Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the next frontier for Kubernetes clusters: hardened security.

1. Red Hat recently published the 2022 State of Kubernetes Security report, where 93% of respondents experienced at least one security incident in the last year. What are the risks and which preventive measures could DevOps engineers apply? Paul Krill from InfoWorld tells us more.

https://www.infoworld.com/article/3663734/kubernetes-users-struggle-with-security-red-hat-survey-says.html

2. The Shadowserver Foundation has recently started scanning for accessible Kubernetes API instances returning a 200 OK HTTP response to their probes… and out of 450’000 identified instances, 380’000 happily replied back. Oooops.

https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/

3. Kubernetes Secrets are just base64-encoded strings stored in etcd. How secure is this approach? Mac Chaffee evaluated it against a threat model, and provided some perspective.

https://www.macchaffee.com/blog/2022/k8s-secrets/

4. What options have DevOps engineers to store secrets in GitOps-enabled clusters using Argo CD? Daniel Hoang enumerates the most popular options: sealed secrets, the Argo CD Vault plugin, SOPS, and more.

https://akuity.io/blog/how-to-manage-kubernetes-secrets-gitops/

5. The VSHN.timer tool of the week is Download Kubernetes, a website only showing the download links to the latest versions in every architecture of each piece of the Kubernetes puzzle.

https://www.downloadkubernetes.com/

How do you manage your Kubernetes secrets? What security measures have you implemented in your cluster? Would you like to share some Kubernetes security tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about Kubernetes: #4, #8, #11, #14, #16, #19, #23, #37, #46, #49, #59, #64, #74, #82, #97, #99, #102, #109, #118, and #126; and about Security: #8, #17, #22, #27, #32, #44, #54, #62, #76, #84, #93, #106, #117, and #128.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about how businesses adapt to the new landscape of Cloud-Native computing.

1. Some organizations still have many doubts and reserves regarding Cloud-Native technologies, while their competition embraces them and thrives. For Lee Atchison at InfoWorld, such hesitations are a matter of life and death nowadays.

https://www.infoworld.com/article/3661590/youre-missing-the-boat-on-cloud-native.html

2. Some organizations have embraced Cloud-Native technologies completely. Des Field Corbett, CIO at Allianz Direct, explains how their company has increased turnover and agility in spite of astonishingly rigid regulatory and legal frameworks.

https://blog.container-solutions.com/how-the-worlds-most-valuable-insurance-firm-takes-a-cloud-native-approach

3. This year Heroku celebrates its 15th anniversary. Long hailed for its innovative developer experience, it has fallen behind in various ways. Matt Rickard analyzes the reasons why Heroku failed.

https://matt-rickard.com/why-did-heroku-fail/

4. The most critical system, yet the most complex to automate and operate in any cloud-enabled organization is billing, without any doubt. What are the challenges there? Lago, the maker of the Open-Source Stripe Billing Alternative, explains it all.

https://www.getlago.com/blog/why-billing-systems-are-a-nightmare-for-engineers

5. The VSHN.timer project of the week is swiss-qr-bill-server, an HTTP Server to generate a Swiss QR-Bill and optionally attach it to an existing PDF, by our neighbors at Pingen, creators of the powerful Swiss Online Postal Service.

https://github.com/pingencom/swiss-qr-bill-server

What billing strategy or provider do you use for your PaaS? How do you make sure your product is a good fit for the market? Would you like to share some Cloud-Native business tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about business: #15, #26, #35, #41, #70, and #112.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about simple ways to develop your Cloud Native and DevOps skills.

1. CodinGame helps programmers improve their coding skills by solving the most challenging problems, learn new concepts, and get inspired by the best developers, in whichever programming language you want.

https://www.codingame.com/

2. Kubesimplify is a new resource for Cloud Native and DevOps practitioners, with community members explaining concepts and providing all kinds of tips and tricks, from AWS to Terraform to Kubernetes to Go and more.

https://kubesimplify.com/

3. The CNCF announced the availability of the new Prometheus Associate Certification during the last KubeCon + CloudNativeCon at Valencia. This is a pre-professional certification, designed for engineers interested in observability and monitoring within the Prometheus ecosystem.

https://www.cncf.io/announcements/2022/05/18/prometheus-associate-certification-will-demonstrate-ability-to-monitor-infrastructure/

4. For those eager to sharp their Prometheus skills, this PromQL with Prometheus Playground provides a scratch Prometheus instance with full control over the server configuration: just launch it, and start writing your PromQL queries right away.

https://iximiuz.com/en/posts/prometheus-learning-promql/

5. The VSHN.timer tool of the week will help you keep track of your learning journey: [x]it! is a plain text file format for todos and check lists, compatible with your favorite text editor and infinitely future-proof.

https://xit.jotaen.net/

What is your preferred learning method? Are you interested in the new Prometheus certification? Would you like to share some tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about education: #21, #38, #67, #99, and #120.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the latest GitLab version, how to get good at Git, and how to lose GitHub stars.

1. GitLab 15.0 is available and has effectively removed quite a few features marked as deprecated in the latest releases. Check out the official announcement blog post with all the information required before you install it!

https://about.gitlab.com/blog/2022/04/18/gitlab-releases-15-breaking-changes/

2. Git is the bread and butter of our DevOps world. And using Git effectively is, indeed, a must have skill for all of us. Here’s a good tutorial going through everything you need to know to get good at Git.

3. GitHub stars are a very important social media metric for projects, used to gauge their popularity and their impact in the community. But did you know that setting a project to private removes all stars, forever? The HTTPie project team discovered this the hard way.

https://httpie.io/blog/stardust

4. The first VSHN.timer tool of the week is forgit, a TUI tool built on top of fzf to use Git more efficiently in your favorite terminal.

https://github.com/wfxr/forgit

5. The second VSHN.timer tool of the week is ghorg, a tool to quickly clone an entire organization (or user’s) repositories into one directory, supporting GitHub, GitLab, Bitbucket, and more.

https://github.com/gabrie30/ghorg

How good are your Git skills? Do you Git through a GUI or on the terminal? Would you like to share some Git tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about Git, GitOps, GitHub and GitLab: #10, #48, #68, #83, #98, and #119.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about how SQLite is adapting itself to the new world of Cloud Native Computing.

1. Imagine a cloud native database that is small, fast, reliable, and globally distributed; a great option to store your whole life in it. Yes, we’re talking about SQLite with Litestream, the new revolution in the world of SQLite, created by Ben Johnson (now at Fly.io, itself touted as the heir to Heroku).

https://fly.io/blog/all-in-on-sqlite-litestream/

2. Who’s using Litestream? Tailscale is. They moved to SQLite from raw JSON files and etcd, and instead of using MySQL or PostgreSQL, they decided that SQLite was the next step. (And no, in spite of the publication date, it’s not an April Fools‘ joke.) And you know who else is using SQLite in the cloud? Cloudflare.

https://tailscale.com/blog/database-for-2022/

3. If you run databases in AWS, you should attend the AWS Database Modernization event next week, with talks about Aurora, RDS, DocumentDB, and DynamoDB. That’s a lot of cloud database options up there.

https://pages.awscloud.com/emea-database-modernisation-week-q2-2022.html

4. Do you like PostgreSQL? Do you like containers? Well, rejoice, because now you can run containers in PostgreSQL. And yes, when we first heard about it we were as puzzled as you are right now.

https://www.crunchydata.com/blog/announcing-postgres-container-apps-easy-deploy-postgres-apps

5. The VSHN.timer tool of the week is termdbms, a text user interface (TUI) tool for viewing and editing databases, written in pure Go. For the moment it only works with SQLite, but support for MySQL and PostgreSQL is in the roadmap.

https://github.com/mathaou/termdbms

Are you using Litestream in production? What is your opinion about microservices using SQLite as a database? Would you like to share some SQLite tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about databases and storage: #111 and #115.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about how developers are exploring new old ways to build and serve those trusty HTML websites.

1. Server-side rendering is making a comeback! Andraž Bajt reminds everyone that we can generate HTML in the server, instead of just sending JSON and manipulating the DOM on the browser. Feels like 1997 all over again; let’s watch another episode of Friends.

https://edofic.com/posts/2022-01-28-low-js/

2. What’s the absolute minimum you need to serve HTML pages to your visitors? A web server. But do you need Apache or NGINX? Not really. According to Jes, a small single binary built with the Go programming language is more than enough.

https://j3s.sh/thought/my-website-is-one-binary.html

3. How big do container images need to be to serve a static HTML website? Not a lot, actually. Instead of using NGINX, try using thttpd in your container, as shown by Florin Lipan, and enjoy your 186 KB container image. Yes, you read that right.

https://lipanski.com/posts/smallest-docker-image-static-website

4. What is faster, serving 100 files with 10 lines of PHP each, or 1 file with 1000? Well, Josh Bleecher Snyder found out that the latter is faster. And this trick not only works with PHP, but also with JavaScript and other programming languages.

https://commaok.xyz/post/perf_files/

5. If you’re bothered by AMP as much as we are, you’ll love this browser extension by Daniel Aleksandersen: it simply redirects back to the original page, far away from Google’s walled garden.

https://www.daniel.priv.no/web-extensions/amp2html.html

How do you prefer your HTML? Do you render it at the server or at the client side of the equation? Which episode of Friends is your favorite? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about programming: #18, #30, #33, #47, #50, #60, #77, #88, #101, #103, and #122.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re back! And we’re not going to talk about Foghat, but rather about how service level objectives are the new deal breakers.

1. Atlassian customers suffered in April one of the longest downtimes ever recorded in SaaS history, leaving users without access to Jira, Confluence, or OpsGenie. Gergely Orosz wrote a month-long report with updates about the issue, and most importantly, the reactions (or lack thereof) from Atlassian.

https://newsletter.pragmaticengineer.com/p/scoop-atlassian?s=r

2. How does Salesforce track SLO for their thousands of services in production? They use a well-defined GitOps process based on configuration as code; it tracks SLOs, alerts, and everything related to them in the same Git repo.

https://engineering.salesforce.com/onboarding-slos-for-salesforce-services-299b6cf2d8e8

3. Failures can come from the most unexpected places. Take for example how a missing shell option called “pipefail” slowed Cloudflare down dramatically.

https://blog.cloudflare.com/pipefail-how-a-missing-shell-option-slowed-cloudflare-down/

4. In The Cloudcast, Aaron Delp received Brian Singer, CPO at Nobl9 talking about Service Level Objectives (SLO), what they are, why they matter, and how to use SLOs to focus on innovation versus technical debt.

https://www.thecloudcast.net/2022/05/slos-for-everyone.html

5. Interested in the subject of SLOs? Check out next week’s online SLOconf 2022, with tracks not only for engineers, but also for all teams impacted by SLOs in one way or another.

https://www.sloconf.com/

Were you impacted by Atlassian’s downtime? How do you negotiate your SLOs with your customers? Would you like to share any tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about Quality Assurance, SLAs & SREs: #6, #34, #43, #66, and #104.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the ARM CPU architecture, and its newfound popularity in cloud computing circles.

1. Having conquered the smartphone, the ARM CPU architecture is steadily making great inroads in the realm of the cloud. Red Hat has just enabled OpenShift users to operate their clusters in ARM-powered hardware.

https://cloud.redhat.com/blog/introducing-openshift-on-arm

2. Apple Silicon-powered laptops and desktop users can install the alpha release of Asahi Linux. Still a lot of work ahead (Bluetooth, camera, GPU acceleration, just to name a few things) but an impressive achievement nevertheless.

https://asahilinux.org/2022/03/asahi-linux-alpha-release/

3. We cannot have a VSHN.timer edition about hardware without mentioning yet another (but this time official) guide to create a cluster of Raspberry Pi computers, with even instructions on how to build your own cooling mechanism.

https://www.raspberrypi.com/tutorials/cluster-raspberry-pi-tutorial/

4. Since Docker for Mac added support for Apple Silicon, it keeps on adding new cool features; this time, experimental virtiofs support allowing for impressive performance breakthroughs.

https://www.docker.com/blog/speed-boost-achievement-unlocked-on-docker-desktop-4-6-for-mac/

5. The PDP-11 was built decades before the ARM architecture, but its historical importance cannot be denied; this is the computer that helped birth UNIX and the C programming language. Quite a resumé.

https://arstechnica.com/gadgets/2022/03/a-brief-tour-of-the-pdp-11-the-most-influential-minicomputer-of-all-time/

Are you running OpenShift on ARM servers? Are you using Docker for Mac on Apple Silicon? Have you built your own Raspberry Pi cluster yet? Get in touch with us, and see you on Monday, May 2nd for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about Hardware: #80 and #113.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about all the decisions required to build a new product, such as our new APPUiO Cloud.

1. Product Management expert Itamar Gilad explained recently the key recipe to build products people love: placing the delivered customer value at the center of the product management process.

https://itamargilad.com/customer-value/

2. The most complicated aspect of engineering a new product is never technical, but conceptual: the correct definition of the thing to be built in the first place; that’s the hardest problem to solve.

https://blog.devgenius.io/the-hardest-thing-about-engineering-is-requirements-28a6a70c4db4

3. Have you ever wondered how companies manage to offer free plans of their services? It turns out that the old adage „if it’s free you’re the product“ is not always true, at least not for Tailscale and their VPN.

https://tailscale.com/blog/free-plan/

4. Telemetry data is fundamental to tweak your product offering, to understand market demand and maximize your margins. But how to gather such information from Kubernetes clusters? Here’s how Flant does it.

https://blog.flant.com/collect-system-information-stats-from-kubernetes-clusters/

5. The VSHN.timer tool of the week is Kubernetes Opex Analytics, a Kubernetes usage accounting and analytics tool to help organizations track the resources consumed by their Kubernetes clusters over time, compatible with Prometheus and Grafana.

https://github.com/rchakode/kube-opex-analytics

What process do you follow to design new products? What is the most important factor in your product design decision process? Would you like to share some ideas with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we aren’t going to talk about Greek mythology, but about Argo CD, the mythical ship faithfully delivering code to the blue waters of κυβερνήτης.

1. Continuous Integration and Deployment (CI/CD) and GitOps are such important pieces of The DevOps And Cloud Native Experience™®© that the CNCF has at least 6 projects related to CI/CD; Argo CD (recently promoted to version 2.3.0) and Flux being the two most popular of the bunch.

https://containerjournal.com/features/6-cncf-projects-for-ci-cd/

2. How to choose between Argo CD and Flux? What are their similarities and differences? Christian Hernandez from The New Stack tells us everything we need to know.

https://thenewstack.io/gitops-on-kubernetes-deciding-between-argo-cd-and-flux

3. Argo CD is highly addictive; once a team starts using it, the whole organization wants it too. Which raises questions of multi-tenancy, RBAC, scopes, and secret management. The Argo CD team recently published some guidelines for such scenarios.

https://blog.argoproj.io/best-practices-for-multi-tenancy-in-argo-cd-273e25a047b0

4. We’ve already mentioned vcluster in a previous issue of VSHN.timer; and here’s the official Argo CD step-by-step guide explaining in detail how to use Argo CD on vcluster.

https://blog.argoproj.io/using-argo-cd-with-vclusters-5df53d1c51ce

5. As good as Argo CD is, it’s just software, and it can suffer from some nasty vulnerabilities. In this case, CVE-2022-24348; but the Argo CD team has already published a patch. Are you protected? Learn more about it and secure your clusters.

https://www.infoworld.com/article/3650659/how-to-protect-your-kubernetes-infrastructure-from-the-argo-cd-vulnerability.html

Are you a Flux or Argo CD person? Do you prefer classic CI/CD pipelines instead? Would you like to share κυβερνήτης tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about DevOps: #5, #13, #29, #31, #42, and #110.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the latest news around Amazon Web Services, as we wait for the new Swiss region to open.

But before we start, we’d like to ask you to participate in our DevOps in Switzerland Study 2022; we’re interested in knowing how DevOps is contributing to the digital transformation of our country, and besides the good karma, you’ll have the chance to win a prize!

1. How reliable is the AWS status page nowadays? With the current ongoing invasion of Ukraine by Russia, it is more and more likely that online services experience cyber warfare attacks. Can we really trust service status reports, in particular AWS‘ own ones, in such a context?

https://www.theregister.com/2022/02/24/cloud_service_status_pages_fail/

2. Microsoft Azure has experienced tremendous growth in the past few years, and many reports currently point to its net leadership in the hyperscaler market. Our own DevOps 2020 report indicated a surge of popularity of Azure over AWS in Switzerland, and that’s what the Flexera 2022 Status of the Cloud Report has seen as well.

https://www.infoworld.com/article/3652330/in-an-evolving-cloud-world-azure-passes-aws.html

3. How good is AWS‘ Elastic Kubernetes Service? It certainly is a very popular way to bootstrap a managed Kubernetes cluster. Mathew Duggan has written a comprehensive report highlighting the features, advantages, drawbacks, flaws, and the history of EKS.

https://matduggan.com/aws-eks/

4. It is unfortunately all too easy to leave misconfigured databases and services on AWS; Avi Lumelsky found lots of them and wrote a chilling report about it.

https://infosecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32

5. The AWS team constantly publishes guides for DevOps engineers, with recommendations and best practices. Here’s one with the top 10 security best practices for securing backups in the AWS Backup service.

https://aws.amazon.com/blogs/security/top-10-security-best-practices-for-securing-backups-in-aws/

Are you running Kubernetes clusters on AWS EKS? What other AWS services do you currently use? Would you like to share some AWS security tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about AWS: #61 and #87.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the ever changing job market, bringing new buzzwords on job postings and résumés.

1. Who’s in charge of Kubernetes in organizations? We used to call them „DevOps Engineers“, but apparently the term „Kubernetes Engineer“ is slowly becoming the new standard. As long as job offers for this title don’t ask for 10 years of Kubernetes experience, all should be fine.

https://www.cncf.io/blog/2022/03/03/an-emerging-job-kubernetes-engineer/

2. Ever heard about somebody refusing a job offer because the company uses Microsoft Teams? Well, watch out, you might be missing some talent because of your tool choices. Teamwork tools have a direct impact in your productivity, creativity… and even your employee turnover.

https://www.protocol.com/workplace/slack-teams-workplace-tools-jobs

3. How do teams organize to jump into the cloud? A lot of companies break their teeth against hyperscalers; they do not realize that DevOps requires having a new production framework, and not just CI/CD pipelines and Kubernetes.

https://docs.gruntwork.io/guides/production-framework/

4. What makes DevOps teams really productive? According to the 2021 DevOps Setups: Benchmarking Study it all depends of essentially one thing: whether those teams are able to adhere to the “you build it, you run it” mantra, independently, and with the greatest agility.

https://humanitec.com/whitepapers/2021-devops-setups-benchmarking-report

5. What questions do you ask a prospective employer during an interview? We have answered a few in our Handbook for future VSHNeers, but for those applying to jobs in other organizations, check this list of questions to ask before the interview is over.

https://daveceddia.com/interview-questions-to-ask-company/

Is your job title „DevOps Engineer“ or „Kubernetes Engineer“? Have you ever refused a job because of the tooling chosen by a prospective employer? Do you have any tips and tricks for conducting (or attending) job interviews? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about PeopleOps: #7, #13, #15, #26, #35, #41, #52, #63, #85, #92, and #116.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about how to make sure your monitoring strategy is secure, performant, and relevant.

1. There’s no shortage of mechanisms to monitor your clusters: Prometheus, Thanos, M3, VictoriaMetrics, InfluxDB… Here’s Michael Weibel from the Helio team explaining how they use Cortex to observe the inner workings of their carbon-aware cloud infrastructure.

https://helio.exchange/blog/monitoring-clusters-using-cortex-and-prometheus

2. In the Cloud Native world, Grafana is Prometheus‘ best friend. But are you sure your Grafana instance is secure enough? The Grafana team explains all you need to know to secure your dashboards: authentication, authorization, audit, administration, and encryption.

https://grafana.com/blog/2022/02/22/how-secure-is-your-grafana-instance-what-you-need-to-know/

3. Last month the Prometheus team released version 2.33 of their eponymous project, with enhanced queries and better performance. Read the release notes in their blog.

https://promlabs.com/blog/2022/01/30/whats-new-in-prometheus-2-33

4. Are you a Prometheus power user? Check this list of awesome Prometheus alerts, we’re sure you’ll find something new for your monitoring toolbox.

5. The VSHN.timer tool of the week is the Grafana multi-tenant operator, helping you enable RBAC authentication, users, and organizations for your Grafana instances.

https://github.com/k8spin/grafana-multi-tenant-operator

What helper tools do you use together with Prometheus and Grafana? How have you secured your dashboards? Would you like to share some monitoring tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer edition about Prometheus & Grafana: #78.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about what’s going on in the world of Red Hat OpenShift.

But before we start, did you know that APPUiO Cloud gives you instant access to a pay-per-use OpenShift 4 project, enjoying all of the know-how and 24/7 support that only VSHN can provide? Create an account now and deploy your app right away!

1. Red Hat OpenShift celebrated last September its 10th anniversary! This was shortly before the release of version 4.9 and the change to a timeline-based lifecycle of 18 months for all minor releases of OpenShift 4.

https://cloud.redhat.com/blog/10-years-of-openshift-and-10-years-of-business-innovation

2. The German OpenShift User Meeting is a platform for everyone to share knowledge and best practices around Red Hat OpenShift, and it’s happening on March 9th, 2022 on Gather. Don’t miss the date!

https://events.redhat.com/profile/form/index.cfm?PKformID=0x510075abcd&sc_cid=7013a000002qA4lAAE

3. Azure Red Hat OpenShift is a fully managed, HIPAA compliant Red Hat OpenShift service in Azure jointly engineered and supported by Microsoft and Red Hat. We recently found this free lab to learn and understand some of the concepts of deploying and securing container based applications with it.

https://aroworkshop.io/

4. OpenShift is a complete platform providing tools and support for all aspects of DevOps, from development, security, operations, and crucially, also for incident management. Check these field notes from a private bank in Italy planning for reliability using OpenShift, Ansible, Argo CD, and more.

https://cloud.redhat.com/blog/openshift-disaster-recovery-a-cold-start-story

5. Gitea is a self-hosting lightweight & open source alternative to host your Git repositories securely and efficiently. And of course, you can also run Gitea in your OpenShift cluster.

https://github.com/wkulhanek/docker-openshift-gitea

Bonus Item 6! Do you want some free Red Hat stickers for your laptop? The question is… who doesn’t?! Then get them here!

https://red.ht/anwender-sticker

Have you opened your APPUiO Cloud account yet? What OpenShift operators do you use in production? Would you like to share some OpenShift tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about Red Hat OpenShift: #9, #28, #53, and #95.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about how slowly governments and industry are getting to grips with the next big threat of this 21st century.

But before we start, we’d like to ask you to participate in our DevOps in Switzerland Study 2022; we’re interested in knowing how DevOps is contributing to the digital transformation of our country, and besides the good karma, you’ll have the chance to win a prize!

1. After the White House organized an Open Source Security Summit with major software companies in January, the Swiss Federal Council has called for the creation of a Swiss Digital Administration to coordinate nationwide digital transformation efforts together with the National Cyber Security Centre. Whether these efforts will prevent security issues, like the leakage of private data of travelers online, remains to be seen.

https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-87029.html

2. We started 2022 with the Log4j fiasco, and followed with the corruption of NPM packages by a disgruntled developer. Even if executives being grilled in US Senate hearings insist that Open Source is not the problem, the writing is in the wall: right now, there is no way to properly prevent security issues in the software pipelines cranking the code that makes our world go round, even if the Linux Foundation injects 10 million US dollars in yet another Open Source Security Foundation.

https://www.theregister.com/2022/02/09/secure_open_source_software/

3. The first line of defense against cyber threats is education. This is why we recommend you to register and attend this 3-hour training „Zero Trust Security Fundamentals“ by O’Reilly on March 15th (places limited!), and to top it off, check out this Kubernetes Policy Management whitepaper by the CNCF.

https://www.oreilly.com/live-events/zero-trust-security-fundamentals/0636920066250/0636920066249/

4. You think your CI/CD pipelines are safe from intrusion and tampering? Think again. The NCC Group published a summary of attack vectors in Jenkins, GitLab CI/CD, and even on Kubernetes: badly configured S3 buckets, privileged container execution, unprotected secrets… you name it.

https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/

5. AWS can provide all the security guidelines they want, humans will be humans. That’s precisely when another human, an ethical security researcher in this case, discovers thousands of open databases on AWS belonging to hospitals, crypto traders, banks, DevOps teams… A chilling story.

https://infosecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32

Do you do DevSecOps? How do you audit your software for security issues? Would you like to share your best practices with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about Security: #8, #17, #22, #27, #32, #44, #54, #62, #76, #84, #93, #106, and #117.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about how Crossplane is steadily becoming the new Cloud Native standard for infrastructure management.

But before we start, we’d like to ask you to participate in our DevOps in Switzerland Study 2022; we’re interested in knowing how DevOps is contributing to the digital transformation of our country, and besides the good karma, you’ll have the chance to win a prize!

1. Since its introduction in December 2018, Crossplane has become a fundamental part of the toolkit of DevOps teams all over the world. If you don’t believe us, ask the AWS container team, who designed a GitOps model for provisioning EKS clusters based on Crossplane and Argo CD.

https://aws.amazon.com/de/blogs/containers/gitops-model-for-provisioning-and-bootstrapping-amazon-eks-clusters-using-crossplane-and-argo-cd/

2. Developing and testing Crossplane packages involves quite a bit of work, usually spinning a cluster, installing Crossplane in it, and verifying that the package works properly. Thankfully Aaron Eaton has found an easier way using kuttl, the Kubernetes Test TooL.

https://aaroneaton.com/crossplane/crossplane-package-testing-with-kuttl/

3. The Upbound team, behind the success of Crossplane, have recently announced that they have 100% cloud coverage thanks to Terrajet, a tool that generates Crossplane providers from their Terraform equivalents.

https://blog.upbound.io/cloud-service-coverage/

4. Terrajet is opening new possibilities for Crossplane as we speak: thanks to it, we now have an Exoscale Crossplane provider!

https://github.com/lucj/provider-jet-exoscale

5. Crossplane is fantastic, but Terraform still has a strong and vibrant ecosystem around it. Take for example Kubestack Cloud, an useful app to design complex Kubernetes platforms and to generate its corresponding Terraform description.

https://www.kubestack.com/cloud

Are you using Crossplane? Have you developed a Crossplane package? Would you like to share some Crossplane tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about Terraform and Crossplane: #65 and #82.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the past, the present, and the future of our favorite container orchestration engine.

But before we start, we’d like to ask you to participate in our DevOps in Switzerland Study 2022; we’re interested in knowing how DevOps is contributing to the digital transformation of our country, and besides the good karma, you’ll have the chance to win a prize!

1. Honeypot is a developer-focused job platform, but they also have a fantastic YouTube channel where they publish documentaries exploring tech culture. Their most recent one is a Kubernetes documentary in two parts. An excellent production with a nice overview of the early history of Kubernetes.

https://www.youtube.com/watch?v=BE77h7dmoQU

2. PayPal has recently started migrating from Apache Mesos to Kubernetes, and they’ve encountered some problems scaling their services–because, well, how about this: 4000 nodes, and hundreds of thousands of pods. Read the full story on their technology blog.

https://medium.com/paypal-tech/scaling-kubernetes-to-over-4k-nodes-and-200k-pods-29988fad6ed

3. The complexity behind Kubernetes stems from the decisions taken during its design; they are understandable, but they can also be hard to navigate, particularly for beginners. Nelson Elhage wrote down some useful thoughts on the topic.

https://buttondown.email/nelhage/archive/two-reasons-kubernetes-is-so-complex/

4. You already know EKS, AKS, GKE, and SKS, right? Well, Oracle wants to be a part of the growing managed Kubernetes market too, and lo and behold, they’ve just launched their own managed Kubernetes service: the Oracle Container Engine for Kubernetes, or OKE.

https://www.oracle.com/cloud-native/container-engine-kubernetes/

5. There are plenty of options to quickly spin a Kubernetes cluster in your laptop: Docker Desktop, K3s, Minikube, CodeReady Containers… and now we also have Rancher Desktop from SUSE whose version 1.0.0 was released last week.

https://github.com/rancher-sandbox/rancher-desktop/releases/tag/v1.0.0

What Kubernetes distribution do you use for development? What’s your favorite managed Kubernetes provider? Would you like to share scaling tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about Kubernetes: #4, #8, #11, #14, #16, #19, #23, #37, #46, #49, #59, #64, #74, #82, #97, #99, #102, #109, and #118.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the state of Linux in 2022.

But before we start, we’d like to ask you to participate in our DevOps in Switzerland Study 2022; we’re interested in knowing how DevOps is contributing in the digital transformation of our country, and besides the good karma, you’ll have the chance to win a prize!

1. The New Stack published a short summary of the most important events of 2021 in the Linux galaxy: the CentOS Stream affair begat AlmaLinux and Rocky Linux; Ubuntu is preparing another LTS release for next April; and Amazon aligned its own flavor of Linux with Fedora.

https://thenewstack.io/linux-distros-year-in-review

2. Desktop builds of Linux for the ARM CPU architecture are one of the hottest new frontiers for Linux. EuroLinux just released their RHEL-based ARM distribution; Arch Linux ARM is targeting ARMv6, ARMv7, and ARMv8 AArch64 boards; and Asahi Linux is busy making Arch available for the latest Apple Silicon-based Macs.

https://asahilinux.org/2021/12/progress-report-oct-nov-2021/

3. Linux kernel developer Ingo Molnar has proposed a stunning 2200 changes, in order to reduce compilation times, through a re-arrangement of the ~10’000 header files in the codebase. Not for the faint of heart. The original thread starts with a fascinating explanation.

https://www.zdnet.com/article/cleaning-up-the-linux-kernels-dependency-hell-this-developer-is-proposing-2200-commit-changes/

4. Arch Linux is a popular distribution among VSHNeers, and the Arch constellation has gotten new members lately: JuNest is a lightweight Arch Linux that runs upon other distributions; and instantOS is another Arch Linux based distro that works out of the box but is still aimed at power users.

https://instantos.io/

5. Atwood’s Law strikes again. The VSHN.timer tool of the week is Browsix, a POSIX-compliant web application, with everything you need to run Unix on your web browser. Read the paper with all the science behind this project.

https://browsix.org/

Are you looking forward to use Linux on Apple Silicon Macs? Are you an Arch Linux user? Would you like to share some tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about Linux: #45, #55, #72, #96, and #105.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the latest news around containers and how to properly build them.

1. Building a nice, small, tight, and speedy container image is a big part of the DevOps experience. Optimizing container images matters, and that’s why Jérôme Petazzoni has collected a list of antipatterns.

https://jpetazzo.github.io/2021/11/30/docker-build-container-images-antipatterns/

For microservices with relatively few dependencies, I don’t worry about images below 100 MB. For more complex workloads (monoliths or, say, data science apps), it’s fine to have images up to 1 GB. Above that, I would start to investigate.

2. Have your heard about Nix? People are asking whether it is a replacement for Docker or Podman containers, but here’s the Replit team explaining the differences between both.

https://blog.replit.com/nix-vs-docker

3. Even though we are very happy to say that Kubernetes is a container platform, it turns out that the most groundbreaking aspect about it is none other than its API, which has become a standard by now.

4. Keppel is a new open source multi-tenant container image registry written in Go (of course!) improving the services offered by Harbor; with a fully compliant API, but built with multi-tenancy in mind.

https://github.com/sapcc/keppel

5. The VSHN.timer tool of the week is Sinker, a tool that simply synchronizes container images from one registry to another.

https://github.com/plexsystems/sinker

What is the smaller container image you’ve ever created? Have you already migrated your container images from one registry to another? Would you like to share some container tips and tricks with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about containers: #12, #17, #40, #51, #54, #71, #81, and #108.

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to learn lots of new things, and how to remember them.

1. Network Time Protocol (NTP) is probably the oldest distributed application in the Internet (from 1979!), but how do computers coordinate their clocks with it? Well, now you know.

https://sookocheff.com/post/time/how-does-ntp-work/

2. WHOIS dates back to 1982 and is another relic from the beginnings of the Internet, back when it was known as the ARPANET. How can you use it, and why? Well, now you know.

https://www.netmeister.org/blog/whois.html

3. The JPEG format (and the Web) exploded in popularity after Mosaic introduced the <IMG> tag in 1993. High-resolution photos over a 28 kbps modem? Of course! But how do they work? Well, now you know.

https://medium.com/geekculture/how-jpeg-compression-works-a751cd877c8c

4. Git messages are one of the cornerstones of software team communication, but how to write better ones? Well, now you know.

https://www.freecodecamp.org/news/how-to-write-better-git-commit-messages/

5. Your brain has only limited capacity, but you have subscribed to VSHN.timer. How to remember all the things you have learnt this week? Well, build a second brain and presto!

https://aseemthakar.com/how-to-build-a-second-brain-as-a-software-developer/

Do you know how other things work? Do you have a second brain? Would you like to share your knowledge about how stuff works with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS³: check out our previous VSHN.timer editions about random stuff: #24, #36, #69, #73, #86, #94, and #100.