using kubectl explain to introduce the main resources and how to find the correct property is a nice idea.
https://prefetch.net/blog/2019/10/16/the-beginners-guide-to-creating-kubernetes-manifests/

An in-depth post on DNS security, looking at DNSSEC, DNS over HTTPS and the various actors and threats involved.
https://www.netmeister.org/blog/doh-dot-dnssec.html

Good post on evolving an on-call rota. Especially as teams launch more and more services, and organisations grow in size, it’s important to constantly improve critical processes like on-call.
https://www.intercom.com/blog/rapid-response-how-we-developed-an-on-call-team-at-intercom

Interesting post on the benefits of various static analysis techniques for large code bases.
https://instagram-engineering.com/static-analysis-at-scale-an-instagram-story-8f498ab71a0c

A look at three handy dashboard tools for working locally with Docker containers and images.
https://medium.com/ssense-tech/my-docker-support-stack-58b1e67f5f4f

Jobs

SuperOrbital is looking for a Kubernetes training instructor! Are you a K8s expert who loves helping people learn? If you enjoy being on stage, traveling to interesting cities, and talking with teams who’re dealing with no-kidding scaling issues, then join us as a freelance trainer! Read more and apply here!
https://superorbit.al/careers/instructor/

Events

KubeCon + CloudNativeCon North America is coming up in San Diego from the 18th until the 21st of November. The schedule is packed with talks on the CNCF projects like Kubernetes, Envoy and Helm as well as case studies, community meetings and more. The code KCNADOW19 will save DevOps Weekly readers 10% off the ticket price too.
http://bit.ly/2ko9SrP

The O’Reilly Velocity Conference heads to Berlin, 4–7 November. Velocity is the best place on the planet for web ops and systems engineering professionals to get expert insight on building and maintaining cloud native systems. With 4 days of practical content on cloud native infrastructure, DevOps, Kubernetes, and more, there’s something for everyone. Passes start at €676 when you use the code DEVW20 (applies to Gold, Silver, and Bronze passes). Register today!
https://oreil.ly/99PIf

In our latest guide, Resilience First, you’ll learn about the origin of SRE, how it’s evolved over the last few years, and the future of its impact on building highly observable, resilient applications and infrastructure.
http://try.victorops.com/devopsweekly/sre-golden-signals-guide