DEVOPS WEEKLY ISSUE #525 - 17th January 2021

1 minute read

Several posts this week on the ever-important topic of build tools. Architecture, a couple of deep-dive Kubernetes posts and securing your GitHub repositories too.

StackHawk sponsors Devops Weekly

How do you know your GraphQL API is secure? Watch StackHawk CSO Scott Gerlach walk through how to run application security tests for GraphQL-backed apps.
http://sthwk.com/webinar-graphql

News

A good argument for service mesh disappearing out of sight, making the point that service mesh is the dynamic linker for cloud based environments.
https://go.forrester.com/blogs/why-the-service-mesh-should-fade-out-of-sight/

A good checklist of things to do to protect your GitHub projects. Supply chain attacks are increasingly in the news.
https://marcinhoppe.com/securing-your-github-project/

A set of posts on best practices for creating container images for your .NET applications, including configuration and connecting to a database.
https://martin-horvath.medium.com/a-container-journey-asp-net-core-5-dockerization-6dacd4432a0
https://martin-horvath.medium.com/the-journey-continues-containerized-net-web-app-on-docker-connects-to-database-container-9c11c8c90383

A few posts on less-well-known capabilities of the Kubernetes role-based-access system, looking closely at bind and escalate.
https://raesene.github.io/blog/2020/12/12/Escalating_Away/
https://raesene.github.io/blog/2021/01/16/Getting-Into-A-Bind-with-Kubernetes/

An interesting walkthrough of the test suite of a reasonably complex project, discussing tradeoffs, configuration and the importance of optimising CI.
https://www.phoenixframework.org/blog/improving-testing-and-continuous-integration-in-phoenix

Most internal development teams have documentation for new starters to get set up with all of the needed software. It’s an interesting insight into a team’s stack. But it’s interesting to see this set of documentation posted publicly for others to explore.
https://medium.com/gocardless-tech/deploying-software-at-gocardless-open-sourcing-our-getting-started-tutorial-ab857aa91c9e
https://github.com/gocardless/utopia-getting-started/wiki/Utopia:-Tutorials:-Getting-Started

A good post for anyone needing to learn Gradle, or interested in building understandable software.
https://www.bruceeckel.com/2021/01/02/the-problem-with-gradle/

A comprehensive guide to vertical pod autoscaling in Kubernetes.
https://povilasv.me/vertical-pod-autoscaling-the-definitive-guide/

A big list of patterns for working with environment variables on the shell.
https://doppler.com/blog/how-to-set-environment-variables-in-linux-and-mac

Tools

driftctl tracks how well your Terraform/AWS codebase covers your cloud configuration and warns you about drift.
https://github.com/cloudskiff/driftctl
https://driftctl.com/2020/12/22/announcing-driftctl/

Please is a cross-language build system with an emphasis on high performance, extensibility and reproducibility. It supports a number of popular languages and can automate nearly any aspect of your build process.
https://please.build
https://github.com/thought-machine/please

Updated: