With KubeCon finishing up this last week we have a fair amount of Kubernetes news this week, but if that’s not your thing look out for some good posts on embracing collaboration when it comes to security teams, not blaming workarounds for problems and some great learning material for distributed systems topics.

StackHawk sponsors Devops Weekly

The shift to rapid, frequent deployments over the past decade initially left application security behind. Modern AppSec belongs in the CI/CD pipeline.
https://sthwk.com/app-sec-in-pipeline

News

Workarounds might be inevitable in complex people and computer systems, how can we identify and remove the need for workarounds that lead to security problems?
https://surfingcomplexity.blog/2020/07/20/how-could-they-be-so-stupid/

A presentation stepping through improving application security by supporting developers with security expertise and services. Secure API design, thread modelling and more good tips.
https://speakerdeck.com/abhaybhargav/devsecoops-stories-of-devsecops-failures-and-success

A long post telling the story of a long-running migration to Kubernetes. Lots of details about the why, monitoring, automation, governance and more.
https://lambda.grofers.com/learnings-from-two-years-of-kubernetes-in-production-b0ec21aa2814

Some observations from last week’s KubeCon event, looking at the content presented and what it might mean about the maturity of the community and project.
https://harness.io/2020/11/kubecon-2020-recap-maturity-in-cloud-native/

Distributed systems have lots of interesting properties that warrant detailed study, and this up-to-date set of course material (notes slides and videos) is a great start for anyone seeking more in-depth knowledge.
https://martin.kleppmann.com/2020/11/18/distributed-systems-and-elliptic-curves.html

An interesting look at the scale of the growing BPF ecosystem. Lots of tools at lots of different layers of the stack, with a focus on Kubernetes use cases.
https://speakerdeck.com/ahrkrak/beyond-the-buzzword-bpfs-unexpected-role-in-kubernetes

A new report on container adoption. Lots of interesting aggregate data on cloud provider Kubernetes adoption, popular stateful container applications, container registry usage and more.
https://www.datadoghq.com/container-report/

A 12 part series on running .NET applications on Kubernetes. Everything from Helm charts to health checks and database migrations to rolling deployments.
https://andrewlock.net/series/deploying-asp-net-core-applications-to-kubernetes/

Tools

Ever found yourself wanting to quickly look up DNS information? Dog is a CLI tool with a nice user interface and the ability to output JSON.
https://dns.lookup.dog/

illuminatio is a tool for automatically testing kubernetes network policies. Simply execute illuminatio clean run and illuminatio will scan your kubernetes cluster for network policies, build test cases accordingly and execute them to determine if the policies are in effect.
https://github.com/inovex/illuminatio

Karpenter is a metrics-driven autoscaler built for Kubernetes and can run in any Kubernetes cluster anywhere. It’s performant, extensible, and can autoscale anything that implements the Kubernetes scale subresource
https://github.com/awslabs/karpenter