DEVOPS WEEKLY ISSUE #583 - 27th February 2022
My thoughts, like everyones, this weekend with the situation in Ukraine, and my colleagues and friends from the region. One of them shared https://savelife.in.ua/en/ with me and I’m sharing here if you think you can help.
Posts on developer experience, priority/severity and continuous integration today as well, with quite a few posts on various Kubernetes goings on again this week.
StackHawk sponsors Devops Weekly
Curious to learn about the impact of scaling DevSecOps across your org? Register for free for ZAPCon 2022 for talks, workshops, and a community focused on automated security testing with open source tools:
https://sthwk.com/zapcon-registration
News
People often conflate severity and priority I find. This post does a good job of explaining the difference, and why that difference is useful.
https://firehydrant.io/blog/incident-severity-and-priority-101/
Many readers of this newsletter will be familiar with the move to encoding everything from infrastructure to database migrations and CI pipelines to security policies. This post provides a wide overview, and asks some interesting questions about the overall movement.
https://www.jedi.be/blog/2022/02/23/trends-and-inventory-of-50-as-code-concepts/
We often talk about developer experience, but what do we really mean by that? This post provides a description, as well as collecting together several excellent pieces on the subject.
https://redmonk.com/jgovernor/2022/02/21/what-is-developer-experience-a-roundup-of-links-and-goodness/
An interesting and detailed post on the security surface for Grafana. Much of this is just as relevant to any data aggregation/data visualisation tooling.
https://grafana.com/blog/2022/02/22/how-secure-is-your-grafana-instance-what-you-need-to-know/
A quick introduction to using Carvel (kapp and ytt in this case) with ArgoCD for building a deployment pipeline for Kubernetes.
https://carvel.dev/blog/argocd-carvel-plugin/
Another ArgoCD post, this one looking at integrating Kyverno for policy enforcement in the pipeline.
https://medium.com/@charled.breteche/using-kyverno-policies-with-argocd-1a600c1b249
The latest version of Helm brings to GA an interesting feature, support for publishing charts to, and consuming charts from, OCI registries.
https://itnext.io/helm-3-8-0-oci-registry-support-b050ff218911
An introduction to eBPF, which moves quickly on to hands on C examples of writing eBPF programmes.
https://medium.com/@buraktahtacioglu/get-started-with-ebpf-cncf-roadmap-5674d3859728
Tools
Kube Review is a handy utility which transforms a provided Kubernetes resource into a Kubernetes AdmissionReview request. Useful for test web hooks or working with policy tools.
https://github.com/anderseknert/kube-review
Zarf is a tool to help build Kubernetes clusters in air-gapped environments. It provides a self-contained CLI that can pull, package, and install all the things your clusters need to run.
https://github.com/defenseunicorns/zarf
Knox is a service for storing and rotation of secrets, keys, and passwords used by other services.
https://github.com/pinterest/knox