DEVOPS WEEKLY ISSUE #505 - 30th August 2020
Some good content on how we think about operations this week, with posts on legacy IT systems, problems with platform teams, SRE in different types of organisations, good and bad incident response and more.
env0 sponsors Devops Weekly
Preview environments give you better control over your infrastructure and a more reliable deployment setup. Check out how to set them up with Terraform.
https://www.env0.com//l/devops-wap-blog
About env0: use Terraform to let your team manage their own environments in AWS, Azure and Google. Governed by your policies and with complete visibility & cost management.
News
A good post on the problems with the word automation when getting buy-in across an organisation for change, and why perception is important.
https://blogs.starcio.com/2020/08/avoid-calling-it-automation.html
A look at the hidden world of legacy IT systems. Explores some notable incidents and the need for us to learn more about building systems that remain operable in the long term.
https://spectrum.ieee.org/computing/it/inside-hidden-world-legacy-it-systems
A post on the risks of adding a catch-all platform team as you grow your organisation and why evolving towards platform components and reuse can be more scalable.
https://kislayverma.com/organizations/a-case-against-platform-teams/
How different organisations apply SRE is either pragmatism or heresy, depending on your point of view. This post explores why the tension between the Google-envisaged application and other organisations.
https://sdarchitect.blog/2020/02/20/you-dont-need-sre-what-you-need-is-sre/
A look at 5 large recent outages from different services, looking at what they handled well during and after the incident. Lots of good observations.
https://statusgator.com/blog/2020/08/21/5-biggest-outages-of-q2-2020/
A good writeup of several of the sessions at the recent KubeCon event, including lots of links and twitter threads from the keynotes and several other talks.
https://firehydrant.io/blog/kubecon-2020-europe-wrapup/
The Tekton project (which provides a pipeline resource for Kubernete) has been maturing and is now launching a preview of Tekton Hub to make it easier to find tasks and pipelines.
https://cd.foundation/blog/2020/08/10/introducing-tekton-hub/
A good reminder about the limits of containers as a security boundary, looking at escaping from a container and how to secure the underlying Docker socket.
https://www.redtimmy.com/docker/a-tale-of-escaping-a-hardened-docker-container/
Open Policy Agent has mainly been associated with Kubernetes use cases, but it’s increasingly being used in other places too. This post explores using it to test Terraform plans.
https://medium.com/@azizzoaib/policy-as-code-using-conftest-for-terraform-9b24921b2ad2
Events
Shameless plug. My employer, Snyk, is holding an online event about all things application security and devops on October 21st/22nd. Free to register and the CFP is open now.
https://snyk.io/snykcon/
Tools
Werf is a tool designed to simplify and speed up the delivery of applications from Git. It will build Docker images and deploy to Kubernetes, and is designed to integrate with existing CI systems.
https://github.com/werf/werf
KubeCarrier is an open source project for managing applications and services across multiple Kubernetes Clusters. The accompanying blog post explains the use case nicely and provides an introduction.
https://www.kubermatic.com/blog/getting-started-with-kubecarrier
https://github.com/kubermatic/kubecarrier