Grab your concentrated cold brew, DevOps Industry Updates #14 is here! As always, I’ve been scouring the internet for the finest DevOps news which I then filter, brew and deliver right to your inbox. In this week’s blend: re:Invent 2020 goes virtual, Microsoft expands Azure into space and if you’re reading this, then DockerHub’s new rate-limits are already in effect. Take a sip, sit back and enjoy the scroll:

🔥 Top Cream

This issue’s top 4 stories:

1. Docker extends deadline for inactive image purge
2. Failover Theater and Achieving True Continuous Resilience
3. Loki 2.0 released
4. Introducing pvc-autoresizer

🌎 Society

• Why the PDF Is Secretly the World’s Most Important File Format by Ernie Smith: the story of the PDF, the file format that’s become one of the internet’s defining information tools. It’ll be with us after we’re long gone.

• Microsoft makes WFH permanent for more employees by Kathleen Hogan: Microsoft is allowing more of its employees to work from home permanently, the company announced. While most Microsoft employees are still working from home during the ongoing pandemic, the software maker has launched an in-house “hybrid workplace” guide to allow for much greater flexibility once US offices finally reopen.

• Failover Theater and Achieving True Continuous Resilience by Jennifer Riggins: at this year’s virtual ChaosConf, Adrian Cockcroft, vice president of cloud architecture strategy at Amazon Web Services, talked about the dangers of “availability theater” and how to better ground your system’s reliability in reality.

📟 DevOps

• How to Become Cloud Native - And the Tools to Get You There by Kentaro Wakayama: cloud native technologies help you deliver software products faster while reducing operational IT costs. This article explains how to become cloud native and recommends specific projects you can start using today.

• HashiConf Attendee Resources: did you miss HashiConf? No worries, here are all of the speaker slides in one place.

• Docker extends deadline for inactive image purge by Jean-Laurent De Morlhon: previously, DockerHub was going to start purging inactive images on November 1, 2020. That deadline has now been pushed to “mid-2021”. The new rate-limits on Docker pulls for unauthenticated/free users, however, still come into effect November 1st.

• Loki 2.0 released by Ed Welch: the newly released version 2.0 of Grafana’s Loki log aggregation tool features an improved query language and the ability to generate alerts directly from the logs themselves.

• Announcing Grafana Tempo, a massively scalable distributed tracing system by Joe Elliot: an easy-to-operate, high-scale, and cost-effective distributed tracing system. Tempo is designed to be a robust trace id lookup store whose only dependency is object storage (GCS/S3).

• How a one line change decreased our clone times by 99% by Urvashi Reddy: the Engineering Productivity team at Pinterest came across a small change that had a large impact in reducing build times across pipelines. We found that setting the refspec option during git fetch reduced our cloning step by 99%.

• Introducing NGINX Service Mesh by Amir Rawdat: NGINX has released a development release of NGINX Service Mesh (NSM), a fully integrated lightweight service mesh that leverages a data plane powered by NGINX Plus to manage container traffic in Kubernetes environments.

🛠️ DevOps Tools

• Comparing containerization methods: Buildpacks, Jib, and Dockerfile by James Ward: a great deep-dive outlining the pros and cons of different application packaging methods, with a focus on Java apps.

• Mitmproxy 5.3 by Thomas Kriechbaumer: this release comes with a long list of improvements and bugfixes – 137 commits by 20 contributors, resulting in 72 closed issues and 69 closed PRs. Highlights include Python 3.9 support, a new MsgPack content viewer and more support for HTTP trailers.

• duo-labs/cloudtracker: CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.

☸️ Kubernetes

• OPA and Gatekeeper: which one do I use? by Gaurav Chaware: what’s the difference between OPA and Gatekeeper when it comes to Kubernetes admission control? Should I use Gatekeeper instead of OPA? In this blog post, I will clarify the difference between OPA and Gatekeeper. Or, to be precise, how Gatekeeper extends OPA.

• Introducing pvc-autoresizer by Akihiro Ikezoe: we are excited to announce pvc-autoresizer, which is new, Kubernetes-native, open-source software to provide the ability to expand the size of Persistent Volume Claims (PVCs) on Kubernetes cluster automatically.

• kube-secret-syncer: A Kubernetes operator to sync secrets from AWS Secrets Manager by Yann Hamon: we’re releasing the open source code for Kube-secret-syncer, a Kubernetes operator that syncs secrets from AWS Secrets Manager. This operator improves on existing projects by delivering sophisticated access control, templated fields and caching to reduce costs.

• Werf: CLI for automating Kubernetes-based GitOps by Joab Jackson: a new project from infrastructure service provider Flant, called Werf, promises an easy way to set up GitOps-styled deployment pipelines, where code changes in a git repository trigger the appropriate containers to be rebuilt and pushed into a Kubernetes deployment — all automatically.

• OpenTelemetry’s First Release Candidates: OpenTelemetry has hit another milestone with the tracing specification reaching release candidate status. The specification includes all tracing related dependencies, including Trace, Baggage, Resource, Context Propagation, Environment Variables and Exporters (for traces).

🔐 Security

• DevOps’ Role in Fixing Software Vulnerabilities by Gary Stevens: by leveraging the DevOps model to make security part of the corporate culture, software development teams can deliver safe products quickly. The DevSecOps model is one in which security is purposefully implemented at each stage of the software development process, not simply a value-added component.

💻 Programming

• Falsehoods programmers believe about time zones by Zain Rizvi: I knew trying to manage time is a fool’s errand, but that’s what datetime libraries are for. Surely it can’t be that complicated … right? Wrong.

🐧 Linux

• Linux interface analytics on-demand with iftop by Tyler Carrigan: got network bandwidth? Are you sure? Find out with iftop.

• ~/.bashrc VS ~/.profile VS ~/.bash_profile by Lei Mao: the shell is an executable and it is configured by special shell scripts such as ~/.bashrc, ~/.profile, ~/.bash_profile. In this blog post, I would like to briefly discuss the differences between these scripts.

🚢 Leadership

• Write Down Your Team’s Unwritten Rules by Liz Fosslien & Mollie West Duffy: the act of making a list is a simple exercise that has positive benefits for new, tenured, and future employees — and allows you to reinforce your culture even when the nature of work changes.

☁️ Cloud

• Microsoft partners with SpaceX to connect Azure cloud to Musk’s Starlink satellite internet by Michael Sheetz: the partnership comes as Microsoft expands into the space industry, with the company a few weeks ago unveiling a new service called Azure Orbital to connect satellites directly to the cloud.

AWS

• re:Invent 2020 is going virtual: this year, re:Invent is available as a free 3-week virtual event starting November 30th. Stream hundreds of sessions with live Q&A by AWS Experts, hear from cloud leaders, and be the first to learn what’s new and next from AWS.

• Introducing the AWS Load Balancer Controller by Justin Garrison: the ALB Ingress Controller is now the AWS Load Balancer Controller and includes support for both Application Load Balancers and Network Load Balancers. The new controller enables you to simplify operations and save costs by sharing an Application Load Balancer across multiple applications in your Kubernetes cluster, as well as using a Network Load Balancer to target pods running on AWS Fargate.

• Achieve up to 52% better price/performance with Amazon RDS using new Graviton2 instances

• Amazon EKS now supports Kubernetes version 1.18: highlights of the Kubernetes 1.18 release include Topology Manager reaching beta status, a new beta of Server-side Apply, and a new IngressClass resource for the Ingress specification which makes it simpler to customize Ingress configuration. Additionally, you can now configure the behavior of horizontal pod autoscaling.

• Application Load Balancers now support gRPC workloads

• Announcing SSL/TLS certificates for Amazon EC2 instances: ACM for Nitro Enclaves is an enclave application that allows you to use public and private SSL/TLS certificates with your web applications and servers running on Amazon EC2 instances with AWS Nitro Enclaves. Nitro Enclaves is an EC2 capability that enables creation of isolated compute environments to protect and securely process highly sensitive data, such as SSL/TLS private keys.

• EC2 Image Builder now supports AMI distribution across AWS accounts: you can now share AMIs built with EC2 Image Builder with AWS accounts in a manner that gives the receiver account all of the permissions to modify the AMI. This removes the need to manually copy AMIs across multiple accounts and AWS regions.

Article version: 1.0.0