Week 37 Issue #44
DevOps software firm GitLab filed to go public on Friday. The company's S-1 filing lists a placeholder $100 million raise estimate. GitLab raised $286 million at a post-money valuation of $2.75 billion in its last private-market transaction. In its fiscal year ended January 31, 2021, GitLab’s revenue rose roughly 87% to $152.2 million from a year earlier. Its gross profit rose around 86% and operating loss widened nearly 67% in the past two fiscal years.
Foreman 3.0 is an important milestone on the road to modernizing Foreman’s user interface. In this release, our main focus is on the host detail page. Foreman is an open source project that helps system administrators manage servers throughout their lifecycle, from provisioning and configuration to orchestration and monitoring. Foreman scales well to multiple locations (offices, data centers, etc) and multiple organizations, allowing you to grow without losing your single source of infrastructure truth. It is deployed in many organizations, managing from 10s to 10,000s of servers. It provides comprehensive interaction facilities including a web frontend, CLI and RESTful API which enables you to build higher level business logic on top of a solid foundation.
Financial Operations is the intersection of people, process and technology as it relates to managing the financial operations of a business. The most important concept is unit economics. We should always measure our cloud spend against a business metric e.g. total revenue, shipments made, paid subscribers, customer orders. FinOps is a culture that can be followed or adopted by taking into account factors such as the following principles: Cloud business value-driving decisions. Cloud usage is the responsibility of everyone in the organization.
An important aspect of DevOps is automating the deployment of your apps, and the release of new features. In this lab, I’ll show you how can use Terraform to automate the creation of AWS infrastructure, and work with AWS CodeDeploy to automate deployment of a sample application. This lab focuses on automation capability of Terraform, and is designed to make you understand how CodeDeploy works. We will need the required AWS-managed policy ARNs in your AWS accounts to use this lab.
When using infrastructure as code (IaC) on a public cloud provider, it's important to use tags and labels to organize your IaC. Terratag, an open source project developed by env0, can be used with Terraform and placed on top of the GitLab CI/CD platform. This gives users a range of solutions for running CI/CC for Terraform code and managing it on a large scale. All major cloud providers support tagging/labeling for most of their resources using their Terraform provider.
As of Aug 24, Istio 1.9 is no longer supported. This means that your older versions are no longer receiving critical patches and updates. An outage in the ingress gateway will have an immediate impact on your end users. This blog will explain an architecture and process that will help you get your Istio deployment back into compliance and set you up for easier upgrades in the future. The proposed architecture is based on the proposed architecture laid out below, which might save you a number of hours and allow you to catch up safely and more efficiently. It also makes sense that during an upgrade, the existing control plane deployment remain in place.
In this article, we’ll discuss potential pitfalls that we came across when configuring ECS task definitions. We'll also examine some general best practices for working with containers in production. One common source of potential problems is the network configuration in the “run task” API. AWS suggests passing sensitive data to ECS tasks by referencing the secret ARN from AWS Systems Manager Parameter Store or AWS Secrets Manager in the environment variables in the task definition. Don’t define your passwords in plain text as Value:
QuestDB outperformed TimescaleDB for read and write performance. QuestDB is one of the leading time-series databases in the world. Amazon Timestream is a serverless database built from scratch, unlike some other databases based on existing open-source projects. The other day, I came across GridDB and Netflix’s Atlas, which are in-memory databases. Choosing a timeseries database will require you to explore these databases in much more detail. Running time series databases in cloud is easier than ever now with cloud platforms like AWS and Azure.
Software teams are there to solve clients problems, to find ways to use technology to makes clients life easier. The software itself creates a set of problems that we need to solve. In Inviting Disaster [Chi01], James R. Chiles refers to these as “cracks in the system’s” In any system, these cracks trigger because of some human error in any part of the system. The best we can do is to design our systems to react to those failure modes and minimize the damage.
An AWS Lambda function is an example of a microservice which can be part of a serverless architecture. Microservices architecture is very different from monolithic application architecture. Serverless applications are also at risk of OWASP top ten application vulnerabilities because serverless functions such as Lambda still execute code. We’ve also started seeing security challenges that come with the hype. 7 Best Serverless Security Practices are based on the best practices in securing your serverless applications. For a typical traditional application, the only entry point is via exposed APIs so the attack surface is predictable.
The letter “R” of SCRAP defines that software must behave in the same way. The software needs to have a “good reputation” in the environment in which it is working. The more complex the code, the more time it takes to implement it, and the more complex it is. The letter "R" is the letter ‘R’ for Scalability and “resiliency” It is synonymous with “recovery.”
CPU attacks let you consume CPU capacity on a host, container, Kubernetes resource, or service. Even small amounts of CPU can reveal unexpected behaviors on our systems. These behaviors can manifest as poor performance, unresponsiveness, or instability. Gremlin gives you fine-grained control over the attack, including: CPU Capacity, number of cores, and the magnitude of the attack. As with all Gremlin attacks, you can run a CPU attack on multiple systems simultaneously. This is called the blast radius and magnitude.
The GitHub blog published a post unveiling composite actions to reduce duplication. With GitHub actions, it is quite easy to set this up: create a workflow where everything is contained in a single job. The actions/cache works in a standard way:Provide one or multiple folder(s) path to cache. The content to be cached is resolved at the end of the job. Given a key, if a cache is found, the content is restored at the step the action is called. Using the cache actions, the GitHub action grows like this:
Signal became the top downloaded app in January 2021, after WhatsApp, the most popular messaging app in the world, became acquired by Facebook, and announced its sharing of data with its new parent, Signal. Signal’s exploding popularity among messaging apps, has lead many activists to re-open Signal's case. Signal was overlooked due to its underdog status in the tech world, its courting of the open source community, and its colorful founder, Moxie Marlinspike. The US government was (and possibly remains) itself a primary funder of Signal. It is in effect the same CIA misinformation organizations from the 1950s:
If you deliver what is perceived as garbage to the end-user, then you are delivering garbage. Quality is garbage, bug return rates are high, new bug rates are through the roof, test cases are failing, happy scenarios don’t make it past the first gate. Monitoring for quality in your delivery will come down to bug rates (how fast are they coming in) and returning bugs (why is this bug being reopened) If you have someone running QA, they will report on the rest of the test cases passed or fail, good, bad, or ugly of regression.
Authentication and authorization sound similar, but authentication and authorization are two different concepts that need to be separate steps in an access policy. The terms are sometimes used almost interchangeably — or as a portmanteau that suggests they’re the same thing.Authentication is verifying that a user is who they say they are: authorization is giving them permission to access a resource or perform a specific function. The principles will seem familiar, suggested Alex Weinert, director of identity security at Microsoft.
The number of software engineers in the world will almost double in ten years, says Delange. Delange: It seems unrealistic to imagine that the demand for software engineers will be satisfied solely by hiring more workers. We need to standardize the software stack to simplify how we develop software, Delange says. We also need to have more tools to increase productivity and eventually automate software production. The former is a reality today (with tools increase productivity) while the latter will take more than 10 years to produce meaningful results.
A study shows that once there is an involuntary distraction, it takes an average of 23 minutes and 15 seconds to get back to the task. When it happens, you can no longer focus on the task at hand. The psychological need to win the argument hijacks the recipients’ attention hijacks their focus. The impact on productivity is not just for the duration of the meeting, but for the psychological effect on developers’ focus too. Set up a meeting to go over the topic, avoid unnecessary back and forth through email. Politely decline the invites where you feel you are going to neither contribute nor gain anything valuable.
A DevOps engineer has been involved with finding, interviewing, and hiring DevOps engineers for various organizations, both large and small. From that vast ocean of resumes and LinkedIn profiles, a few trends have emerged that I would like to share with you. Certifications don’t matter as much as some people think, it only means they know how to study for a test. Critical thinking is a valuable and hard-to-find skill these days, but there are ways to do it for good reasons.
Merge requests are a fundamental and critical process for software engineers at any seniority level. 100 lines of code is a good cutoff for a large merge request, especially if there are more junior engineers on the team. A sign that MRs could be too large could be a lack of feedback and communication. Merge requests may seem tedious, but they are well worth the effort, especially for the sake of maintaining the codebase. Decide Team Standards for breaking up large MRs. Identify shared logic, document your reasoning, and speak up when an MR has overgrown.
A new generation of technical debt has emerged from SaaS platforms that are creating massive sprawl across the enterprise. Healthcare companies are spending the highest percentage of their budgets on technical debt, with banking and finance close behind. More than two-thirds of IT leaders surveyed agreed that technical debt poses a fundamental limit on their ability to innovate, and 64% said that it will continue to have a major influence on their strategies in the future. By understanding and acting the root causes of the problem, every organization has the power to chip away at the problem.
Applications networking company F5 has announced it’s acquiring Threat Stack, a Boston-based cloud security and compliance startup, for $68 million. Threat Stack specializes in cloud security for applications and provides customers with real-time threat detection for cloud infrastructure and workloads. F5 bought multi-cloud management startup Volterra for $500 million in May. The acquisition, which is expected to close in F5’s first-quarter fiscal year 2022, is subject to closing conditions.
This post will demonstrate how to use eBPF to trace encrypted connections that operate over SSL. BPF can be used to interrupt the execution of a program at virtually any point—much like how one can set a breakpoint in an application using a. debugger. This post is part of our ongoing series sharing how you can use eBf to. debug applications without recompilation or redeployment. The BPF kprobe approach works well for all plain-text traffic, but will not work for encrypted connections.
In this article, we’ll cover linting, unit testing, integration testing, docker build and docker build. We'll also cover a good strategy for managing secrets in Github. You can add secrets to Github and call them in Actions using the get-key-vault-secrets Github Action. We start up a Kind cluster to run our operator against Kubernetes version 184.108.40.206. We’re going to add secrets as environment variables to satisfy this requirement.
Any Kubernetes cluster will work ( minikube, kind, Docker Desktop, on the cloud, whatever...). Deploy the Operator and other components (CRD etc) to test things out. Create a kubexpose resource — which will help you access ngnix Deployment over the Internet. To try out other scenarios such as trying to Deployment and/or Service - the Operator will reconcile or bring things back to the state as specified in the resource. The Operator will also delete the Service and Deployment which were created for this resource.
Multi-stage builds reduce the attack surface, decreasing vulnerabilities. Multistage builds are safer, and it also reduces image size. Container images should be small and contain only components/packages necessary for the containerized workload to work correctly. Docker-compose specification is a developer-focused standard for defining cloud and platform-agnostic container-based applications. It is fully portable, so you can run it locally or in. Azure Container Instances. You can download Kompose to convert docker-composing files to Kubernetes manifests.
Instead of the mechanics of refactoring, Kill It With Fire focuses on how to structure teams tackling modernization projects that have failed previously. Instead of primarily approaching the problem of modernization from a software engineering perspective, Bellotti draws on lessons from Site Reliability Engineering (SRE) and the broader area of software operations work. Human factors are at least as important in decision making as the technical aspects of problems, as well as the human factors involved in decision-making. Kill it With Fire deals always with software as a running system, not a codebase.
Kubernetes has been heavily adopted in many companies as the deployment and application orchestration solution. Most tutorials about Elixir only talk about building a webapp with Phoenix framework. But in the Erlang/Elixir ecosystem, those problems look like they are already solved. This article is the first of a series of articles that will cover how to build an Elixir cluster on Kubernetes. We’ll see how to set up an Elixir/Kubernetes cluster using the language that compiles to Erlang and is run on the BEAM.