Welcome back! The world echoed a sigh of relief this week as the Suez Canal was finally unblocked, which I can only imagine feels like purging a thousand message queues at once. With that crisis over, we move on to the next - whether it be upgrading to Kubernetes 1.21 (yay pod affinities) or patching your git packages against remote code execution. We have those worries and more - it’s all right here in DevOps Industry Updates #22:

🔥 Top Cream

This issue’s top 5 stories:

1. What’s new in Kubernetes 1.21?
2. Balancing act: the current limits of AWS network load balancers
3. Introducing Amazon S3 Object Lambda
4. The actual OSI model
5. REST vs. GraphQL vs. gRPC

🌎 Society

• Moving from the US to India - My Story: an AWS SA moved from New York to India and wrote a fascinating post on the experience.

• DigitalOcean becomes a public company: DigitalOcean is officially listed on the New York Stock Exchange as a publicly traded company (NYSE: DOCN).

• Things your manager might not know

• What Remote Work Really Does To Your Engineering Productivity

📟 DevOps

• Running Atlantis at Lyft

• Why you should take a look at Nomad before jumping on Kubernetes: overall, Nomad is a pretty great, simple, opinionated and flexible orchestrator.

• A First Glimpse of a Kafka Without ZooKeeper: we call this the Kafka Raft Metadata mode. If you opt to run Kafka using the new quorum controller, all metadata responsibilities previously undertaken by the Kafka controller and ZooKeeper are merged into this one new service, running inside the Kafka cluster itself.

• Migrating Millions of Concurrent Websockets to Envoy: for much of Slack’s history, we’ve used HAProxy as a load balancer for all incoming traffic. Today, we’ll talk about problems we faced with HAProxy, how we solved them with Envoy Proxy, the steps involved in the migration, and what the outcome was.

🛠️ DevOps Tools

• sbstp/kubie: a more powerful alternative to kubectx and kubens

• Great SaaS Demos Enabled by DevOps Tools

• OWASP Docker Security Cheat Sheet

• How to Deal with Difficult People on Software Projects

☸️ Kubernetes

• What’s new in Kubernetes 1.21?: this release brings 50 enhancements, including a new memory manager, pod affinity selector and ReplicaSet downscaling. It also deprecates Pod Security Policies.

• Moving k8s communication to gRPC

• Flux GitOps program becomes a CNCF incubator program: Flux, the Kubernetes-based Continuous Delivery (CD) program, continues to mature.

• Smooth sailing with Kubernetes: learn about Kubernetes and how you can use it for continuous integration and delivery.

🔐 Security

• Hackers are exploiting a F5 vulnerability: F5’s BIG IP appliances have a 9.8 severity vulnerability that is now actively being exploited according to researchers at NCC Group. Have you waited to patch?

• TLS 1.0 and 1.1 are officially deprecated: these versions lack support for current and recommended cryptographic algorithms and mechanisms.

• A new type of supply-chain attack is flourishing: new dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft, and Zillow.

💻 Programming

• Get better at programming by learning how things work: in this blog post, I want to talk about a different way to get better at programming: learning how the systems you’re using work! This is the main way I approach getting better at programming.

• How we found and fixed a rare race condition in our session handling: on March 8, we logged all users out of GitHub.com due to a rare security vulnerability. In this post we will share the technical details of this vulnerability and how it happened, what we did to respond to it, and the steps we are taking to ensure this does not happen again.

🐧 Linux

• Linus Torvalds on where Rust will fit into Linux: slowly but surely the Rust language is making its way into Linux.

• Linux is 30 years old

• The actual OSI model: the OSI model is not some “ideal” model of networking, it is not a “gold standard” or even a “useful reference.” It’s the architecture of a specific network stack that failed to gain significant real-world adoption.

• Why I use exa instead of ls on Linux: exa is a modern-day replacement for the Linux ls command.

🚢 Leadership

• How to Measure Burnout Accurately and Ethically

☁️ Cloud

• How Amazon’s S3 jumpstarted the cloud revolution: Amazon’s first real web service brought us everything from Pinterest to coronavirus vaccines. Fifteen years later, insiders tell Protocol how it grew to store more than 100 trillion objects.

• REST vs. GraphQL vs. gRPC: REST, GraphQL, and gRPC are 3 popular forms of client-server and server-to-server communication. Choosing can be difficult, and this concise guide can help.

AWS

• Balancing act: the current limits of AWS network load balancers: “in our experience anything over 200,000 connections per NLB begins to be a challenge. This is unfortunately substantially below the advertised understanding of what the load balancers can currently do.”

• Amazon EKS reduces control plane creation time for EKS clusters by 40%: enabling you to create a new EKS cluster control plane in 9 minutes or less, on average.

• Introducing Amazon S3 Object Lambda: use your code to process data as it is being retrieved from S3.

• Amazon S3 Glacier Price Reduction: effective March 1, 2021, AWS is lowering the cost for PUT and Lifecycle requests to S3 Glacier by 40%.

• AWS AZs: Not all are Equal

• Red Hat OpenShift Service on AWS Now GA

• Amazon VPC Flow Logs now reflects AWS Service name, Traffic Path and Flow Direction

Article version: 1.0.1