DEVOPS WEEKLY ISSUE #617 - 23rd October 2022
API security, CI observability, auditing production access, kubernetes logging, runtime analysis. Quite the range of topics this week.
StackHawk sponsors Devops Weekly
Heading to Detroit for KubeCon this week? Stop by the StackHawk booth and enter the raffle for a pair of Apple AirPods Max!
News
A comprehensive post on API security, covering secure domain modelling, signing and encrypting responses, validation, rate limiting, transport security, error handling, audit logs and more.
https://medium.com/@trgoodwill/api-bites-securing-sensitive-api-s-bac6d51fe233
A nice case study of implementing policy-based continuous governance for Infrastructure as Code, using Open Policy Agent.
https://thenewstack.io/how-doordash-governs-its-infrastructure-with-open-policy-agent/
A good post on CI pipeline observability, with 3 metrics to optimise when trying to improve CI pipeline performance.
https://www.runforesight.com/blog/3-metrics-to-optimize-continuous-integration-pipelines
A good introduction to using AWS Systems Manager Parameter Store with Terraform, allowing configuration to be shared with other tools easily and securely.
https://www.davehall.com.au/blog/2022/10/19/tracking-infrastructure-with-ssm-and-terraform/
Who has access to production? Who should have access to production? This post provides some advice on a method for doing a risk assessment. Some of this is specific to AWS and IAM, but much is applicable to any setup.
https://blog.symops.com/2022/10/20/risk-assessment-aws-iam/
The CFP is open for Monitorama 2023. The CFP deadline is February 3rd, so lots of time to think of talk ideas around the suggested topics including benchmarking, monitoring maths, adoptability, underappreciated tooling and more.
https://blog.monitorama.com/cfp-open-for-pdx-2023-9bc1f73f51c4
Kubernetes has lots of moving parts, and as a result lots of logs. This post is a nice primer on how to access those, looking at the kubectl logs command, events, cluster logs and more.
https://sematext.com/blog/tail-kubernetes-logs/
Tools
AppMap is an open source runtime code analysis tool with support for Ruby, Java, Python, Javascript. IDE integrations and some interesting recording, visualisation and organisation tooling.
https://github.com/getappmap
https://appmap.io/docs/appmap-overview.html
Alpaquita Linux is a new Linux distribution that’s optimised for Java applications. It’s using the Alpine userspace, with various kernel and JVM optimisations.
https://bell-sw.com/blog/bellsoft-introduces-alpaquita-linux/
https://bell-sw.com/alpaquita-linux/
Not a new project, but very cool nonetheless. Get granular AWS pricing into your Google Sheets automatically, with spreadsheet functions to pull live pricing data.
https://github.com/mheffner/aws-pricing