DEVOPS WEEKLY ISSUE #571 - 5th December 2021
Lots of tools this week, from Kubernetes autoscaling to kernels for low level compute, to high level domain specific deployment tools and more.
StackHawk sponsors Devops Weekly
Join StackHawk on December 16 for a hands-on workshop covering how to automate application security testing in CI/CD using GitHub Actions. Register:
https://sthwk.com/github-workshop
News
An interesting post on the concept of sharding, why general purpose sharding is useful, and notes on a new project in this space.
https://rakyll.org/shardz/
Insider threat is something some teams and organisations need to carefully consider. This post provides a clear set of scenarios, along with real-world examples.
https://magoo.medium.com/malicious-insider-scenarios-cf7e37789e40
Vulnerability data is often messier that you might realise. A few interesting posts analysing the central CVE database, looking at quality and growth. Lots of research opportunities here.
https://jerrygamblin.com/2021/07/23/tracking-cpe-data-quality-issues/
https://jerrygamblin.com/2021/07/17/cve-prophet/
Skip the title, this post provides a nice introduction to Nix, especially if you have familiarity with Docker.
https://blog.replit.com/nix-vs-docker
Tools
Kusk is a new Kubernetes ingress controller that routes requests based on an OpenAPI specification, reducing repetition.
https://kubeshop.io/blog/configure-ingress-with-openapi
https://github.com/kubeshop/kusk
A new Kubernetes autoscaling service, Karpenter observes the aggregate resource requests of unscheduled pods and makes decisions to launch and terminate nodes to minimize scheduling latencies and infrastructure cost.
https://karpenter.sh
https://github.com/aws/karpenter
Hubris is a lightweight, memory-protected, message-passing kernel for deeply embedded systems. An interesting vision for open source low level compute.
https://oxide.computer/blog/hubris-and-humility
https://github.com/oxidecomputer/hubris
https://github.com/oxidecomputer/humility
Acra is a database security suite. It provides a proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots and more for a variety of SQL and NoSQL databases.
https://github.com/cossacklabs/acra
https://www.cossacklabs.com/blog/acra-0-90-0
I’m a big fan of higher level domain-specific tools that focus on specific ecosystems. Kuby is a new Kubernetes deployment tool that’s highly optimised for Ruby on Rails.
https://getkuby.io
https://github.com/getkuby/kuby-core
https://evilmartians.com/chronicles/kubing-rails-stressless-kubernetes-deployments-with-kuby