DEVOPS WEEKLY ISSUE #670 - 29th October 2023
Incident management, operating ElasticSearch clusters and Argo, tools for API linting and a scattering of other topics this week for your enjoyment.
StackHawk sponsors Devops Weekly
Don’t let the idea of “shifting left” spook you! Join AppSec leaders from StackHawk and Snyk for tricks and treats on how to shift security left the right way. Register here
https://sthwk.com/shift-left-right-way
News
Having a formal lead role for incident management is a common pattern. This post explains what that role should do, and why it’s important.
https://argoday.medium.com/incident-command-guide-9872b51d7c94
A good set of lessons for running Argo Workflows, from operating advice and tips for writing workflows.
https://hodgkins.io/argo-workflow-proven-patterns-from-production
An interesting look at common Dockerfile issues, based on real-world data.
https://depot.dev/blog/dockerfile-linting-issues
A look at the state of the WebAssembly community. Details on language usage, interest in upcoming functionality, use cases and more interesting survey take aways.
https://blog.scottlogic.com/2023/10/18/the-state-of-webassembly-2023.html
A post for anyone operating ElasticSearch clusters, in particular focused on managing cluster state. Some tips for designing clusters for easier management too.
https://sematext.com/blog/elasticsearch-scaling-cluster-state/
Events
SeaGL (the Seattle GNU/Linux Conference) is a free grassroots technical summit dedicated to spreading awareness and knowledge about free / libre / open source software, hardware, and culture. It’s coming up next week, on November 3rd and 4th at the University of Washington and online.
https://seagl.org/
Tools
One advantage of adopting OpenAPI is the ability to build tools on top. Zally is an API linter that catches various issues based on the Zalando REST API guidelines.
https://github.com/zalando/zally
https://opensource.zalando.com/zally/
https://opensource.zalando.com/restful-api-guidelines/
VictoriaMetrics is a monitoring tool and time series database. It’s compatible with both the Prometheus querying API and the Graphite API, which makes it possible to use as a drop-in backend replacement.
https://github.com/VictoriaMetrics/VictoriaMetrics
A useful project to catalogue software packages that are known to be malicious, starting with npm, rubygems, pypi and crates.io.
https://github.com/ossf/malicious-packages