DEVOPS WEEKLY ISSUE #687 - 3rd March 2024
Platform Engineering, alert design and some good real world stories of debugging, testing or building internal tooling this week.
StackHawk sponsors Devops Weekly
[ICYMI] DAST is Dead! Long Live DAST! The Evolution of Dynamic API security Testing webinar is now available on YouTube. Watch on-demand here.
https://sthwk.com/long-live-dast-webinar
News
A look at Platform Engineering, and introducing a layered model of platform, with the oft-missing platform orchestration layer binding together the application and infrastructure.
https://www.syntasso.io/post/platform-engineering-orchestrating-applications-platforms-and-infrastructure
A good troubleshooting writeup (featuring ceph, systemd and containerd), and a good reminder of the layered complexity of the software systems we operate.
https://blog.palark.com/sre-troubleshooting-ceph-systemd-containerd/
Good alert design is hard. This post looks in particular at the problem with workflows acknowledging alerts and the impact on alert fatigue.
https://medium.com/production-care/keep-your-dashboard-clean-acknowledgement-is-not-a-solution-501c3d832c62
A quick post on building a Slack bot to help with handoff for ongoing incidents. A good reminder of the powerful combination of APIs for your ops tools and the low barrier to writing and running bots like this with modern cloud infrastructure.
https://medium.com/@matt_weingarten/creating-an-oncall-handoff-bot-7ee3f67d1033
Another blog post in this series, looking at testing in microservices environments, and how one organisation has solved this with its own customer tooling.
https://medium.com/riskified-technology/elevating-microservices-testing-and-development-using-dynamicenv-852ffeeacff2
A few handy checklists for security focused code review, for both server and frontend applications. Plus a discussion of security code reviews in general, including reference to threat modelling.
https://axolo.co/blog/p/code-review-security-checklist
Tools
LLRT is an experimental, lightweight JavaScript runtime intended to Serverless environments. It targets a subset of the Node API, but enables much faster startup time and faster overall performance, as well as lower running costs.
https://github.com/awslabs/llrt