1 minute read

API security, CI observability, auditing production access, kubernetes logging, runtime analysis. Quite the range of topics this week.

StackHawk sponsors Devops Weekly

Heading to Detroit for KubeCon this week? Stop by the StackHawk booth and enter the raffle for a pair of Apple AirPods Max!

News

A comprehensive post on API security, covering secure domain modelling, signing and encrypting responses, validation, rate limiting, transport security, error handling, audit logs and more.
https://medium.com/@trgoodwill/api-bites-securing-sensitive-api-s-bac6d51fe233

A nice case study of implementing policy-based continuous governance for Infrastructure as Code, using Open Policy Agent.
https://thenewstack.io/how-doordash-governs-its-infrastructure-with-open-policy-agent/

A good post on CI pipeline observability, with 3 metrics to optimise when trying to improve CI pipeline performance.
https://www.runforesight.com/blog/3-metrics-to-optimize-continuous-integration-pipelines

A good introduction to using AWS Systems Manager Parameter Store with Terraform, allowing configuration to be shared with other tools easily and securely.
https://www.davehall.com.au/blog/2022/10/19/tracking-infrastructure-with-ssm-and-terraform/

Who has access to production? Who should have access to production? This post provides some advice on a method for doing a risk assessment. Some of this is specific to AWS and IAM, but much is applicable to any setup.
https://blog.symops.com/2022/10/20/risk-assessment-aws-iam/

The CFP is open for Monitorama 2023. The CFP deadline is February 3rd, so lots of time to think of talk ideas around the suggested topics including benchmarking, monitoring maths, adoptability, underappreciated tooling and more.
https://blog.monitorama.com/cfp-open-for-pdx-2023-9bc1f73f51c4

Kubernetes has lots of moving parts, and as a result lots of logs. This post is a nice primer on how to access those, looking at the kubectl logs command, events, cluster logs and more.
https://sematext.com/blog/tail-kubernetes-logs/

Tools

AppMap is an open source runtime code analysis tool with support for Ruby, Java, Python, Javascript. IDE integrations and some interesting recording, visualisation and organisation tooling.
https://github.com/getappmap
https://appmap.io/docs/appmap-overview.html

Alpaquita Linux is a new Linux distribution that’s optimised for Java applications. It’s using the Alpine userspace, with various kernel and JVM optimisations.
https://bell-sw.com/blog/bellsoft-introduces-alpaquita-linux/
https://bell-sw.com/alpaquita-linux/

Not a new project, but very cool nonetheless. Get granular AWS pricing into your Google Sheets automatically, with spreadsheet functions to pull live pricing data.
https://github.com/mheffner/aws-pricing

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #694 - 21st April 2024

less than 1 minute read

A theme of architecture this week, with posts on the development of large systems, infrastructure evolution at scale, internal developer toolchains and more.

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...