Several security posts this week following on from RSA, as well as posts on extending Kubernetes, using production analytics to ensure safe rollouts of complex systems and more.

From our sponsor, VictorOps

Efficient management of SQL schema evolutions allows DevOps professionals to deploy code quickly and reliably with little to no impact. Learn how modern teams are building out zero impact SQL database deployment workflows here:
https://go.victorops.com/devopsweekly-zero-impact-sql-database-deployments

News

An excellent talk from RSA on the intersection of governance, risk and compliance with devops practices.
https://www.rsaconference.com/usa/agenda/how-to-grc-your-devops

Conftest, the Open Policy Agent based tool for testing infrastructure as code, now has a handy plugin model. This post covers a few examples, for Kubernetes and AWS, and explains how to build your own.
https://www.blokje5.dev/posts/conftest-plugins/

A look at Gandalf; an intelligent, end-to-end analytics service for safe deployment in cloud-scale infrastructure.
https://blog.acolyer.org/2020/02/28/microsoft-gandalf/

An interesting set of examples and exercises around Kubernetes security, looking at built-in Kubernetes capabilities.
https://securek8s.dev/exercise/

Another RSA talk, this one looking at the potential for attackers who know how Kubernetes works under-the-hood. Some pretty nefarious ideas demonstrated well.
https://www.rsaconference.com/usa/agenda/advanced-persistence-threats-the-future-of-kubernetes-attacks-3

One of the advantages of Kubernetes as a platform is it’s extensibility. This post looks at two mechanisms for this; adding your own scheduler and creating an an operator.

https://wgtwo.com/blog/extending-k8s/

A low-level look at how the logging framework Fluentd gathers metadata from Kubernetes.
https://www.zebrium.com/blog/how-fluentd-collects-kubernetes-metadata

Jobs

env0 makes Infra-as-Code easy, empowering every dev and test case to have its own environment, while minimizing maintenance effort, costs and risk. We are a rapidly growing and well-funded startup based both in the San Francisco Bay Area and in Tel Aviv. We believe software development is a team effort, and are looking for people who strive for excellence, and enjoy the journey getting there.
https://www.env0.com/open-positions/devops-relations-advocate

Tools

Dispatch is an open source crisis management orchestration framework. IT integrates with Slack, Google Apps, Jira, etc. to make it easier to react to assembling participants, sending out notifications, tracking tasks, and assisting with post-incident reviews.
https://medium.com/@NetflixTechBlog/introducing-dispatch-da4b8a2a8072
https://github.com/Netflix/dispatch

Ever wanted to query your Kubernetes cluster using SQL? Kube Query provides a bridge between osquery and Kubernetes to do just that.
https://blog.aquasec.com/kube-query-osquery-kubernetes-clusters

Efficient management of SQL schema evolutions allows DevOps professionals to deploy code quickly and reliably with little to no impact. Learn how modern teams are building out zero impact SQL database deployment workflows here:
https://go.victorops.com/devopsweekly-zero-impact-sql-database-deployments