DEVOPS WEEKLY ISSUE #565 - 24th October 2021
Lots of good posts this week I feel across a wide range of topics. KubeCon wrap ups, detailed incident reports, production readiness reviews, scaling storage, threat modelling and deep internet networking knowledge to name a few.
StackHawk sponsors Devops Weekly
Join Snyk and StackHawk on November 2 @ 10:30 AM ET to learn how to implement automated security testing across your CI/CD pipeline. Register:
https://sthwk.com/dev-centric-security
News
KubeCon finished up in LA a week and a bit ago, and we have several posts this week recapping the event, with lots of links, observations and some opinions.
https://blog.getambassador.io/kubecon-na-2021-key-takeaways-devx-security-and-community-261aba3d5ae5
https://loft.sh/blog/kubecon-2021-los-angeles-wrapup/
https://torstenvolk.medium.com/kubecon-2021-top-3-announcements-apiclarity-hashicorp-waypoint-and-dell-emc-csm-a46f39f54bd
An insightful post on the sometimes hard-to-define distinction between application and infrastructure. A static/dynamic linking analogy, how the Kubernetes API and Crossplane fit in, and the potential for a new type of marketplace for applications.
https://danielmangum.com/posts/infrastructure-in-your-software-packages/
Game servers are a super interesting scaling challenge. This post, about recent outstages for a large game, goes into some great operational, data storage and architecture details.
https://us.forums.blizzard.com/en/d2r/t/diablo-ii-resurrected-outages-an-explanation-how-we’ve-been-working-on-it-and-how-we’re-moving-forward/28164
A look at how one team is evolving a large NFS file storage setup towards something that is easier to scale horizontally and automatically.
https://techblog.wikimedia.org/2021/10/19/iterating-on-how-we-do-nfs-at-wikimedia-cloud-services/
More deep internet networking insights, this time looking under the hood about what makes a valid hostname. It’s worse than you think.
https://www.netmeister.org/blog/hostnames.html
A good introduction to the extensibility benefits of Kubernetes, looking at the high-level API, custom resources and the operator pattern.
https://iximiuz.com/en/posts/kubernetes-operator-pattern/
A post on introducing a production readiness review process, in particular in smaller teams.
https://grafana.com/blog/2021/10/13/how-were-building-a-production-readiness-review-process-at-grafana-labs/?ck_subscriber_id=185276816
Tools
hcltm is a tool for describing a thread model in HCL, and then generating various outputs from it including markdown documents and data flow diagrams.
https://github.com/xntrik/hcltm
Snowcat is a tool that gathers and analyzes the configuration of an Istio cluster and audits it for potential violations of security best practices.
https://www.praetorian.com/blog/introducing-snowcat/
https://github.com/praetorian-inc/snowcat