1 minute read

Merry Christmas to those celebrating, and thanks to everyone on-call over this busy period for lots of services. Lots of content this week, on deployment decisions, SLOs, SBOMs, serverless management and more.

StackHawk sponsors Devops Weekly

Seasons Tweetings from the StackHawk team! We wish you all a Happy Hawkidays and an egg-cellent New Year.

News

A post on Sysadvent, considering systems safety and deployment decisions under stressful circumstances.
https://sysadvent.blogspot.com/2021/12/day-20-to-deploy-or-not-to-deploy-that.html

A post on making SLOs and SLIs more discoverable and managing them in code, using a custom DSL. Not everyone will have the time to build such custom tooling but it’s an interesting insight to SLO management at scale.
https://engineering.fb.com/2021/12/13/production-engineering/slick/

This was the thing that interested me in Kubernetes to begin with, the argument for a standard API.
https://joshgav.github.io/2021/12/16/kubernetes-isnt-about-containers.html

A look at working with Terraform and Serverless Framework together to manage AWS Lambda applications in a declarative manner.
https://tsh.io/blog/aws-infrastructure-terraform-serverless/

A post on what to look for when exploring software for managing SBOMs.
https://advisory.kpmg.us/blog/2021/software-bills-materials.html

An interesting post on the complexity of caching and the potential for cache poisoning attacks at scale.
https://youst.in/posts/cache-poisoning-at-scale/

Some observations and recommendations about the secure usage of third party APT repositories and risks with signing keys having broader scope than probably expected.
https://blog.cloudflare.com/dont-use-apt-key/

Jobs

Heap Named as a Glassdoor’s #1 Best Place to Work! We’re building the analytics engine that helps 6,000 companies make smarter decisions.

If you’re ENTHUSIASTIC about scaling Engineering Ops via Cloud Engineering Ops; COLLABORATIVE in selecting and incorporating the best DevOps tooling to support scale; and DRIVEN toward infrastructure-as-code and production-release made easy; continue because there’s more:

If we’ve piqued your interest, find out more below and apply here: https://heap.io/careers/jobs?gh_jid=3475999

You can read a recent blog post on our Engineering Blog too https://heap.io/blog/virtual-events

Tools

PolicyGlass allows for combining multiple AWS IAM policies/statements into their ‘effective permissions’, deduplicating permissions, and eliminating denied permissions along the way.
https://policyglass.cloudwanderer.io/en/latest/
https://sandbox.policyglass.cloudwanderer.io/

Copybara looks an interesting source code management tool, useful for importing sections of code from a confidential repository to a public repository, importing code from a public repository to a confidential repository, importing a change from a non-authoritative repository into the authoritative repository and more.
https://github.com/google/copybara

A handy wrapper around go’s toolchain, to make it easier to install and manage go binaries on your path.
https://github.com/TekWizely/bingo

Colima provides a simple way of provisioning a container runtime (either Docker or Containerd) on macOS.
https://github.com/abiosoft/colima

Updated: