123: Kubernetes, DevOps Pipelines, Trolls & Corporate Liability, How to Get Into SRE, Hannah Montana Linux, and More

Your subscription could not be saved. Please try again. Your subscription has been successful. Enter your email SUBSCRIBE

I received my first credible death threat from someone over the internet when I was eighteen (I was working for an ISP and had to cancel an account for terms violations). No one knew what to do then. A few years later, I referred a credible threat to the FBI for investigation (Muslim extremists). No one knew what I should do then either. A few months ago, a Twitter troll hounded my personal and several corporate accounts FOR DAYS. Why? I liked a tweet telling the troll people aren’t obligated to talk to them because they released open source software. I liked a tweet and had to watch a troll degrade my team, background, and professionalism. But, corporate policy is don’t feed the trolls, so I didn’t. I know folks that have gotten a lot worse.

One of my coworkers did something awesome behind the scenes and I got credit for it. When I asked my coworker if I could credit them, they asked me not to. They didn’t want “that kind” of attention. That kinda sucked but, I completely understand. I talked to a friend of mine this week that was going through a hard time. They were getting all manner of trolls and “creepy fetish emails” this week. They protected their Twitter account and contacted their superiors as needed. But, at what point is the employer obligated to step in and digitally protect their employee? Sure, physical protection at events is excellent. But, the harassment on the internet this week alone has me thinking that employers do share some responsibility for it. We have these public personas for our jobs. The e-mails come to work addresses. At what point do we need to force Human Resources, Corporate Security, InfoSec, and others to sit at the table and figure this out?

“Doubt kills more dreams than failure ever will.” —Suzy Kassem

Log Management Modernized

With LogDNA’s fast, multi-cloud logging platform, DevOps and Engineering teams can easily and quickly aggregate all system and application logs into one efficient platform.

Whether on-premise, in the cloud, or a hybrid solution, we have you covered. Don’t take our word for it. Try it yourself.

Get started logging in a few minutes with a free trial. SPONSORED

Audiobook: Lean Enterprise

How well does your organization respond to changing market conditions, customer needs, and emerging technologies? This practical guide presents Lean and Agile principles and patterns that enable you to move fast at scale—and demonstrates why and how to apply these methodologies throughout your organization, rather than in just one department or team. Through case studies, you’ll learn how successful enterprises have rethought everything from governance and financial management to systems architecture and organizational culture in the pursuit of radically improved performance. SPONSORED

DevOps’ish Top Five from Last Week

People

How to Get Into SRE — Alice Goldfuss, one of the most brilliant engineers on earth, dives into how to get into Site Reliability Engineering.

The struggle (to innovate) is real. D&I is the answer. — ”Diverse teams are more resilient and higher performing, and diverse organizations are more capable of retaining world-class talent.”

Abby Wambach’s Leadership Lessons: Be the Wolfs — “When one person stands up and demands the ball, the job, the promotion, the paycheck, the microphone, that one gives others permission to do the same.” #GoGators

Analysts get hot under collar as ex-Oracle cloud guru ditches corporate wardrobe for Google — Thomas Kurian talked about, “taking a ‘sympathetic’ approach to legacy tech.”

At Google, women power the rise of Kubernetes — These women are awesome at their craft.

Email chain prompts Microsoft to investigate reports of sexual harassment ignored by HR — 90 pages of emails provoke response from head of HR.

Google’s remote work employee survey — ”There are three key tricks to optimizing a remote workforce.”

Stack Overflow Developer Survey 2019 — Last year 92% of respondents reported as male. This year they kinda buried those stats.

Process

Security Configuration Benchmarks for Kubernetes — ”With dozens or hundreds of different configuration parameters across the system, it’s challenging for Kubernetes administrators to know whether they have set them all up correctly with good security practices in mind. Fortunately, there is guidance available in the form of the Center for Internet Security’s benchmark recommendations.”

How to plan in a world full of unknowns — “What I am saying, however, is that organizations hoping to avoid being disrupted must change how they think about the future.”

A beginner’s guide to building DevOps pipelines with open source tools — If you’re new to DevOps, check out this five-step process for building your first pipeline.

Abuse of hidden well-known directory in HTTPS sites — The attackers use these locations to hide malware and phishing pages from the administrators. The tactic is effective because this directory is already present on most HTTPS sites and is hidden, which increases the life of the malicious/phishing content on the compromised site.

Lessons from 300k+ Lines of Infrastructure Code

Lessons learned porting 50k loc from Java to Go

Crash early and crash often for more reliable software — Code is a liability

Domain-Oriented Observability

Who Contains The Containers? — The same problems exist in Kubernetes that have existed in systems for years. Misconfiguration, unsecured services, and security issues are not going away with cloud native infrastructure.

Google Cloud announces new regions in Seoul and Salt Lake City — I can’t help but think of Book of Mormon when I hear or see Salt Lake City.

How bad can it git? Characterizing secret leakage in public GitHub repositories — I leaked a secret a few weeks ago. Before even thinking about the git history I revoked the key. Done. It happens but this report details some things to help.

PostgreSQL DBaaS Calculator — Nothing beats a good calculator when creating data gravity.

Why improving continuously speeds up delivery — Preach!

Managing sysctl knobs with BPF — ”The sysctl hook is just another example of how the kernel’s API is being transformed by BPF; expect a lot more of these hooks to be added in the future.”

CNCF to Host CRI-O — “As CRI-O is specifically tailored for Kubernetes, it is tuned for performance, stability, compatibility, and adherence to standards, particularly the Kubernetes Conformance tests. CRI-O is a building block of any Kubernetes cluster, and facilitates the life cycle of containers as required by the Kubernetes CRI.”

Using EBS and EFS as Persistent Volume in Kubernetes — ”In this blog we will see how to use EBS or EFS as a persistent volume for our Kubernetes cluster in AWS.”

Yet another reason your docker containers may be slow on EC2: clock_gettime, gettimeofday and… — ”TL;DR: on AWS EC2 M4 instances, calls to System.nanoTime() and System.currentTimeMillis() make system calls, and these system calls are subject to even more overhead when running in Docker due to Docker’s default seccomp profile filters. The new M5 instances no longer make system calls for these time methods, so you can upgrade to newer instances if available in your region and availability zone(s). If you are stuck on 4-series instances, you could switch the clocksource to tsc as Amazon recommends in this tuning FAQ.”

An eBPF overview, part 1: Introduction — ”Interested in learning more about low-level specifics of the eBPF stack? Read on as we take a deep dive, from its VM mechanisms and tools, to running traces on remote, resource-constrained embedded devices.”

Amazon EKS Control Plane Metrics with Prometheus

6 Kubernetes security questions, answered — What should you ask about Kubernetes security strategy? Kubernetes experts weigh in on 6 questions worth examining

Considerations on OpenShift PKIs and Certificates

From zero to Quarkus and Knative: The easy way — ”The superfast startup speed of Quarkus makes it the best candidate for working with Knative and serverless for your Function-as-a-Service (FaaS) projects.”

Linux server needs a RAM upgrade? Check with top, free, vmstat and sar. — htop is dope too.

Highly Available Control Plane with kubeadm 1.14+ — ”Kubernetes 1.14 introduced an ALPHA feature for dynamically adding master nodes to a cluster. This prevents the need to copy certificates and keys among nodes relieving orchestration and complexity in the bootstrapping process.”

Programming Kubernetes — “While Kubernetes has established itself as the industry standard for managing containers and their life cycles, there’s a definite need for good practices on how to write native applications. This practical guide shows application and infrastructure developers, DevOps practitioners, and site reliability engineers how to develop cloud native apps that run on Kubernetes.”

Hannah Montana Linux — One of the best gags ever played on me was when I started on the Technology team at McClatchy Interactive. We had a bunch of meetings and the engineer in charge of laptops, office servers, etc. Said my desk was all set and he slapped a fresh copy of the distro the team used the most on it. “Wow! Thanks, buddy.” I boot it up and it auto logins to Hannah Montana Linux. “What the fuck is this shit?!?” Laughter erupts from every cube within earshot as the damn theme song plays.

NanXiao/perf-little-book: A small book which introduces Linux perf tool.

hiddeco/cronjobber: Cronjobber is a cronjob controller for Kubernetes with support for time zones

kubeedge/kubeedge: Kubernetes Native Edge Computing Framework

metalkube/metalkube-docs: Architecture documentation that describes the components being built under MetalKube.

mvdan/gofumpt: gofmt, the way it should be pronounced

jamiehannaford/what-happens-when-k8s

DevOps’ish Tweet of the Week

|￣￣￣￣￣￣￣￣￣￣￣|

| YOUR IMPOSTER'S |

| SYNDROME IS LYING |

| TO YOU |

| ＿＿＿＿＿＿＿＿＿＿＿|

(\_❀) ||

(•ㅅ•) ||

/ づ — Ali Spittel 🐞 (@ASpittel) April 9, 2019

Notes from this week’s issue can be found here.

Sponsor DevOps'ish and put your brand in front of thousands of highly skilled operators, maintainers, developers, and leaders from Amazon, Apple, Google, IBM, Intel, Microsoft, Red Hat, many of the Fortune 100, and beyond. Download the DevOps'ish Sponsorship Prospectus now!

Join the Conversation

Join the DevOps'ish group on Telegram for insight and in-depth discussions about real technical challenges facing real people. Also, join //devopsish for a stream of news and content throughout the week.