Lots of build posts this week, on new build tools, developer framework integration and the security of build servers. Plus operations lessons, devops reading and the shift from infrastructure to application and product teams.

From our sponsor, VictorOps

Continuous improvement, delivery, and integration typically sit at the forefront of DevOps. But, none of this is possible without a successful system for continuous testing. See how modern teams are creating a robust continuous testing framework:
https://go.victorops.com/devopsweekly-continuous-testing-in-devops

News

A long list of lessons learned doing operations. Light-hearted, but an awful lot to nod along to. Worth reading in particular if you’re new to ops work.
https://www.netmeister.org/blog/ops-lessons.html

Build servers and build processes are an interesting threat vector. This talk (from one of my colleagues at DeliveryConf) looks at some of the security challenges, and discusses reproducible builds, TUF, signing, package managers and more.
https://www.youtube.com/watch?v=HVFm8DhkXe8

An interesting look at the changes in the traditional infrastructure and operations organisation as more and more large companies adopt product teams, devops practices and cloud-native technologies.
https://go.forrester.com/blogs/the-io-organization-under-pressure/

A good post on the problems with pre-production environments and local dev environments, suggesting a move to more development activities in production.
https://tersesystems.com/blog/2020/01/22/developing-in-production/

As containers become an ever more popular distribution format, we’re seeing image build tools move from standalone tools to being build into popular frameworks as an implementation detail. The new Spring Boot release is a nice example.
https://medium.com/@TimvanBaarsen/first-look-at-cloud-native-buildpacks-support-in-spring-boot-2-3-milestone-1-ece8e72ed93f

Another post on container build, this one looking at various new build tools, including buildkit, kaniko, img and more.
https://blog.alexellis.io/building-containers-without-docker/

An up-to-date list of books related to devops. A good mix of introduction, overview, business and engineering focused titles.
https://techbeacon.com/devops/devops-must-reads-7-titles-every-practitioner-should-read

A detailed look at using eBPF to instrument userland applications on Linux, with lots of hands-on examples.
https://sematext.com/blog/ebpf-userland-apps/

Most technology decisions are a matter of choosing the best trade-offs in your context. Running on virtual machines or bare metal is definitely one of those. This post explores the question of where you might choose to run a Kubernetes cluster.
https://neonmirrors.net/post/2020-01/why-k8s-on-vms/

Training

“This is the best quality technical training I’ve ever attended.”

SuperOrbital’s Docker and Kubernetes workshops are the absolute best in the market. We cover everything from the basics to custom controllers and schedulers. On-premise, fully hands-on, and custom-tailored for your team. Schedule a workshop for your team and get them off on the right cloud-native foot today!
https://superorbit.al/workshops

Tools

Trackman is a command line tool and Go library that runs multiple commands in a workflow. It supports parallel steps, step dependencies, async steps and success checkers.
https://blog.cloud66.com/introducing-trackman-execute-commands-as-a-workflow/
https://github.com/cloud66-oss/trackman

Configula is a new, experimental, configuration authoring tool. It aims to combine some of the advantages of a declarative/data approach with a more general purpose programming language.
https://github.com/brendandburns/configula

Continuous improvement, delivery, and integration typically sit at the forefront of DevOps. But, none of this is possible without a successful system for continuous testing. See how modern teams are creating a robust continuous testing framework:
https://go.victorops.com/devopsweekly-continuous-testing-in-devops