It’s been a busy couple of weeks in Containerland! The remote edition of KubeCon Europe was a smashing success, AWS released Controllers for Kubernetes, Kubernetes v1.19 is hot off the presses and Docker Hub surprised us with new rate limits for free users. Grab your coffee, issue #9 of DevOps Industry Updates is here:

🔥 Top Cream

This issue’s top 4 stories:

1. Thinking of Skipping Vacation? Don’t!
2. Docker Hub to rate-limit free users
3. Announcing Terraform 0.13
4. Become an Expert At Picking Quality Python Libraries

🌎 Society

• Thinking of Skipping Vacation? Don’t! by Rebecca Zucker: many of us have had our summer vacation plans cancelled due to the pandemic. Whatever your thwarted plans entailed, you might be thinking of skipping a vacation altogether. And given that productivity has been hampered for many of us over the last few months, it’s easy to think, “I should keep working, so I can get more done,” or “What’s the point?”. Don’t give into that thinking!

• The dark side of .io domains by David Meyer: the .io country code top-level domain is pretty popular right now, particularly among tech startups that want to take advantage of the snappy input/output reference and the relative availability of names. But who benefits from the sale of .io domains?

• Hot take on a new AWS region by Colin Percival

📟 DevOps

• Docker Hub to rate-limit free users by Jean-Laurent De Morlhon: effective November 1, 2020, anonymous Docker Hub users will be limited to 100 pulls per 6 hours and authenticated users will get 200 pulls in the same time-span. Users on the free plan will also be exposed to a new image retention policy which purges images after 6 months of inactivity. “We are making this move to optimize operations and make the Docker Hub service even stronger for developers and development teams around the world”, Docker said. Approximately 4.5PB of images are expected to be purged when the new retention policy is enacted.

• Why managing dev environments is a full time job at Eventbrite by Kevin Lin: how do you decide that it’s worth investing in a large change to your development workflow before development has ground to a halt? In this post, we’ll dig into how Eventbrite Principal Engineer Remy DeWolf made this tough decision and how he got buy-in from the rest of the company.

• Announcing Terraform 0.13 by Petros Kolyvas: the 0.13 release of Terraform builds on the powerful language improvements made with 0.12, with a focus on improved usability for module-specific workflows and enhancements to our vibrant and growing provider ecosystem. Features include automatic installation of 3rd-party providers, custom variable validation and terraform login for interacting with Terraform Cloud.

• Introducing Tekton Hub: Tekton Pipelines, a flexible Kubernetes-native CI/CD framework for building application delivery pipelines, reached the beta milestone a few months ago. Tekton Hub provides a central hub for searching and sharing Tekton resources across many distributed Tekton catalogs hosted by various organizations and teams.

🛠️ DevOps Tools

• lambci/docker-lambda by Michael Hart: Docker images and test runners that replicate the live AWS Lambda environment.

• pomerium/pomerium: Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you’d typically reach for a VPN.

• Diagram as Code by MinJae Kwon: Diagrams lets you draw the cloud system architecture in Python code. Diagram as Code allows you to track the architecture diagram changes in any version control system.

☸️ Kubernetes

• What’s New in Kubernetes 1.19? New Features and Updates by Wei Lien Dang: version 1.19 of Kubernetes incorporates a number of changes and enhancements that emphasize the maturity and production readiness of Kubernetes, including several notable feature promotions to general availability (Ingress and seccomp), security enhancements (TLS 1.3 support) and improvements to address technical debt.

• From Zero to Kubernetes Operator by Victor Paulo: this post explains the creation of a simple Kubernetes Operator so that you can understand the main concepts and trade-off of the Operator pattern.

• Gemini: Automate Backups of PersistentVolumes in Kubernetes by Robert Brennan: automate the backup and restoration of PersistentVolumes. Gemini consists of a new CRD (the SnapshotGroup) as well as an operator that creates, deletes, and restores snapshots.

• Introducing Hierarchical Namespaces by Adrian Ludwin: hierarchical namespaces are a new concept developed to address complexities with multi-tenancy. In its simplest form, a hierarchical namespace is a regular Kubernetes namespace that contains a small custom resource that identifies a single, optional, parent namespace. This establishes the concept of ownership across namespaces, not just within them.

• Kubecon Europe: we learned a lot from self-hosting Kubernetes, but we wouldn’t do it again by John Leonard

• Kubecon Europe: GitOps gains momentum among Kubernetes deployment tools by Beth Pariseau: the growing popularity of Kubernetes GitOps tools reflects increasing cloud-native maturity and complexity among enterprise shops such as American Express.

• How the Cortex and Thanos projects collaborate to make scaling Prometheus better for all by Marco Pracucci

🔐 Security

• The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer by Allison Husain: due to missing verification when configuring mail routes, both Gmail’s and any G Suite customer’s strict DMARC/SPF policy may be subverted by using G Suite’s mail routing rules to relay and grant authenticity to fraudulent messages.

• Canon’s cloud platform has lost users’ files – and it CAN’T restore them by Louise Carey: after losing users’ photo & video files, Canon has admitted that it can only restore photos – but not at their original resolution.

💻 Programming

• How Shopify Reduced Storefront Response Times with a Rewrite by Maxime Vaillancourt: in January 2019, we set out to rewrite the critical software that powers all online storefronts on Shopify’s platform to offer the fastest online shopping experience possible, entirely from scratch and without downtime. Here’s how we did it.

• Become an Expert At Picking Quality Python Libraries by Dan Bader: master pip, get to know requirements.txt files, virtual environments and most importantly, learn how to pick quality Python libraries.

🚢 Leadership

• 4 reasons to invest in entry-level cloud talent by Kevin Kelly: how does an industry suddenly create a large number of highly-qualified cloud professionals with 15-plus years of experience? It doesn’t. Instead, businesses need to rethink who they hire and how they train and retain them. Rather than chasing and competing for a limited number of highly-experienced professionals, employers should surround their most experienced employees with highly motivated, entry-level talent with strong foundational cloud skills.

☁️ Cloud

• 10 Obstacles for Lift & Shift Architectures by Andreas Wittig: the cloud is not only about greenfield projects. Over the last few years I have accompanied several enterprises in large migration projects from on-premises to the Amazon Web Services (AWS). This blog post gives an overview of typical obstacles for lift & shift architectures and points out possible solutions.

• Kinesis vs. Kafka by Henadz Varantsou: for the past two years, we’ve used AWS Kinesis as our internal message broker. However, the more we’ve worked with it, the more pitfalls we’ve found. The most promising replacement candidate for us was Kafka and during our investigation, one question arose: whether Kafka is better than Kinesis from a latency/throughput perspective. So, we decided to find out the answer through benchmarks.

AWS

• Introducing the AWS Controllers for Kubernetes (ACK) by Jay Pipes: AWS Controllers for Kubernetes (ACK) is a new tool that lets you directly manage AWS services from Kubernetes. ACK makes it simple to build scalable and highly-available Kubernetes applications that utilize AWS services. This post will give you a brief introduction to the history of the ACK project, show you how ACK works, and how you can start to use the ACK or contribute.

• AWS Graviton2 brings major performance leap to Amazon EKS by Anthony Spadafora: AWS customers can now run containers on EKS more efficiently thanks to Graviton2. The Arm chip designed by AWS provides a number of improvements over its predecessor including two times faster floating point performance per core, optimized instructions for faster machine learning inference, customer hardware acceleration, always-on fully encrypted DDR4 memory and 50 percent faster per core encryption performance for enhanced security.

• Amazon EC2 instance port forwarding with AWS Systems Manager by Sigit Priyanggoro: port forwarding is a useful way to redirect network traffic from one IP address and port number combination to another. In this post, we setup port forwarding to access an EC2 instance located in a private subnet from your workstation, without traversing a NAT gateway or bastion host.

• Quantum computing is now available on AWS through Amazon Braket: Amazon Braket provides a development environment to design quantum algorithms, test them on simulated quantum computers, and run them on different types of quantum computing hardware.

• AWS Lambda now supports custom runtimes on Amazon Linux 2: you can now develop your AWS Lambda functions using custom runtimes on Amazon Linux 2, the latest generation of Amazon Linux.

GCP

• New GKE Dataplane V2 increases security and visibility for containers by Gobind Johar & Varun Marupadi: Google Kubernetes Engine introduces Dataplane V2, an opinionated dataplane that harnesses the power of eBPF and Cilium, an open source project that makes the Linux kernel Kubernetes-aware using eBPF. Now in beta, Dataplane V2 also brings Kubernetes Network Policy logging to GKE.

Article version: 1.0.0