133: TCP SACK PANIC, Kubernetes 1.15, Red Hat & IBM, Job Identity, UBI, Cognitive Load and More

Your subscription could not be saved. Please try again. Your subscription has been successful. Enter your email SUBSCRIBE

2019 State of Multicloud

A Report on the Underlying Dynamics Fueling Multicloud Strategies. Download Today! SPONSORED

[Webinar] Every commit should have an issue ticket number

Referencing an issue ticket in each commit is a development best practice. It improves code reviews, creates audit trails, and keeps you compliant. Learn how to implement this scalably with CircleCI + Datree.io. SPONSORED

DevOps’ish Last Week’s Top Five

People

The worst morale boosting gesture I’ve experienced — This might be the single dumbest morale booster I’ve ever heard (and I’ve seen some really bad ones).

When Your Job Is Your Identity, Professional Failure Hurts More — “…when you take professional kicks personally you compromise your own ability to recover and see the bigger picture…” Perhaps you are the one doing the kicking and your organization is reacting accordingly.

Top 5 job markets for sysadmins, 7 different ways — ”Looking for work or charting out where you need to be for your career? Here’s a breakdown of where sysadmins are working and getting hired as their role evolves.”

Command Line Heroes — I am in Season 3 of Command Line Heroes! Add it to your favorite podcast player and wait patiently for it to drop on June 25th!

How my distributed team communicates so no context is left behind — If you are on a remote friendly team or manage remote employees this is a REALLY important read.

DevOps’ish Telegram — Join the 300+ DevOps, Kubernetes, SRE, and other technology professionals discussing real-world problems, breaking technology events and outages, and the occasional Spotify playlist. DevOps’ish Code of Conduct applies.

Process

TCP SACK PANIC — Originally discovered by Netflix, these TCP selective acknowledgment vulnerabilities impact Linux and FreeBSD kernels. “Multiple TCP-based remote denial of service vulnerabilities” (four CVEs in total) basically creating a new ping of death. Woohoo! Y’all exhausted from these mega vulns yet? LWN has a great overview.

DevOps’ish Summer 2019 Survey is coming to a close. It’s vital feedback that I will use to pivot, fork, or modify the newsletter, if needed. Therefore it’s important that everyone takes the survey today!

Forget monoliths vs. microservices. Cognitive load is what matters — “Excessive cognitive load works against effective team ownership and supportability of software. Here’s why, and how to approach the problem.” FINALLY! 🤯🤯🤯

3 Strategies for implementing a microservices architecture — Three ways to attack that weighty monolith.

Explaining CVE-2019-10164 + PostgreSQL Security Best Practices — I love how security issues in the PostgreSQL community are solved emphatically by upgrading to the latest version. I know that’s not as cut and dry as it sounds but, think about that recommendation for MySQL or Oracle 😱🙀😱🙀

Understanding Public Key Infrastructure and X.509 Certificates — PKI basics are vital for almost everyone reading this. This will get you some CLI time with openssl.

IBM to win unconditional EU okay for $34 billion Red Hat deal — Coupled with reports that this is the last quarter Red Hat will be reporting earnings, it would appear the end of an independent Red Hat is here. I’m optimistic about what the future brings! Note: both of these articles have been added to the DevOps’ish IBM Red Hat Acquisition Index.

VMware Eyeing Containers — A Wall Street take on the goings on of VMware which is starting to look like a great destination if the future of Kubernetes is something you want to work on.

Cisco and IBM Cloud Announce Hybrid Cloud Partnership — Enterprise vendors; holding hands and skipping through the hybrid clouds together.

Nines are not enough: meaningful metrics for clouds — ”When it comes to SLOs, the interests of the customer and the cloud provider are at odds, and so we end up with SLAs (Service Level Agreements) that tie SLOs to contractual agreements.”

What is DevOps — “DevOps is the professional practice of frequent, continued, and iterative improvements through measurable changes, the goal of which is to become a high-velocity organization thus improving business outcomes.”

Future of CRDs: Structural Schemas — “The core of a structural schema is an OpenAPI v3 schema made out of properties , items , additionalProperties , type , nullable , title , and descriptions . In addition, all types must be non-empty, and in each sub-schema only one of properties , additionalProperties or items may be used.”

The future of how Ansible content is handled — Collections are coming and the Ansible team needs your feedback. Kick the tires and let us know!

Kubernetes 1.15: Extensibility and Continuous Improvement — ”25 enhancements: 2 moving to stable, 13 in beta, and 10 in alpha”

All You Need to Know About Red Hat Universal Base Image — If my social media is any indication, there appears to be significant interest in Universal Base Image (UBI). I’m biased (Red Hat employee; see disclaimer) but, I think it’s pretty slick. I made a very lean and secure container for Alibaba Cloud’s ossutil to use in CI in no time. The trick is using microdnf (free login required).

Introducing Volume Cloning Alpha for Kubernetes — ”This feature allows you to create new volumes using the contents of existing volumes in the user’s namespace using the Kubernetes API.”

Follow logs from multiple K8s Pods in a Deployment, ReplicaSet, etc.

Automating Highly Available Kubernetes and external ETCD cluster setup with terraform and kubeadm on AWS — ”[A] set of terraform and bash scripts which should be sufficient enough for you to literally just run terraform plan/apply to get your HA etcd and k8s cluster up and running without any hassle…” Bold statement.

Faster Docker builds with pipenv, poetry, or pip-tools — If you’re building python containers, these are some great suggestions.

New C5 instance sizes and bare metal instances — More compute for the compute gods.

Introducing time.cloudflare.com — I’m a huge NTP nerd. The fact Cloudflare is offering this service is good. Quality time sources on the internet are drying up. The fact they took the extra step to provide a secure NTP service is good too. But, I would still use the NTP Pool Project.

You can now download the new Open Source Windows Terminal

Getting wildcard SSL certificate in Kubernetes with cert-manager — ”[H]ow to get an SSL certificate with HTTP01 validation and a wildcard certificate with DNS01 validation on AWS”

bashfulrobot/bashfulrobot-ansible — Ansible Repo that utilizes an ansible-pull command to configure my workstations

containerenv/containerenv — shippable linux user environments

DevOps’ish Tweet of the Week

Notes from this week’s issue can be found here.

Sponsor DevOps'ish and put your brand in front of thousands of highly skilled operators, maintainers, developers, and leaders from Amazon, Apple, Google, IBM, Intel, Microsoft, Red Hat, many of the Fortune 100, and beyond. Download the DevOps'ish Sponsorship Prospectus now!

Join the Conversation

Join the DevOps'ish group on Telegram for insight and in-depth discussions about real technical challenges facing real people. Also, join //devopsish for a stream of news and content throughout the week.