Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

In this edition of VSHN.timer, we dive back into the ever-popular world of Kubernetes, the go-to open-source container orchestration system for seamless software deployment, scaling, and management.

1. Excited for Kubernetes 1.30? Who isn’t! Packed with cutting-edge features to bolster security, simplify pod management, and empower developers, this release takes Kubernetes to new heights. Let’s unpack the highlights of v1.30: Uwubernetes – the cutest release so far! ♥️
   https://kubernetes.io/blog/2024/04/17/kubernetes-v1-30-release
   
   
2. Next, let’s uncover seven lesser-known Kubernetes hacks that even seasoned users might miss out on. These tricks, though niche, can work wonders for those in the know:
   https://overcast.blog/7-mind-blowing-kubernetes-hacks-36037e59bb54
   
   
3. Remember the early Kubernetes days? Developers grappled with complex Dockerfiles outside the cluster, posing skill and compliance hurdles. Enter OpenShift’s BuildConfigs and Source-to-Image, revolutionizing image creation directly from source code within compliance confines. And recently, Red Hat OpenShift announced the general availability of Builds:
   https://www.redhat.com/en/blog/builds-red-hat-openshift-now-generally-available
   
   
4. The ecosystem’s now crafting platforms atop Kubernetes, stitching together GitOps tools, application descriptors, and infrastructure management for custom APIs. But, can we push beyond Kubernetes‘ framework limitations?
   https://youtu.be/7op_r9R0fCo?si=3i0WCGsT_EQ4fYxf
   
   
5. Ever heard of Kubescape? It’s an open-source security platform for Kubernetes, offering risk analysis, compliance checks, and misconfiguration scanning. Tailored for DevSecOps pros and platform engineers, Kubescape boasts an intuitive CLI, flexible output, and automated scanning capabilities:
   https://kubescape.io
   

What are your experiences with Kubernetes? Were you already familiar with the hacks mentioned above? And if so, do you use them? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about Kubernetes here: #4, #8, #11, #14, #16, #19, #23, #37, #46, #49, #59, #64, #74, #82, #97, #99, #102, #109, #118, #126, #142, #146, #163, #187, #211

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Firstly, I would like to thank Adrian for the more than 200 VSHN.timers he has created over the past years. Reading them on Monday evenings after work was always delicious, thank you!
I will try to fill those big shoes and follow in his footsteps.

That said, welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

In today’s digital landscape, system monitoring is indispensable. It ensures uninterrupted access to online services, allowing businesses to swiftly detect and address performance issues, thus averting costly downtime and maintaining an optimal user experience. Given the escalating reliance on cloud-based infrastructure and the complexity of modern IT systems, effective system monitoring is vital for upholding stability, security, and scalability.

1. Let’s delve into the world of server monitoring with OpenObserve (O2), a cloud-native observability platform tailored for logs, metrics, traces, analytics, and Real User Monitoring (RUM). Engineered to operate at petabyte scale, O2 is a comprehensive solution for monitoring diverse aspects of your system.
   https://github.com/openobserve/openobserve
   
2. Explore the latest advancements and community-driven changes of Prometheus, the open-source systems monitoring and alerting toolkit. This insightful video provides a comprehensive overview of recent features, making it an invaluable resource for staying updated on Prometheus.
   https://www.youtube.com/watch?v=lNoFuVScpyg
   
3. Looking for a mix of entertainment and system monitoring insights? Check out NetworkChuck’s amusing guide on setting up Uptime Kuma at home. While the laughs are guaranteed, the knowledge gained is equally valuable.
   https://www.youtube.com/watch?v=DbF96IHOZig
   
4. Glances offers a holistic approach to system monitoring with its open-source, cross-platform tool. From real-time monitoring of CPU, memory, disk, and network usage to support for container management systems like Docker and LXC, Glances is a versatile solution for keeping tabs on your system’s performance.
   https://github.com/nicolargo/glances?tab=readme-ov-file
   
5. Whether you’re a novice or a seasoned veteran in the realm of Database Administration, there’s always room for enhancing your performance monitoring process. Explore these ten enlightening facts about database performance monitoring, and unlock new avenues for efficiency in your DBA role.
   https://www.spotlightcloud.io/blog/10-facts-about-database-performance-monitoring-that-may-surprise-you

What system monitoring tools do you rely on? Which metrics should be reviewed that are regularly omitted? Share your tips and tricks with the community, and join us next week for another edition of VSHN.timer!

PS: check out our previous VSHN.timer editions about Prometheus and Grafana here: #78, #130

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about CVE-2024-3094, the unprecedented computer security scare of the decade that was discovered thanks to the curiosity and grit of a PostgreSQL engineer.

1. Andres Freund, a software engineer working for Microsoft on the PostgreSQL project (and who has now become an unsuspecting hero in computer-literati circles), reported the discovery of compromised tarballs in the xz repository on March 29th, 2024, a date which, paraphrasing Franklin D. Roosevelt, will live in infamy.

https://www.openwall.com/lists/oss-security/2024/03/29/4

2. Over a period of over two years, an attacker using the name „Jia Tan“ worked as a diligent, effective contributor to the xz compression library, eventually being granted commit access and maintainership. Using that access, they installed a very subtle, carefully hidden backdoor into liblzma. The attack appears to be the first serious (known) supply chain attack on widely used open source software. It marks a watershed moment in open source supply chain security, for better or worse. This timeline provides a complete history of the attack in chronological order.

https://research.swtch.com/xz-timeline

3. Who is „Jia Tan“? The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code. Andy Greenberg and Matt Burgess lead the investigation in this Wired article.

https://www.wired.com/story/jia-tan-xz-backdoor/

4. The timing of the attack was carefully selected; among the affected Linux distributions, two of them (and, needless to say, among the most popular!) had scheduled major releases later this month: Fedora 40 and Ubuntu 24.04 LTS. Both Red Hat and Canonical have issued corresponding notifications to their users, and it is strongly recommended to stop using the preview versions of both operating systems until further notice.

https://linuxiac.com/ubuntu-24-04-lts-beta-release-postponed-due-to-security-concerns/

5. The VSHN.timer project of the week is amlweems/xzbot, featuring an exploration of the xz backdoor including: a honeypot; an ed448 patch to use our own ED448 public key; the explanation of the backdoor format; and a backdoor demo.

https://github.com/amlweems/xzbot

Were you affected in any way by this backdoor? Are you assessing the risks brought by your platforms‘ software supply chains? Would you like to share some security tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

As a personal note, I’d like to announce this will be the last VSHN.timer with my signature, and for that reason I wanted to thank you for your support, fidelity, and kind words during all these years. It was my privilege to keep you updated on all things Cloud Native and Kubernetes every week. All the best and see you around! 🙂

PS: check out our previous VSHN.timer editions about security: #8, #17, #22, #27, #32, #44, #54, #62, #76, #84, #93, #106, #117, #128, #142, #145, #164, #169, #182, and #203.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to highlight some outstanding recordings of talks presented last week at KubeCon + CloudNativeCon Europe 2024.

1. Artificial Intelligence: generative AI and LLMs get lots of attention lately, but many are still figuring out how to most effectively use them in Cloud Native platforms. This video explains how to deploy AI models on Kubernetes with tools such as the Kubernetes toolchain operator KAITO, to simplify training and inferencing for LLMs.

https://www.youtube.com/watch?v=r7qd0ZHt4uE

2. Maintenance: validating cluster add-on upgrades securely and confidently across a Kubernetes fleet of clusters poses a significant challenge for platform teams. This session demonstrates advanced techniques for both validating and deploying these upgrades, with a focus on securing infrastructure and streamlining operational workflows using ephemeral virtual clusters or „vClusters„.

https://www.youtube.com/watch?v=odnZTPltaQc

3. Security: this talk is an exploration into Yahoo’s year-long integration journey of Sigstore, enhancing Supply Chain Security through verifiable „certificates of origin“ for artifacts. Despite the challenges of scaling Sigstore in a high-traffic environment, the Paranoids (Yahoo’s information security organization) successfully secured around 60,000 daily builds, spanning 700 clusters and 100,000 pods.

https://www.youtube.com/watch?v=Tp-t_7ccW0Y

4. Storage: this talk is an introduction to Rook, an open source cloud-native storage operator for Kubernetes. The panel will discuss various scenarios to show how Rook configures Ceph to provide stable block, shared file system, and object storage for your production data. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.

https://www.youtube.com/watch?v=bL5Ay28KPOI

5. Culture: in today’s dynamic digital landscape, the reliability and resilience of complex systems are critical for delivering seamless user experiences. Chaos Engineering has emerged as a powerful discipline for proactively identifying and mitigating potential system weaknesses. This talk delves into the synergy between Chaos and Platform Engineering, presenting a paradigm shift in how organizations can enhance their platform engineering practices by leveraging chaos-first principles.

https://www.youtube.com/watch?v=WUXFKxgZRsk

BONUS 6. Playlist: would you like to keep watching KubeCon + CloudNativeCon Europe 2024 videos? Get your popcorn ready and click on the playlist link.

https://www.youtube.com/playlist?list=PLj6h78yzYM2N8nw1YcqqKveySH6_0VnI0

Did you attend KubeCon + CloudNativeCon last week? What was your favorite talk? Would you like to share some KubeCon + CloudNativeCon gossip with our audience? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about conferences: #19, #20, #56, #57, #90, #91, #170, #179, #180, and #183.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about those architectural decisions that can make or break your Cloud Native service.

1. Long considered the de facto approach to application architecture for cloud native services, microservices is starting to be refactored by cloud giants such as Amazon and Google. Maybe we are doing microservices all wrong?

https://thenewstack.io/year-in-review-was-2023-a-turning-point-for-microservices/

2. SQLite is often misconceived as a „toy database“ because its default configuration is optimized for embedded use cases, meaning poor performances and the dreaded SQLITE_BUSY error. But what if Sylvain Kerkour convinced you that by tuning a few knobs, you can configure SQLite to reach ~8,300 writes/s and ~168,000 read/s concurrently, with 0 errors, on a ~€40/m commodity virtual server with 4 vCPUs?

https://kerkour.com/sqlite-for-servers

3. Every so often someone needs to create a more or less permanent internal identifier for their users‘ accounts. Then they look at how authentication systems like OIDC return email addresses and decide that they’ll use the email address as the account’s permanent internal identification. As the famous saying goes, now you have two problems.

https://utcc.utoronto.ca/~cks/space/blog/tech/EmailAddressesBadPermanentIDs

4. SIDN manages all internet names that end in .NL. Their job is to properly manage those 6 million domain names, and technically speaking, keeping the .NL names in the air is the core competency of the organization, and also determines its future. In short, if .NL is not capable of managing .NL, that is like a restaurant buying its meals from a delivery service.

https://berthub.eu/articles/posts/your-tech-my-tech/

5. The intent of the Cloud Native Maturity Model is to help you move from inception through to full adoption of cloud native technologies using the CNCF landscape to achieve the full benefits of running scalable applications in modern, dynamic environments in public and hybrid clouds.

https://maturitymodel.cncf.io/

Are you applying the Cloud Native Maturity Model on your architecture? Are you using emails as user account identifiers? Would you like to share some architectural tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about architecture: #25, #34, #60, #79, #143, and #201.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to point out specific cases of Cloud Native and DevOps workers trying to keep systems up and running while their companies are stumbling.

1. How do companies die? Very slowly, almost imperceptibly, and then all of a sudden. Take for example the case of Airplane: Benjamin Yolken worked there for nearly two years, but earlier this year, they announced the company was being acquired by Airtable and that it would be shut down. In this blog post, Benjamin explains what happened from his perspective as a former employee. Spoiler alert: it ain’t pretty.

https://yolken.net/blog/end-of-airplanedev

2. Some organizations mutate from engineering-friendly organizations into standard faceless corporations in the brink of an eye. Justin Garrison left Amazon recently, and he describes in detail the internal struggles felt by engineers inside the organization. He calls it a „Silent Sacking“, and it is as violent as it sounds.

https://justingarrison.com/blog/2023-12-30-amazons-silent-sacking/

3. Yorick Peterse, software developer from The Netherlands, worked at GitLab from 2015 to 2021, and recently wrote about his experience on his blog. There are a lot of interesting details about GitLab (the company) in there, from purely technical ones (architecture, Ruby on Rails) to organizational tidbits (product management, staffing) with broad applicability.

https://yorickpeterse.com/articles/what-it-was-like-working-for-gitlab/

4. Anton Zhiyanov claims he’s stupid, but we don’t believe him. We actually think he’s smart enough to make simple systems, with stable programming languages and libraries, and applying well-known architectures. Anton: even if you think you won’t impress a Google engineer, don’t worry: not only we’re impressed, we also follow your steps.

https://antonz.org/stupid/

5. We know it’s hard, and we want you to take a step back and breathe. Look at the dot in this page and breathe for just one minute, to improve your mental focus before your next task.

https://oneminutefocus.com/

How are you feeling lately? Do you feel threatened by your employer or its specific market conditions? Would you like to share some stories with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about PeopleOps: #7, #13, #15, #26, #35, #41, #52, #63, #85, #92, #116, #131, #154, #175, and #210.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about what’s going on in the world of the industry’s preferred database engine: PostgreSQL.

By the way, did you know that VSHN AppCat, now also available on APPUiO Managed clusters, enables your team to deploy PostgreSQL deployments with just ten lines of YAML?

1. Jonathan Katz, an active member of the PostgreSQL community, recently took a look at the current state and evolution of the project from different perspectives: availability, performance, and developer features, and concludes that „PostgreSQL is in a good place. It remains popular, and its reputation for reliability, robustness, and performance remain sound.“

https://jkatz05.com/post/postgres/postgresql-2024/

2. ZITADEL Cloud recently made a notable shift in its database choice by moving from CockroachDB to PostgreSQL. This operational change was influenced by several factors explained in this blog post, ranging from data residency to improved latency and efficiency.

https://zitadel.com/blog/move-to-postgresql

3. We recently learned about a high-risk vulnerability in PostgreSQL allows attackers to inject arbitrary SQL commands. This is known as CVE-2024-0985 and allows unprivileged users to foist SQL code, which is then executed with as superusers during a refresh command. (Article in German.)

https://www.heise.de/news/PostgreSQL-laesst-sich-beliebiges-SQL-unterjubeln-9625343.html

4. Which one would you choose: PostgreSQL or MySQL? This webinar dives into the differences between these two database engines, and what those differences mean from a performance, operability, and community engagement perspective. (Requires free registration.)

https://www.brighttalk.com/webcast/6793/591340

5. The VSHN.timer project of the week is Omnigres, enabling PostgreSQL as a developer-first application platform: deploy a single database instance, and host your entire application, scaling as needed.

https://github.com/omnigres/omnigres

BONUS: 6. If you write Cloud Native apps with JavaScript or TypeScript, you will surely love Postgres.js: its developers claim it is the fastest full-featured PostgreSQL client for Node.js, Deno, Bun, and CloudFlare.

https://github.com/porsager/postgres

How many instances of PostgreSQL are you running in production? Are you considering other options such as MySQL or CockroachDB? Would you like to share some PostgreSQL tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about databases and storage: #111, #115, #138, #155, #158, and #199.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week, darling, we’ve got to let you know, if you should Rust or you should Go.

1. Let’s start with a clash. Sylvain Kerkour, author of the successful Black Hat Rust book, argues that if you Go, there will be trouble, and if you Rust, it will be double. We know that this indecision is bugging you.

https://kerkour.com/should-i-rust-or-should-i-go

2. The Rust team announced the availability of Rust 1.76.0 earlier this month. This release is relatively minor, with ABI compatibility updates for function pointers, a new mechanism to get descriptive names from type references, and some stabilized APIs. It’s always tease, tease, tease.

https://blog.rust-lang.org/2024/02/08/Rust-1.76.0.html

3. Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter. It’s fast (really fast, thanks to GPU rendering!), open source… and it’s written in Rust. For the moment, only available for macOS, because one day it’s fine, and next it’s black.

https://zed.dev/

4. UV is an extremely fast Python package installer and resolver, and (guess what) it’s written in Rust. Designed as a drop-in replacement for pip and pip-compile, and 10 to 100 times faster! It’s been tested with the top 10,000 PyPI packages, because otherwise, you’ll be here till the end of time.

https://github.com/astral-sh/uv

5. rustic is a backup tool that provides fast, encrypted, deduplicated backups. It reads and writes to standards restic repositories, and can be used as a restic replacement in most cases. And it’s written in Rust! If you don’t want backups, well, we’re not happy when you’re on your knees.

https://rustic.cli.rs/

Do you Rust or do you Go? Exactly whom are we supposed to be? Would you like to share some Rust tips and tricks with our readers, or do you want us off your back? So come on and let us know, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about programming: #18, #30, #33, #47, #50, #60, #77, #88, #101, #103, #122, #137, #160, #174, and #198.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the latest news in the world of GitLab, GitHub, Gitea, Forgejo, and anything else remotely related to Git.

1. Our founder Tobias Brunner has written a post about the new Gitea Actions on his blog, with useful information about setting up runners, configuring instances, and in particular, how to build container images with it. Check it out!

https://tobru.ch/gitea-actions-container-builds/

2. Last month, GitLab released new versions of its flagship software, addressing critical security updates. Have you upgraded your instances yet?

https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

3. Yorick Peterse, a software developer from the Netherlands, wrote an interesting account of his time at GitLab, structured into two main sections: an overview of his time at GitLab, and a collection of things he learned as a result of this experience.

https://yorickpeterse.com/articles/what-it-was-like-working-for-gitlab/

4. GitHub uses MySQL to store vast amounts of relational data. This is the story of how the GitHub team seamlessly upgraded their production fleet to MySQL 8.0.

https://github.blog/2023-12-07-upgrading-github-com-to-mysql-8-0/

5. The GitHub team is hard at work making it ready for IPv6, which has caused performance degradations recently. But they’re not ready yet, at least at the time of this writing.

https://isgithubipv6.live/

Are you eagerly waiting for IPv6 support in GitHub? Are you already using Gitea or Forgejo in production? Would you like to share some Git tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about Git, GitOps, GitHub, GitLab, and Gitea: #10, #48, #68, #83, #98, #119, #139, #150, #173, and #196.

PS²: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about some useful new tools we’ve been spotting and discovering lately.

1. Despite what Microsoft would make us believe, Visual Studio Code is not the only game in town. Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter. It’s also open source!

https://zed.dev/

2. DevDocs combines multiple API documentations (frameworks, programming languages, DevOps tools…) in a fast, organized, and searchable interface. Think Zeal or Dash, but on the web.

https://devdocs.io/

3. More tooling for better documentation: Penrose is a platform that enables people to create beautiful diagrams just by typing notation in plain text. Although at VSHN we’re big fans of Kroki for that.

https://penrose.cs.cmu.edu/

4. How do you document your database schemas? dbdocs creates web-based database documentation using DSL code, and dbdiagram helps you draw ER diagrams by just writing code.

https://dbdocs.io/

5. Domain Digger and dns.toys have proven extremely helpful in diagnosing those pesky DNS configuration errors that plague our lives.

https://www.dns.toys/

6. BONUS: Quickemu quickly creates and runs highly optimised desktop virtual machines for Linux, macOS and Windows… with just two commands!

https://github.com/quickemu-project/quickemu

How do you document your code and infrastructure? Do you apply the mantra of „Documentation as Code“? Would you like to share some other noteworthy products with our audience? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about products: #114, #134, #167, and #192.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about how OpenTofu and Crossplane are redefining the landscape of Infrastructure as Code.

1. After four months of work since its official announcement, the first stable version of OpenTofu was released a few days ago and is ready for production! In case you had not heard about it, OpenTofu is a community-driven, open-source, drop-in replacement fork of Terraform, and a Linux Foundation project.

https://opentofu.org/blog/opentofu-is-going-ga/

2. On the other side spectrum, Crossplane is steadily imposing itself as the definitive Cloud Native solution for IaC. In VSHN we’re proud to be an active member of the Crossplane community, and our CTO and Founder Tobias Brunner even spoke at the last Control Plane Day. We’ve been using Crossplane in production for a while now, for example in our AppCat product.

https://www.crossplane.io/community

3. Did you know that Crossplane recently celebrated 5 years? And did you know that in that time, the project got 85 releases, and more than 8300 stargazers, 1800 contributors, 86000 contributions, and 10300 Slack members? Here’s our best wishes to this project and its community!

https://blog.crossplane.io/crossplane-at-5-years-past-present-and-future-of-building-control-planes/

4. Upbound recently announced a practical application of Crossplane’s capabilities through a new reference implementation for Cloud Native Operational Excellence (CNOE). This example demonstrates how Crossplane serves as a valuable starting point for organizations navigating the complexities of cloud-native development.

https://blog.upbound.io/upbound-announces-new-crossplane-reference-implementation-for-cnoe

5. We recently talked about Kubernetes 1.29 in VSHN.timer, and in this blog post, the Crossplane team highlights a few key important updates for the Crossplane community, like the CRD Validation Expression Language, the validating admission policy, and more.

https://blog.crossplane.io/kubernetes-highlights-for-the-crossplane-community-k8s-1-29/

Have you migrated to OpenTofu or are you still using Terraform? Are you using Crossplane in production? Would you like to share some OpenTofu or Crossplane tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about Terraform, OpenTofu, and Crossplane: #65, #82, #127, and #189.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the love we owe to Firefox and all the products and projects in the Open Source world.

But before that: you are invited to a free online event next week on LinkedIn, where we’ll explore best practices, industry insights, and practical tips to ensure your containerized applications run smoothly without breaking the bank.

1. Firefox deserves more love. We agree with Roy Tanck when he says that if there’s one tech New Year’s resolution to uphold, it’s switching to the only remaining ethical web browser, Firefox. Not only because our poor preferred browser is on the brink of extinction, but also because it’s actually excellent.

https://roytanck.com/2023/12/23/in-2024-please-switch-to-firefox/

2. What moments marked 2023 in the world of technology? Bram Molenaar passed away; companies are leaving the cloud behind; Log 4j and OpenWrt both celebrated their 20th anniversary; it’s been 30 years since Windows NT; and a lot more happened in the Open Source world.

https://linuxiac.com/2023s-moments-that-marked-the-open-source-world/

3. Bruce Perens, one of the founders of the Open Source movement, is ready for what comes next: the Post-Open Source movement. He says there are several pressing problems that the open source community needs to address.

https://news.slashdot.org/story/23/12/27/2126224/what-comes-after-open-source-bruce-perens-is-working-on-it

4. On December 29th, a package titled everything was published to the JavaScript & TypeScript NPM registry… designed to install all other public packages in the registry. Apparently, a prank went wrong. Oops.

https://www.scmagazine.com/news/npm-registry-prank-leaves-developers-unable-to-unpublish-packages

5. FrankenPHP is a modern application server for PHP built on top of our beloved Caddy web server. It gives superpowers to your PHP apps thanks to its stunning features: worker mode, real-time capabilities, automatic HTTPS, HTTP/2, and HTTP/3 support… It even has the ability to embed the source code and assets of PHP applications in a static, self-contained binary.

https://frankenphp.dev/

Are you more of a Firefox or a Chrome kind of person? Did you find the NPM prank funny? Would you like to share some Open Source experiences with our audience? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about Open Source: #152, #170, #191, and #194.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about some noteworthy DevOps tools we’ve recently come across.

1. Are you a BorgBackup user? Then check BorgWarehouse out: it’s a fast and modern WebUI for a BorgBackup’s central repository server.

https://borgwarehouse.com/

2. PipeCD is a GitOps style continuous delivery platform that provides consistent deployment and operations experience for any application.

https://pipecd.dev/

3. 🧐 Monokle streamlines the process of creating, analyzing, and deploying Kubernetes configurations by providing a unified visual tool for authoring YAML manifests, validating policies, and managing live clusters.

https://monokle.io/

4. Great news! After four months of work, the first stable release of OpenTofu, a community-driven open source fork of Terraform, has just been released.

https://opentofu.org/blog/opentofu-is-going-ga/

5. This Dockerfile is a fullstack server that includes a backend, a database and a UI, all in a single file starting with a shebang. Let me repeat: a Dockerfile with a shebang. What? Yup, what you just heard.

https://gist.github.com/adtac/595b5823ef73b329167b815757bbce9f

Do you shebang your Dockerfiles? Do you back your YAML up? Would you like to share any DevOps tips and tricks with our audience? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about DevOps: #5, #13, #29, #31, #42, #110, #133, #153, #165, and #188.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the many intricacies and possible successful outcomes of running a business.

1. Taylor Malmsheimer, Head of Strategy at Section (online learning service founded by Prof. Scott Galloway) recently compiled the 10 most important lessons they learned during a rocky 2023. First and foremost: quality of thought is what matters. Second: resist the temptation to say „this is how we do things.“

https://www.sectionschool.com/blog/10-lessons-from-running-a-startup-in-2023

2. Natalie Jacot, Owner & CEO of OHNI, shared on LinkedIn 10 things she learned running her company: First: the market is not oversaturated, but your supply is either poor or the demand is too small. Second: there is no such thing as too high a price, just too little value.

https://www.linkedin.com/posts/natalie-jacot-ohni_was-ich-die-letzten-4-jahre-als-ceo-gelernt-activity-7148027343855394816-IO3S/

3. Gergely Orosz has reported about a change in Section 174 of the US tax law that is apparently making bootstrapped software businesses completely unsustainable. His article also tells an interesting fact about Swiss-based companies, probably explaining the leadership of Switzerland in innovation.

https://blog.pragmaticengineer.com/section-174/

4. Right before Christmas we learned about our friends at Isovalent being acquired by Cisco! This is a great achievement, and we couldn’t be prouder to be early and enthusiastic adopters of their Cilium technology.

https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m12/cisco-to-acquire-isovalent-to-define-the-future-of-multicloud-networking-and-security.html

5. Steph Ango, CEO of Obsidian, thinks that optimism is hard because it must be constantly reaffirmed. In the face of a hostile, cynical world, it takes effort to show that positivity has merit.

https://stephango.com/optimism

Are you optimist about 2024? What do you think is the key element that makes Switzerland so innovative? Would you like to share some business insight with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about business: #15, #26, #35, #41, #70, #112, #141, #159, #176, and #181.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the latest release of Kubernetes and more news about our preferred container orchestrator ever.

1. Kubernetes v1.29, codenamed „Mandala“ (The Universe) is the last release of 2023 and consists of 49 enhancements! This release is inspired by the beautiful art form that is Mandala—a symbol of the universe in its perfection, reflecting the community’s interconnectedness.

https://kubernetes.io/blog/2023/12/13/kubernetes-v1-29-release/

2. If you’ve been working with Kubernetes, you’re likely familiar with the Ingress API, which has been the go-to solution for managing external access to services. ingress2gateway is a tool that can help you migrate from Ingress to Gateway API, recently graduated to GA.

https://kubernetes.io/blog/2023/10/25/introducing-ingress2gateway/

3. Tiffany Jernigan and Jérôme Petazzoni share in this Cloud Native Rejekts 2023 presentation 7 tricks (well, actually 19!) to improve your productivity and reduce your frustration with Kubernetes, ranging from running a local cluster, grepping JSON from kubectl, to connecting to services in other namespaces.

https://docs.google.com/presentation/d/1USQxt8ZaSSAZm6sKxXSjVAK6nPremThsavVOPOTZZXw/mobilepresent#slide=id.g22db6ec59cb_0_5

4. In the rapidly evolving field of container orchestration, Kubernetes reigns supreme. This post by Christian Haller from our friends at Puzzle explores Kubermatic, a potential alternative to other Kubernetes distributions.

https://www.puzzle.ch/de/blog/articles/2023/12/14/evaluating-kubermatic-as-a-kubernetes-distribution

5. Still a work in progress, kube-bind is a prototype project that aims to provide better support for service providers and consumers that reside in distinct Kubernetes clusters.

https://github.com/kube-bind/kube-bind

BONUS: There are still some Super Early Bird tickets for the Kubernetes Community Days Zürich 2024 available! Get yours now with a fantastic discount. Be quick!

https://tickets.kcdzurich.ch/

Are you migrating your clusters to Kubernetes v1.29 soon? What’s your preferred new feature? Would you like to share some Kubernetes tips and tricks with our readers? Get in touch with us, and see you next year for the first edition of VSHN.timer of 2024.

PS: check out our previous VSHN.timer editions about Kubernetes: #4, #8, #11, #14, #16, #19, #23, #37, #46, #49, #59, #64, #74, #82, #97, #99, #102, #109, #118, #126, #142, #146, #163, and #187.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about how businesses are trying to lure their employees back to the office.

1. An experiment in Return-to-Office (RTO) policies has ended. Expensify is shutting down its bar after six months of operation. The company’s focus will now switch to its „next bold RTO experiment“ involving food carts, live entertainment, and a beer concession. Party time!

https://sfist.com/2023/10/27/downtown-tech-office-shuts-down-its-free-cocktail-bar-for-employees-ceo-says-the-office-is-dead/

2. Benji Weber thinks that forcing RTO on teams with cultures that benefit from remote work will cause more harm than good, particularly for those people with long commutes, or working in noisy and cramped offices. Instead, managers should help teams craft their best environment. Do you agree?

https://benjiweber.co.uk/blog/2023/11/12/tragedy-of-return-to-hostile-offices/

3. Some organizations are so dysfunctional and dystopic that an employee can save them half a million dollars in about five minutes… just by clicking about five buttons. This is the story about why this happened and why it’s a disgrace that it was even possible.

https://ludic.mataroa.blog/blog/i-accidentally-saved-half-a-million-dollars/

4. According to the Hans Böckler Foundation, 75% of employees who switched to working from home during the pandemic want to keep that benefit. Home office and mobile work challenging for companies. How can they strike a balance between employee satisfaction and collaboration? (Article in German)

https://versus-online-magazine.com/de/artikel/teufelskreis-homeoffice/

5. During the past month, many wrote about their experience working for Google. What is it like? Here are the tales by one of the Socratic founders, by Dan Angell, and by Hixie who left after 18 years. Spoiler alert: Google is a complex corporation, and not all that glitters is gold.

https://danangell.com/blog/posts/i-skipped-to-the-ending/

Are you working in a WFH-friendly organization? How often do you go back to the office? Would you like to share your RTO tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about PeopleOps: #7, #13, #15, #26, #35, #41, #52, #63, #85, #92, #116, #131, #154, and #175.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the various ways life teaches us lessons through mistakes, failures, bugs, and other ignominies.

1. Astrofuturist, Engineer, and Entrepreneur, Chris Lewicki once almost single-handedly destroyed a 500 million USD Mars rover… but went on to become Flight Director of the Spirit and Opportunity missions.

https://www.chrislewicki.com/articles/failurestory

2. During an on-call rotation of their internal tools team, the Gusto team got a report that their application was crashing when used in the Chrome browser. You’ll never guess what caused this issue.

https://engineering.gusto.com/the-weirdest-bug-ive-seen-yet/

3. Lots has been written about the contrast between working for a FAANG or a small startup. Daniel Angell discovered the ups and downs of both places and tells his story.

https://danangell.com/blog/posts/i-skipped-to-the-ending/

4. Firefox is switching from Mercurial to Git, and one engineer had more to do with that switch than anyone else. Here is their story.

https://glandium.org/blog/?p=4346

5. If your talk proposal for KubeCon + CloudNativeCon was turned down, no worries; send it to Cloud Native Rejekts and teach the community about your discovery and projects anyway.

https://cloud-native.rejekts.io/

Have you had your talk suggestion for KubeCon been rejected? What was the worst bug you’ve ever shipped to production? Would you like to share your engineering horror stories with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about education: #21, #38, #67, #99, #120, #140, and #172.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about advanced container scenarios pushing the limits of Cloud Native technology.

1. When running Go in containers, it’s important to set CPU limits. It’s also important to ensure that the Go runtime is aware of these limits by setting a sensible GOMAXPROCS value, or to use a library like automaxprocs. River Phillips explains in detail what happens when you don’t.

https://www.riverphillips.dev/blog/go-cfs/

2. Did you know that Gitea Actions are almost fully compatible with GitHub Actions? And that Gitea also offers an integrated OCI compliant container registry? Our CTO Tobias Brunner explains how to use Gitea Actions to build and store containers.

https://tobru.ch/gitea-actions-container-builds/

3. Are you using Ruby on Rails? In that case, you might have noticed that since version 7.1 the rails new command generates a Dockerfile for your project, ready for production use. This Dockerfile is not intended for development; use Docked Rails for that!

https://www.infoworld.com/article/3706871/ruby-on-rails-extends-docker-support.html

4. K2D is a Kubernetes to Docker translator, created to solve a very specific problem: to enable the use of Kubernetes primitives on resource-constrained compute devices used in industrial IoT use cases.

https://k2d.io/

5. The VSHN.timer tool of the week is Docker-Hub-frolvlad/docker-alpine-glibc, a container image based on Alpine but with glibc built-in instead of musl. Useful if you are not interested in using debian-slim or other similar lightweight images as a base.

https://github.com/Docker-Hub-frolvlad/docker-alpine-glibc

Are you more of a musl or a glibc kind of DevOps engineer? How do you optimize your containers for your chosen programming language? Would you like to share some container tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about containers: #12, #17, #40, #51, #54, #71, #81, #108, #124, #144, #151, #166, and #186.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the latest release of our preferred Kubernetes-based container platform: Red Hat OpenShift 4.14!

1. Based on Kubernetes 1.27 and CRI-O 1.27, Red Hat OpenShift 4.14 accelerates modern application development and delivery across the hybrid cloud while keeping security, flexibility and scalability remain at the forefront. Learn more about OpenShift 4.14 in this blog post and in the release notes.

https://cloud.redhat.com/blog/red-hat-openshift-4.14-is-now-available

2. Kepler (Kubernetes-based Efficient Power Level Exporter) is a metrics exporter that uses eBPF to collect and export energy-related system stats. This allows Kepler to provide granular power consumption data for Kubernetes Pods, Namespaces, and Nodes.

https://cloud.redhat.com/blog/introducing-developer-preview-of-kepler-power-monitoring-for-red-hat-openshift

3. Operational resilience is becoming more of a boardroom concern especially so for organizations operating in industries deemed as essential by governements for the functioning of society. Learn how OpenShift Platform Plus can help businesses reach operational resilience and protect themselves against failure.

https://cloud.redhat.com/blog/achieving-operational-resilience-with-openshift-platform-plus

4. In addition to 14-month extended support, Azure Red Hat OpenShift provides a multitude of support benefits. Jointly managed between Red Hat and Microsoft, it is backed by a global SRE team that proactively manages lifecycle, scaling, security, patching and incident responses.

https://cloud.redhat.com/blog/whats-new-with-azure-red-hat-openshift-4.12-is-released-and-more

5. The VSHN.timer project of the week supports automatically getting a certificate for OpenShift routes from any cert-manager Issuer, similar to annotating an Ingress or Gateway resource in vanilla Kubernetes!

https://github.com/cert-manager/openshift-routes

Are you going to update your clusters to OpenShift 4.14? Are you managing the consumption of your clusters with Kepler? Would you like to share some OpenShift tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about Red Hat OpenShift: #9, #28, #53, #95, #129, #157, #171, #183, and #185.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.