CatOps

20 May 2023 13:08

Remember that a couple of years ago GitHub has disabled automatic execution for its Actions?

The idea behind this decision is more or less described in this article - Build Pipeline Security. The problem described in this article is not some sort of a rocket science. Thus, any malicious actor can do something similar.

This brings me to the topic of CI integrations for public repositories. I think on some podcast or in some article I’ve heard an advice for the beginners to create their pet project and configure CI for it. So, you can show that you have some practical experience. Ok, GitHub has you covered, but what about other CIs which are available for public repositories? Thus, I might have been a good advice, if we were living in the world here all the people are kind to each other, which is not the case.

Does it mean that you cannot have a CI for your pet-project? Of course, not! Just be careful with what it actually can execute on each step. The author of the linked article suggests putting deploy scripts into a separate private repository. I think, nowadays any major VCS vendor allows one to have at least one private repository for free.

Yet, I would say that this is not good enough and you should also make sure that you should follow GitHub’s steps and enforce a mandatory approvals for CI runs as well as have some quotas in place for the compute resources available for your CI. Again, GitHub has you covered here, but if you want to use something else, you are on your own.

#cicd #security #github #aws

CatOps

18 May 2023 15:06

Production Considerations for Spring on Kubernetes is a long detailed articles on the consideration you have to take when running Spring Boot applications in Kubernetes.

It starts with how do you build your image and covers topics such as graceful shutdown, CPU/Mem requests and limits, configuration changes and so on.

From my understanding the primary target audience is Java developers. However, you can get much value from this article since it explains some specifics of how Java OCI images are built as well as some specifics of how Kubernetes works. Also, it may provide you some conversation-starters to share the best practices with your developers. Hence, probably not all of them have read this (or similar) article.

Some disclaimers:
- This article was written in the end of 2022
- It has Spring Boot 2.x in mind. Spring Boot 3.x is already available and has many changes compared to 2.x. Yet, 2.x is still widely adopted.
- Thus, some recommendations may change as well as new recommendations may appear for Spring Boot 3.x
Some takeaways:
- Use the latest LTS JDK version. If you‘re still on Java 8, at least make sure that you‘re using the latest patch version.
- Use cloud-native image builders such as JIB.
- Make sure that your application can be shut down gracefully. You may want to use preStop hook with a simple sleep and adjust the terminationGracePeriodSeconds setting to achieve that.
- Be mindful about your Liveness and Readiness probes. Spring has a default health endpoint but it usually checks the overall health of an application including downstream connections to the databases, etc. It’s suboptimal to use that for Liveness probe, because K8s will simply restart your app in a loop if something happens to the DB connection.
- Spring’s Liveness and Readiness Health Groups may help to prepare your app to K8s environments.
- Profile your application before setting requests and limits
- For CPU set adequate requests and use -XX:ActiveProcessorCount parameter of JAVA_TOOL_OPTIONS to limit the number of vCPU for JVM. Thus, you can omit setting CPU limits on the K8s side.
- Make sure you have both requests and limits set for the Memory, though!
- Prefer K8s native abstractions for configuration and service discovery over Spring Cloud.
- Yet, if you cannot remove Spring Cloud easily, the article provides some advices on how to make an app more K8s-native.

So, do you use Java or Kotlin in your company? If yes, share this post with your developers!

#kubernetes #java #programming
-

CatOps

15 May 2023 12:49

​​Yesterday I posted Mike's fundraiser for the laptops for the Southern Front. So, without changing the topic, I want to remind you about the Cyberdefence fundraiser by the Come Back Alive foundation.

It's currently at ~87% of its goal.

P.S. You can still donate to Mike's fundraiser as well. There is like 9k UAH left: https://send.monobank.ua/jar/8EPmTTkUrv

#donations #Ukraine

CatOps

14 May 2023 13:05

I usually post donation requests on Mondays but this is an urgent one.

Mike is raising funds for laptops for the Southern Front.

The goal is ₴38k. So, I believe we can close this one fast.

I know Mike personally. You can trust this fundraiser as if it was done from myself.

You can donate to the Monobank Jar:

https://send.monobank.ua/jar/8EPmTTkUrv

#donations #Ukraine

CatOps

13 May 2023 11:44

ANY KUBERNETES CERT - 50% DISCOUNT

coupon: friendsfamily23

#k8s #kubernetes #course

CatOps

11 May 2023 12:38

I'm still editing the latest issue of our CatOps Voice Chat. So, while you're waiting, you can check out a pilot episode of the new DOU DevOps Podcast.

In this episode, they've discussed the certifications as well as touched the causes which led to the emerging of Platform Engineering.

#dou

CatOps

08 May 2023 12:03

Today's Donations Monday goes to the artillery.

The "Reactive Post" charity organization allows creating a monthly subscription for donations which go to artillery brigades for spare parts, repairs, etc. You can check their website for more information.

They accept one-time donations as well. Plus, they support crypto.

#donations #Ukraine

CatOps

05 May 2023 15:44

Database trends spotted by Redis at KubeCon.

In nutshell:
- Running databases is hard.
- Running databases in Kubernetes = all the complexity of running databases + all the complexity of running Kubernetes.
- Yet, Data on Kubernetes community exists and has quite a few success stories.
- One of the problems is that there are no standard. Frequently, there are at least a couple of different operators and charts to run %dbname%. So, it might be hard for users to decide what tools to use in which case.
- Another problem is the lack of people, who are experts in both running databases and running Kubernetes.

So, if you want to be in demand on the market, get yourself familiar with data operations. That thing is getting momentum right now.

#databases #kubernetes

CatOps

02 May 2023 12:34

Personally, I prefer Go over Python. Yet, I know that Python is very popular inside the platform engineering community (for some reasons unknown to me).

Therefore, I want to share with a Python book bundle by “No Starch Press”.

As usual, you can pay different amount of money to unlock different number of books. The whole bundle costs about €33.

Although, some of those books are oriented towards full-time developers, other books are focused on the automation tasks. Thus, I believe this bundle would be interesting to you.

#books #programming #python

CatOps

30 Apr 2023 12:07

A new CatOps Digest is here!

#newsletter

CatOps

26 Apr 2023 17:05

A video report from KubeCon featuring Denys Vasyliev, Stanislav Kolenkin, and myself.

It‘s in Ukrainian (mostly). And we also have a text report which is coming soon.

#event #kubernetes

CatOps

24 Apr 2023 14:26

​​Let's start a week with the fundamental stuff affecting all tech folks over decades.

https://www.youtube.com/watch?v=6YbK8o9rZfI

#culture #programming

CatOps

20 Apr 2023 09:43

​​There are many ways to contribute to open source! And it’s not necessary about writing code.

Today at KubeCon they’ve said that a couple of localizations for Kubernetes including Ukrainian require some love.

This is an amazing opportunity for your contribution! Here is the manual on how to start.

(picture via deadopsclub)

#kubernetes

CatOps

18 Apr 2023 17:41

Vox populi vox Dei.

We (DevOps Days Kyiv organizer team) want to hear your voice.

As you may know, conferences (even non-profit ones) run on sponsors’ money.

Just like last year, we want to forward money that we raise for DevOps Days to Ukrainian humanitarian funds.

The problem is that we’re struggling to raise a meaningful amount before May, the month we initially wanted to have the conference. Thus, we have two options:

1. Have the conference in May anyways and donate whatever amount we manage to raise in this short period of time.

2. Postpone the conference till autumn and work with the companies to raise more money.

I’ll put a poll right after this message. Your vote is important because we make this conference for you, dear community!

#event

CatOps

16 Apr 2023 11:44

A new issue of the CatOps Digest is here!

#newsletter

CatOps

19 May 2023 18:17

​​Friday is a good day for some humor.

I bet you have heard about the 10x Engineer. But have you heard about -10x Engineer.

Jokes aside, this is a nice article of what things to avoid at work.

And here's a good review of this article by Primagen.

CatOps

17 May 2023 10:47

​​I've been working a lot with Makefiles lately, and I must say, it's not the most pleasant experience. Back in a day, I had a post here about how to replace GNU Make with Python's Invoke.

Today, I want to share a tool called Mage. It is a make/rake-like build tool using Go that depends only on Go's standard library. Ofc, some other Go-based task execution tools exist, like, for example Task.

However, unlike Task, Mage leverages plain Go syntax while Task uses YAML to define its recipes. Thus, Mage is much more flexible, especially when it comes to loops and so on. Also, you can write automation for your projects with Go!

P.S. A link to the post about Invoke.

#go #tools

CatOps

14 May 2023 16:47

A new issue of my CatOps Digest newsletter is here!

#newsletter #digest

CatOps

13 May 2023 12:41

It was a long one but finally I made it!

A new episode of our Voice Chat (in Ukrainian) is available! This time we shared stories of our fuckups as well as discussed a little bit the value of certifications and the interviewing process.

You can find the episode on:
- Spotify
- Apple Podcasts
- Google Podcasts
- Direct RSS link

So, if were looking for something to listen to on the weekend, we’ve got you covered!

#voice #говорилка

CatOps

12 May 2023 12:40

More than a year ago, I made a prediction that new Kubernetes distributions would emerge and the whole K8s installation process would be very similar to the Linux desktop experience: yes, the kernel is the same, but you have some pre-installed stuff that makes your experience smoother.

Yet, I was wrong. Some Kubernetes distributions emerged indeed, but the reality is that for the majority of people the real answer is to simply use whatever a cloud provider gives you and install necessary plugins by yourself.

Though, not everyone is operating in a cloud, as well as not everyone is using a managed Kubernetes service within a cloud. Therefore, I want to share with you an article called Kubernetes Installation Methods The Complete Guide.

This is not a complete guide, of course. There are a couple more methods and distributions. Moreover, I believe there are some exotic ways of people managing their clusters that never go public (we have a custom Kubernetes deployer in the company, lol).

However, this guide provides a nice overview of what's available on the market and which solutions suit better to which situations. So, if you're looking into starting your Kubernetes journey, you have a good place to validate your ideas about the tools.

#kubernetes

CatOps

10 May 2023 12:31

I know that currently there is a hiring freeze in many companies as well as a lot of folks stay put and not actively looking into changing their jobs.

Yet, some hiring is still happening, and some folks are actually joining new companies and therefore going through onboarding.

Hence, I would like to share this article with you - What I Wish I Knew About Onboarding Effectively.

This article has some interesting thoughts. For example, that you are the one who's "owning" your onboarding process. It seems obvious on the surface, but I saw many folks who assume otherwise.

Also, this article has some practical advises on how to prepare for an onboarding and make it a success.

#culture #onboarding

CatOps

07 May 2023 10:23

Avery nice read for the weekend - Postmortem of a 2005 Flickr Outage Modernized for Today.

It’s cool because it’s not just a postmortem from a well-known, but this piece also contains some history! Trust me, you will like the root cause of this one ;)

#postmortem #history

CatOps

04 May 2023 13:18

Choose Boring Culture is a new article by Charity Majors which in my opinion would be useful for engineering managers here and also to the technical leaders.

In this article, she argues that there are two types of culture: formal and informal. Formal culture is what a company and its managers build. Its goal is to make the company to succeed. And it includes all the formal policies around vacation days, compensation, postmortems, team structure, roles, promotions, etc.

All the "funny stuff" is a part of the informal culture. Informal culture is still important, but this is something that should grow organically. So, please, do not force "mandatory fun" on your employees.

And a quote from this article:

 a leader, you should absolutely care about your culture, but your primary responsibility is the health of the business. The purpose of your culture is to make your business succeed. It does not serve you, and it does not serve the people you care about, to be unclear on this front.

CatOps

01 May 2023 15:36

For today’s Donations Monday I would like to remind you about Pavlo and Naya who raise funds for recon drones and equipment for them.

- Pavlo’s requisites
- Naya’s requisites

#donations #Ukraine

CatOps

27 Apr 2023 15:21

With the whole AI hype going on, it's interesting to see how companies are trying to find an application for AI in their products.

Sometimes it's just pure hype, in my opinion. There are some
"AI-powered" tools that existed just fine without AI. However, I personally see three major areas for AI (LLMs to be precise) in the operational field:

- Taking over some boring tasks like writing some Bash, Makefiles and so on.
- Observability: basically explaining alerts to humans and suggest possible solutions. Perhaps, even apply those suggestions.
- Knowledge management. LLM can answer reoccurring questions instead of a support person. You can even try to teach a model based on your internal documentation and so on.

And here are some practical implementations in some of those areas:

- GitLab’s new security feature uses AI to explain vulnerabilities to developers
- Pulumi AI that writes IaC for you.

P.S. The news about GitLab came from our chat. So, if you have any interesting news to share, do not hesitate to join!

#ai #gitlab #pulumi #iac

CatOps

25 Apr 2023 15:14

It turned out that IBM has a lot of free courses on SRE: https://www.ibm.com/training/path/ibmcloudassociatesitereliabilityengineer(sre)

Sure, the main goal is to make you familiar with their cloud and get some adopters. However, some courses look generic. Thus, you may benefit from them even if you don’t plan to use IBM Cloud.

#learning #ibm

CatOps

23 Apr 2023 14:51

Puppet Labs have issued a new State of DevOps 2023 report.

This time it’s focused on Platform Engineering and how it helps organizations to achieve their goals and move further with their DevOps journey. Key takeaways (opinionated):

- While DevOps helps to foster collaboration and delivery velocity inside teams, platform engineering helps to increase the delivery velocity across the organization.
- Companies that have implemented platform engineering approach are satisfied with it. Also, companies that have platform teams for longer period of time are more satisfied, which is a good sign.
- Platform engineering treats infrastructure (observability, CI/CD, etc.) as a product, not as project. Therefore, platform teams benefit from a product manager position within a team.
- Yet, about a half of respondents have reported that their senior leadership is still concerned about the topic of platform engineering or confused about it.
- Centralized platform team is more common compared to decentralized and people who work in a centralized structure are more satisfied.
- Organizations plan to hire engineers to work on their internal platforms. So, you‘re safe :)
- 01 Normalize the technology stack => 02 Standardize and reduce variability => 03 Expand DevOps practices => 04 Automate infrastructure delivery => 06 Provide self-service capabilities => ???? => PROFIT!!1

#report #culture #platform_engineering #devops

CatOps

19 Apr 2023 09:26

There won’t be many posts this week, folks, because I’m at KubeCon right now.

But here are some CNCF reports you can read in the meantime.

#cncf #report

CatOps

17 Apr 2023 13:09

​​For today's Donations Monday, I want to remind you about the Cyberdefence Fundraiser by Come Back Alive.

The goal is to raise 50M UAH for the IT equipment and technologies. Currently, 56% of the goal is reached. So, let's make sure that it moves to 100% faster!

#donations #Ukraine

CatOps

15 Apr 2023 12:49

A new episode of our voice chat is out!

This time we talked about the best practices and guidelines for writing Terraform modules as well as Terragrunt, AWS Lambda, and other stuff.

The episode is available:
- on YouTube
- on Spotify
- Apple Podcasts
- Google Podcasts
- RSS feed

Enjoy!

#terraform #aws #azure #gcp #labmda