DEVOPS WEEKLY ISSUE #532 - 7th March 2021
Some great longer reads this week on cloud migration, architecture and security engineering teams working more closely with development organisations. Plus several interesting tools and tech discussions.
env0 sponsors Devops Weekly
Prevent cloud misconfigurations by shifting security left in your IaC deployments!
https://www.env0.com/blog/better-together-checkov-and-env0
About env0: use Infrastructure as Code to let your team manage their own environments across clouds. Governed by your policies and with complete visibility & cost management.
News
A solid architecture post on a large scale compute platform that aims to combine the best aspects of microservices with asynchronous workflows and serverless functions. Combines migration, design, future thoughts and more.
https://netflixtechblog.com/the-netflix-cosmos-platform-35c14d9351ad
3 interesting observations about adopting public cloud when coming from traditional infrastructure; the cloud has its own CMDB, the only thing that knows about a thing is itself, and the advantage of cloud is flexibility.
https://blog.mangoteque.com/blog/2021/02/22/3-things-to-know-when-moving-to-public-cloud/
A great post on devops and security, from the security engineering perspective. Some good practical tips including embedding security engineers in engineering teams (and vice versa), gamification and more.
https://segment.com/blog/shifting-engineering-right/
Argo introduces some interesting higher-level concepts into Kubernetes, including AppProject which allows for a project container to tie together other resources.
https://blog.argoproj.io/hassle-free-multi-tenant-k8s-clusters-management-using-argo-cd-7dd35619046a
Containers are for stateless services, or so the tale goes. In reality lots of people are running databases in containers. This post, focused on PostgreSQL, makes the case that the benefits often outweigh the disadvantages.
https://blog.crunchydata.com/blog/deep-postgresql-thoughts-resistance-to-containers-is-futile
A couple of handy posts on how to monitor AWS Fargate. What metrics should you be interested in, and how can you best access them?
https://www.datadoghq.com/blog/aws-fargate-metrics/
https://www.datadoghq.com/blog/tools-for-collecting-aws-fargate-metrics/
I like arguments against the zeitgeist, like this post on scaling issues with GitOps. I think there are some assumptions here that, if you are are building for scale you can address with automation, or are fundamental to scale rather than the approach, but I like the debate.
https://humanitec.com/blog/fundamental-flaws-of-gitops-a-statistical-analysis
Cloud migration in large, complex organisations is invariably a lot more complicated that it might first appear, partly because it’s as much about people and structures as technology. Some good observations along those lines in this next post.
https://www.linkedin.com/pulse/struggle-cloud-adoption-mark-thiele/
Events
WTF is SRE? Container Solutions presents a new WTFinar that tackles the beginning of understanding SRE. Join Nathen Harvey from Google to learn about service level indicators (SLIs) and service level objectives (SLOs) - components of error budgets. 9th February, 15:00 CET.
https://bit.ly/3atRvHI
What are you doing on 20 May? Giving a talk on Monitoring Distributed Systems? CI/CD on Multicloud systems? How about Adopting SRE, monitoring SLIs, agreeing on SLOs and SLAs? Container Solutions is organising a virtual conference called WTF is SRE and the CFP is open! Register & submit your talk here:
https://bit.ly/3biTNuO
Tools
OpenHistogram is an open source data structure for quickly and efficiently summarizing large numbers of measurements. It provides highly efficient and easily mergeable histograms and implementations so far in C, Python, Go, Lua, Javascript and C#.
https://openhistogram.io
Conprof is a continuous profiling tool. It’s intended to ensure you have a profile for just when an important event occurred, in order to make debugging easier.
https://github.com/conprof/conprof
An assorted set of tools for security-related task for git repositories, including identifying people and leaked information in the repository history.
https://github.com/pownjs/git