DEVOPS WEEKLY ISSUE #528 - 7th February 2021
The usual mix of topics this week, but several posts on build systems; building container images, Cargo build tricks, the importance of securing software build pipelines and more.
env0 sponsors Devops Weekly
Prevent cloud misconfigurations by shifting security left in your IaC deployments!
https://www.env0.com/blog/better-together-checkov-and-env0
About env0: use Infrastructure as Code to let your team manage their own environments across clouds. Governed by your policies and with complete visibility & cost management.
News
A detailed post on the Bottlerocket build system. You may not have quite as complex a project, but lots of interesting tricks in here for using Cargo for much more than just building Rust code.
https://aws.amazon.com/blogs/opensource/how-the-bottlerocket-build-system-works/
A post on how to best defend your software build pipeline from targeted supply chain attacks.
https://www.ncsc.gov.uk/blog-post/defending-software-build-pipelines-from-malicious-attack
Architecture diagrams often feature lots of boxes and arrows, but how do you overlay more useful information without visual overload? This post provides a handy visual language.
https://blogs.mulesoft.com/api-integration/strategy/a-visual-language-for-digital-integration/
Dockerfiles are ubiquitous for building container images. But if you’re looking for something that provides a higher level interface and stronger opinions then buildpacks are worth a look. This post compares the two.
https://technology.doximity.com/articles/buildpacks-vs-dockerfiles
Threat modelling is a useful tool for getting people thinking about the security of their systems. It’s also a great way of encouraging collaboration between development and security teams. This new manifesto is a good starting point.
http://www.threatmodelingmanifesto.org
Ever wanted to understand how Kubernetes allocates IP addresses when you run a high-level command like kubectl expose? This post has you covered.
https://thebsdbox.co.uk/2021/01/01/Putting-a-VIP-in-your-Kubernetes-Clusters/
gRPC is optimised for fast, secure over-the-wire transfer. But that makes it harder to debug than something like JSON over HTTP. Here’s how to use Wireshark for analyzing gRPC messages.
https://grpc.io/blog/wireshark/
A case study for building a Kubernetes-powered CI/CD pipeline using GitLab and Helm.
https://nextlinklabs.com/insights/kubernetes-ci-cd-gitlab-with-helm
Events
WTF is SRE? Container Solutions presents a new WTFinar that tackles the beginning of understanding SRE. Join Nathen Harvey from Google to learn about service level indicators (SLIs) and service level objectives (SLOs) - components of error budgets. 9th February, 15:00 CET
https://bit.ly/3atRvHI
Tools
Vorteil provides a super interesting toolkit for building and running fast micro-VMs. You can even convert an OCI-compliant container image directly to a VM and run it using Vorteil.
https://github.com/vorteil/vorteil
Kubenav provides desktop, web and mobile apps for monitoring the status of a Kubernetes cluster.
https://github.com/kubenav/kubenav