Welcome back! Much like your favorite memestock, the world of DevOps has been moving at breakneck speeds. While the InfoSec community is still realizing the true depths of the SolarWinds hack, a new vulnerability with a different attack vector appears: NAT slipstreaming 2.0. We cover those hot topics and other key developments right here in DevOps Industry Updates - all you need to do is scroll ⬇️

🔥 Top Cream

This issue’s top 5 stories:

1. The career-changing art of reading the docs
2. Firecracker: start a VM in less than a second
3. Scaling Kubernetes to 7,500 Nodes
4. Federated Kubernetes Clusters Using Amazon EKS and KubeFed
5. NAT Slipstreaming v2.0

🌎 Society

• The career-changing art of reading the docs: don’t wait for knowledge to find you through years of inefficient trial and error. Go get it. And the most convenient, comprehensive place to grab it was there in front of you all along.

• Software development topics I’ve changed my mind on after 6 years in the industry

• Whitehouse.gov Chooses WordPress, Again: the all-new Whitehouse.gov debuted and like its predecessor, the site is powered by WordPress - but this version carries many differences and modern out-of-the-box features that we’re glad to see used on a site of this magnitude.

• AWS announces forks of Elasticsearch and Kibana: in order to ensure open source versions of both packages will remain available and well supported, AWS announced they will step up to create and maintain a ALv2-licensed fork of open-source Elasticsearch and Kibana.

• How hard should I push myself?: what the science of stress tells us about peak performance.

📟 DevOps

• JFrog users excluded from DockerHub rate limits: JFrog and Docker have partnered to support unlimited pulls from DockerHub using the JFrog Platform in the cloud. JFrog cloud customers will automatically be excluded from Docker Hub’s image rate limit.

• Monitoring as Code: What It Is and Why You Need It: monitoring as code is not just automated installation and configuration of agents, plugins, and exporters - it encompasses the entire observability lifecycle, including automated diagnosis, alerting and incident management, and even automated remediation.

• Our Journey to PostgreSQL 12: this post walks through the steps Coffee Meets Bagel took to upgrade their PostgreSQL cluster from version 9.6 to 12.4 with less than 30 minutes of cumulative downtime, including some lessons learned along the way.

• Load balancing and its different types

• GitLab is moving to a three-tier product subscription model: Bronze/Starter is being phased out and current customers have a year to transition.

• Announcing Version 2.0 of the Kubernetes and Helm Providers for Terraform: includes a more declarative authentication flow, alignment of resource behaviors and attributes with upstream APIs, normalized wait conditions across several resources, and removes support for Helm v2.

• Postgres Scaling Advice for 2021

• Building Alerts for Observability’s 4 Golden Signals: learn how to build observability as code infrastructure automation using New Relic, Terraform Cloud, and Google’s 4 Golden Signals of SRE.

🛠️ DevOps Tools

• pomerium/pomerium: a great alternative to a VPN, Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium also provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in.

• Firecracker: start a VM in less than a second: it turns out that Firecracker is relatively straightforward to use (or at least as straightforward as anything else that’s for running VMs), the documentation and examples are pretty clear, you definitely don’t need to be a cloud provider to use it, and as advertised, it starts VMs really fast.

• generalui/s3p: list/copy/sync/compare S3 buckets 5x-50x faster than AWS’s CLI

☸️ Kubernetes

• Building a Kubernetes CI/CD Pipeline with GitLab and Helm: explains how to assemble the Continuous Delivery (CD) piece of the puzzle to create a CI/CD pipeline to continuously deploy your applications to Kubernetes (EKS) using Helm and AWS’s Load Balancer Controller.

• Scaling Kubernetes to 7,500 Nodes: “since our last post on Scaling to 2,500 Nodes we’ve continued to grow our infrastructure to meet researcher needs, in the process learning many additional lessons. This post summarizes those lessons so that others in the Kubernetes community can benefit from them, and ends with problems we still face that we’ll be tackling next.”

• Argo Workflows v3.0: changes include new APIs for Argo Events and a major UI upgrade (20k new lines of code) with many new features.

🔐 Security

• NAT Slipstreaming v2.0: ruh-roh: a new attack variant could allow attackers to bypass NATs & Firewalls and reach any unmanaged device within the internal network from the Internet.

• Intentionally leaking AWS keys

💻 Programming

• pip has dropped support for Python 2

• A Tour of Go 1.16’s io/fs package: the upcoming Go 1.16 release has a lot of exciting updates in it, but my most anticipated addition to the Go standard library is the new io/fs and testing/testfs packages.

• Would Rust secure cURL?: is this true? Are the majority of cURL’s security vulnerabilities logic mistakes? This article takes a data-driven approach to answer that question.

• A Framework for Writing Better Documentation

🐧 Linux

• Five ways to use redirect operators in bash: redirect operators are a basic but essential part of working at the bash command line. See how to safely redirect input and output to make your Linux sysadmin life easier.

• nq: small utilities that allow creation of very lightweight job queue systems which require no setup, maintenance, supervision, or any long-running processes.

🔩 Hardware

• The database servers powering Let’s Encrypt: database performance is the single most critical factor in Let’s Encrypt’s ability to scale while meeting service level objectives. In late 2020, we upgraded our database servers and we’ve been very happy with the results.

🚢 Leadership

• Ideal Days vs. Story Points: Which Is Better and Why?: “when will it be done?”If you’ve been working in software development for more than a month, you know this question is a trap. This article explains how to create timelines that stakeholders will accept and won’t lead to unrealistic deadlines for you and your team.

• Understanding the Imposter Syndrome

• Engineering Productivity Can Be Measured - Just Not How You’d Expect

☁️ Cloud

• Comparing AWS vs Azure vs GCP: in an effort to help others understand the performance and cost tradeoffs of each cloud and its machines, Cockroach Labs’ 2021 Cloud Report runs over 1,000 microbenchmark tests to evaluate CPU, network, storage, and TPC-C performance.

AWS

• Amazon MSK now supports the ability to change the size or family of your Apache Kafka brokers

• EOL for Python 2.7 in the AWS SDK and AWS CLI v1

• Federated Kubernetes Clusters Using Amazon EKS and KubeFed: this solution automates the deployment and federation of two Amazon Elastic Kubernetes Service (Amazon EKS) clusters across multiple AWS Regions, configuring highly available, low latency, and easily scalable applications.

• Amazon Elastic File System triples read throughput: no application or configuration changes required!

• AWS S3 Pricing and Cost Optimization Guide

• Amazon EBS announces CloudWatch metrics with 1-minute granularity on all EBS volume types

GCP

• The Dunant subsea cable, connecting the US and mainland Europe, is ready for service: Dunant is the first long-haul subsea cable to feature a 12 fiber pair space-division multiplexing (SDM) design, and will deliver record-breaking capacity of 250 terabits per second (Tbps) across the ocean, enough to transmit the entire digitized Library of Congress three times every second!

Article version: 1.0.0