DevOps Industry Updates #19

Welcome back! Much like your favorite memestock, the world of DevOps has been moving at breakneck speeds. While the InfoSec community is still realizing the true depths of the SolarWinds hack, a new vulnerability with a different attack vector appears: NAT slipstreaming 2.0. We cover those hot topics and other key developments right here in DevOps Industry Updates - all you need to do is scroll ⬇️

🔥 Top Cream

This issue’s top 5 stories:

  1. The career-changing art of reading the docs
  2. Firecracker: start a VM in less than a second
  3. Scaling Kubernetes to 7,500 Nodes
  4. Federated Kubernetes Clusters Using Amazon EKS and KubeFed
  5. NAT Slipstreaming v2.0

🌎 Society

📟 DevOps

  • JFrog users excluded from DockerHub rate limits: JFrog and Docker have partnered to support unlimited pulls from DockerHub using the JFrog Platform in the cloud. JFrog cloud customers will automatically be excluded from Docker Hub’s image rate limit.

  • Monitoring as Code: What It Is and Why You Need It: monitoring as code is not just automated installation and configuration of agents, plugins, and exporters - it encompasses the entire observability lifecycle, including automated diagnosis, alerting and incident management, and even automated remediation.

🛠️ DevOps Tools

  • pomerium/pomerium: a great alternative to a VPN, Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium also provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in.

  • Firecracker: start a VM in less than a second: it turns out that Firecracker is relatively straightforward to use (or at least as straightforward as anything else that’s for running VMs), the documentation and examples are pretty clear, you definitely don’t need to be a cloud provider to use it, and as advertised, it starts VMs really fast.

  • generalui/s3p: list/copy/sync/compare S3 buckets 5x-50x faster than AWS’s CLI

☸️ Kubernetes

  • Building a Kubernetes CI/CD Pipeline with GitLab and Helm: explains how to assemble the Continuous Delivery (CD) piece of the puzzle to create a CI/CD pipeline to continuously deploy your applications to Kubernetes (EKS) using Helm and AWS’s Load Balancer Controller.

  • Scaling Kubernetes to 7,500 Nodes: “since our last post on Scaling to 2,500 Nodes we’ve continued to grow our infrastructure to meet researcher needs, in the process learning many additional lessons. This post summarizes those lessons so that others in the Kubernetes community can benefit from them, and ends with problems we still face that we’ll be tackling next.”

  • Argo Workflows v3.0: changes include new APIs for Argo Events and a major UI upgrade (20k new lines of code) with many new features.

🔐 Security

💻 Programming

🐧 Linux

  • Five ways to use redirect operators in bash: redirect operators are a basic but essential part of working at the bash command line. See how to safely redirect input and output to make your Linux sysadmin life easier.

  • nq: small utilities that allow creation of very lightweight job queue systems which require no setup, maintenance, supervision, or any long-running processes.

🔩 Hardware

  • The database servers powering Let’s Encrypt: database performance is the single most critical factor in Let’s Encrypt’s ability to scale while meeting service level objectives. In late 2020, we upgraded our database servers and we’ve been very happy with the results.

🚢 Leadership

☁️ Cloud

  • Comparing AWS vs Azure vs GCP: in an effort to help others understand the performance and cost tradeoffs of each cloud and its machines, Cockroach Labs’ 2021 Cloud Report runs over 1,000 microbenchmark tests to evaluate CPU, network, storage, and TPC-C performance.



Article version: 1.0.0

Written on February 4, 2021