1 minute read

Identify and access management, data operations, root cause analysis, SLOs and a few interesting Kubernetes security posts and tools this week.

StackHawk sponsors Devops Weekly

Trying to automate application and API security testing? See how StackHawk and Burp Suite Enterprise stack up:
https://sthwk.com/burp

News

Access and Identify is a deep topic, no more so when it comes to AWS. This post does a good job of explaining the current situation and related problems, and discusses potential improvements.
https://ben11kehoe.medium.com/aws-doesnt-know-who-i-am-here-s-why-that-s-a-problem-4aeca591b0a6

Gatekeeper (the Kubernetes policy enforcement tool) now has an alpha capability to mutate resources. This post is a good introduction, including an example of automatically fixing pod security admission issues.
https://medium.com/@LachlanEvenson/mutating-kubernetes-resources-with-gatekeeper-3e5585d49ead

Everyone likes the idea of a single root cause when a problem occurs. This post compares that to how we think about successes, to make the point about the fragility of looking for a singular root cause.
https://surfingcomplexity.blog/2021/08/13/root-cause-of-failure-root-cause-of-success

A detailed post on how best to audit and secure an AWS account.
https://acloudguru.com/blog/engineering/how-to-audit-and-secure-an-aws-account

A good post on service level objectives. It starts out with a good introduction, but it’s nice to see concrete examples and discussion of how to implement this in code, in this case with Ruby and Java.
https://www.betterment.com/resources/service-level-objectives-slo

If you’ve read much about SRE, you’ll probably have heard of the four golden signs of monitoring. This post provides a quick introduction and suggests some improvements and gaps.
https://rootly.io/blog/how-to-improve-upon-google-s-four-golden-signals-of-monitoring

The infrastructure for storage and usage of internal data is an ever-growing part of lots of operations teams responsibilities. This post provides a useful high level view of such a modern data platform.
https://towardsdatascience.com/the-anatomy-of-an-active-metadata-platform-13473091ad0d

Tools

Secrets and Kubernetes can be a challenge. This webhook provides one option, injecting secrets into Kubernetes resources from various secrets managers including Vault, AWS, GCP and Azure secrets managers.
https://github.com/OT-CONTAINER-KIT/k8s-vault-webhook

Kubescape is a new security scanning tool for checking the setup of a Kubernetes cluster, based on the recently published NSA and CISA guidance.
https://github.com/armosec/kubescape

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...

DEVOPS WEEKLY ISSUE #690 - 24th March 2024

1 minute read

Unreliable platform engineering, scaling databases, configuration management, software supply chain security and more this week. A good mix of interesting to...