DEVOPS WEEKLY ISSUE #531 - 28th February 2021
Empathy for systems administrators, performance engineering, logging and secrets management in AWS, scaling infrastructure as code practices and more this week.
StackHawk sponsors Devops Weekly
Mark your calendars! The first conference for OWASP ZAP users is taking place March 9. Get your free ticket to connect with other ZAP users and learn about the project’s roadmap.
http://sthwk.com/zapcon-devopsweekly
News
Moving to a new platform can have performance implications. This post goes over how one team designed experiments to work out what was going on after moving to Kubernetes and how to fix it.
https://www.datadoghq.com/blog/engineering/moving-a-jobsystem-to-kubernetes/
A detailed post on best practice for logging in AWS focused on security use cases.
https://www.marcolancini.it/2021/blog-security-logging-cloud-environments-aws/
A post on how the software community came to appreciate systems administrators a little more with the hugops movement.
https://www.protocol.com/enterprise/oral-history-hugops
Some good tips for scaling infrastructure as code across teams and organizations. Observations about public modules, standards, reusable code, having a formal release/versioning process and more.
https://www.singlestoneconsulting.com/blog/infrastructure-as-code-at-enterprise-scale/
JSON comes in a surprisingly large number of formats, with subtle differences. Throw in different JSON parsers in different languages and there is the potential for vulnerabilities caused by interoperability issues.
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
A good roundup of Linux server monitoring. Looking quickly at sar, vmstat, nethogs and monitorix.
https://www.linode.com/docs/guides/linux-system-monitoring-fundamentals/
A post on Kubernetes robustness, showing with examples how to bring up various Kubernetes services after failure.
https://itnext.io/breaking-down-and-fixing-kubernetes-4df2f22f87c3
A comparison of System Manager Parameter Store and the newer Secrets Manager for managing secrets in AWS environments.
https://www.davehall.com.au/blog/2021/02/22/parameter-store-vs-secrets-manager/
A nice worked example of live debugging using VSCode when you have a monorepo application and multiple container-based applications.
https://ikshitijsharma.medium.com/seamless-multi-container-multi-root-workspaces-debugging-in-vscode-devcontainers-on-steroid-54d7cff4ff77
Tools
cloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.
https://github.com/cloudquery/cloudquery
A new bash-like shell with a few interesting features. In-line spell checking, typed pipelines, built-in testing framework, user-friendly error handling and more.
https://github.com/lmorg/murex