DEVOPS WEEKLY ISSUE #554 - 8th August 2021
Posts this week on monitoring (with posts on scaling Prometheus and the relationship between testing and observability), Docker usage tips, modern Unix tools, hardening ubernetes and more.
StackHawk sponsors Devops Weekly
ICYMI ZAP Creator and Project Lead Simon Bennetts recently unveiled ZAP’s new automation framework. Watch the session and see how it works:
https://sthwk.com/automation-frmwrk
News
A great post on scaling Prometheus. Slow queries, data retention, high availability and more areas of discussion.
https://hackernoon.com/my-prometheus-is-overwhelmed-help-qi1937xj
We often see hello-world CI/CD examples, but real world examples are invariably more complex. This post does a good job of avoiding some of the hello world issues, looking at a full pipeline with Kubernetes, Tekton and ArgoCD.
https://piotrminkowski.com/2021/08/05/kubernetes-ci-cd-with-tekton-and-argocd/
A post on a common problem, how to access secure resources (like from a private GitHub repository or Nexus or other private package repository) from within a Docker build, without leaking sensitive information in the resulting image.
https://medium.com/marionete/pass-secure-information-for-building-docker-images-8adeafe08355
Relational SQL accounts for maybe 20% of the current specification. This site contains lots of information about modern advances in SQL and the support in different databases for them.
https://modern-sql.com/
I’ve always found the overlap between testing and monitoring interesting. This post delves into the topic, looking at observability, mutation testing, chaos testing and more.
https://rodolfohansen.medium.com/unit-tests-give-you-observability-cae71ee23303
Kubernetes hardening guidance from the NSA, covering scanning of containers and Pods for vulnerabilities or misconfigurations, running containers and Pods with the least privileges possible, and using network separation, firewalls, strong authentication, log auditing and more.
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/
Tools
A collection of modern replacement tools for standard unix utilities like ls, grep, cut, sed, ping, history and more.
https://github.com/ibraheemdev/modern-unix
If you’re using Docker and needing to work with multiple cloud-provider container registries you’ll have had to jump through hoops when it comes to credentials. docker-credential-magic makes all of that much simpler.
https://github.com/docker-credential-magic/docker-credential-magic
https://medium.com/@jdolitsky/docker-credential-magic-a-magic-shim-for-docker-credential-helpers-deae9e78c2df
PipeCD is a new continuous delivery tool for declarative Kubernetes, serverless and infrastructure applications
https://pipecd.dev/
https://github.com/pipe-cd/pipe