DevOps Industry Updates #14

Grab your concentrated cold brew, DevOps Industry Updates #14 is here! As always, I’ve been scouring the internet for the finest DevOps news which I then filter, brew and deliver right to your inbox. In this week’s blend: re:Invent 2020 goes virtual, Microsoft expands Azure into space and if you’re reading this, then DockerHub’s new rate-limits are already in effect. Take a sip, sit back and enjoy the scroll:

🔥 Top Cream

This issue’s top 4 stories:

  1. Docker extends deadline for inactive image purge
  2. Failover Theater and Achieving True Continuous Resilience
  3. Loki 2.0 released
  4. Introducing pvc-autoresizer

🌎 Society

  • Microsoft makes WFH permanent for more employees by Kathleen Hogan: Microsoft is allowing more of its employees to work from home permanently, the company announced. While most Microsoft employees are still working from home during the ongoing pandemic, the software maker has launched an in-house “hybrid workplace” guide to allow for much greater flexibility once US offices finally reopen.

  • Failover Theater and Achieving True Continuous Resilience by Jennifer Riggins: at this year’s virtual ChaosConf, Adrian Cockcroft, vice president of cloud architecture strategy at Amazon Web Services, talked about the dangers of “availability theater” and how to better ground your system’s reliability in reality.

📟 DevOps

  • Docker extends deadline for inactive image purge by Jean-Laurent De Morlhon: previously, DockerHub was going to start purging inactive images on November 1, 2020. That deadline has now been pushed to “mid-2021”. The new rate-limits on Docker pulls for unauthenticated/free users, however, still come into effect November 1st.

  • Loki 2.0 released by Ed Welch: the newly released version 2.0 of Grafana’s Loki log aggregation tool features an improved query language and the ability to generate alerts directly from the logs themselves.

  • Introducing NGINX Service Mesh by Amir Rawdat: NGINX has released a development release of NGINX Service Mesh (NSM), a fully integrated lightweight service mesh that leverages a data plane powered by NGINX Plus to manage container traffic in Kubernetes environments.

🛠️ DevOps Tools

  • Comparing containerization methods: Buildpacks, Jib, and Dockerfile by James Ward: a great deep-dive outlining the pros and cons of different application packaging methods, with a focus on Java apps.

  • Mitmproxy 5.3 by Thomas Kriechbaumer: this release comes with a long list of improvements and bugfixes – 137 commits by 20 contributors, resulting in 72 closed issues and 69 closed PRs. Highlights include Python 3.9 support, a new MsgPack content viewer and more support for HTTP trailers.

  • duo-labs/cloudtracker: CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.

☸️ Kubernetes

  • OPA and Gatekeeper: which one do I use? by Gaurav Chaware: what’s the difference between OPA and Gatekeeper when it comes to Kubernetes admission control? Should I use Gatekeeper instead of OPA? In this blog post, I will clarify the difference between OPA and Gatekeeper. Or, to be precise, how Gatekeeper extends OPA.

  • Introducing pvc-autoresizer by Akihiro Ikezoe: we are excited to announce pvc-autoresizer, which is new, Kubernetes-native, open-source software to provide the ability to expand the size of Persistent Volume Claims (PVCs) on Kubernetes cluster automatically.

  • Werf: CLI for automating Kubernetes-based GitOps by Joab Jackson: a new project from infrastructure service provider Flant, called Werf, promises an easy way to set up GitOps-styled deployment pipelines, where code changes in a git repository trigger the appropriate containers to be rebuilt and pushed into a Kubernetes deployment — all automatically.

  • OpenTelemetry’s First Release Candidates: OpenTelemetry has hit another milestone with the tracing specification reaching release candidate status. The specification includes all tracing related dependencies, including Trace, Baggage, Resource, Context Propagation, Environment Variables and Exporters (for traces).

🔐 Security

  • DevOps’ Role in Fixing Software Vulnerabilities by Gary Stevens: by leveraging the DevOps model to make security part of the corporate culture, software development teams can deliver safe products quickly. The DevSecOps model is one in which security is purposefully implemented at each stage of the software development process, not simply a value-added component.

💻 Programming

🐧 Linux

🚢 Leadership

  • Write Down Your Team’s Unwritten Rules by Liz Fosslien & Mollie West Duffy: the act of making a list is a simple exercise that has positive benefits for new, tenured, and future employees — and allows you to reinforce your culture even when the nature of work changes.

☁️ Cloud


  • re:Invent 2020 is going virtual: this year, re:Invent is available as a free 3-week virtual event starting November 30th. Stream hundreds of sessions with live Q&A by AWS Experts, hear from cloud leaders, and be the first to learn what’s new and next from AWS.

  • Introducing the AWS Load Balancer Controller by Justin Garrison: the ALB Ingress Controller is now the AWS Load Balancer Controller and includes support for both Application Load Balancers and Network Load Balancers. The new controller enables you to simplify operations and save costs by sharing an Application Load Balancer across multiple applications in your Kubernetes cluster, as well as using a Network Load Balancer to target pods running on AWS Fargate.

  • Achieve up to 52% better price/performance with Amazon RDS using new Graviton2 instances

  • Amazon EKS now supports Kubernetes version 1.18: highlights of the Kubernetes 1.18 release include Topology Manager reaching beta status, a new beta of Server-side Apply, and a new IngressClass resource for the Ingress specification which makes it simpler to customize Ingress configuration. Additionally, you can now configure the behavior of horizontal pod autoscaling.

  • Application Load Balancers now support gRPC workloads

  • Announcing SSL/TLS certificates for Amazon EC2 instances: ACM for Nitro Enclaves is an enclave application that allows you to use public and private SSL/TLS certificates with your web applications and servers running on Amazon EC2 instances with AWS Nitro Enclaves. Nitro Enclaves is an EC2 capability that enables creation of isolated compute environments to protect and securely process highly sensitive data, such as SSL/TLS private keys.

  • EC2 Image Builder now supports AMI distribution across AWS accounts: you can now share AMIs built with EC2 Image Builder with AWS accounts in a manner that gives the receiver account all of the permissions to modify the AMI. This removes the need to manually copy AMIs across multiple accounts and AWS regions.

Article version: 1.0.0

Written on November 2, 2020