The second practical part of the Helm charts testing article.
- Read in the blog
- Read on Substack
#kubernetes #helm #testing
How Wise reduced AWS RDS maintenance downtimes from 10 minutes to 100 milliseconds is an interesting story for those who do DB operations.
From time to time, it's necessary to apply changes that require downtime. However, it's unacceptable to have long "maintenance windows" nowadays. So, one has to be creative.
#dba #mariadb
A new issue of the CatOps Digest is here!
https://newsletter.catops.dev/p/catops-digest-2024-07-07
#newsletter #digest
In case you missed it somehow.
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
A newly discovered vulnerability allows a malicious actor to execute code remotely with the highest privileges on a host. CVE assigned to this vulnerability is CVE-2024-6387.
Glibc-based Linux systems are affescted.
Affected OpenSSH versions:
- OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and
CVE-2008-4109.
- Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a
previously unsafe function secure.
- The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component
in a function.
OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.
Here's another interesting fact: "In our security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006."
This is why you always need to have several lines of defense in your systems. Also, since I got into the industry, it was always advised not to open SSH to the world and hide it behind a VPN or such. This advice still stands. Moreover, today you have solutions in place that allow you avoiding SSH at all.
#security #ssh
Sup!
Together with UkrOps Digest we are raising funds for the UAV equipment for the Skelyar platoon of the Rubizh brigade.
Specifically, we are raising money for:
- Antenas
- Batteries
- Controller unit
- 2 sets of cables
The end goal is 150k UAH.
There is also a raffle:
1. Our defenders will sign two platoon banners. Each 300 UAH donation is a chance to win one. So, if you donate 300UAH, you get one "ticket", 600 UAH - 2 "tickets", and so on.
2. Those with top 5 highest donations will have a chance to write a message on a drone!
Vsevolod Polyakov - the author of UkrOps Digest - knows these guys personally, thus I can vouch for them as well.
🎯Goal: 150 000.00 ₴
🔗Monobank Jar
https://send.monobank.ua/jar/6k2H9iu8tN
💳 Direct card number5375411219683781
Many thanks to y'all!
#donations#Ukraine
The upcoming systemd 256 release will have a replacement for sudo
- run0.
You can read more about run0
in this article.
#linux
For today’s Donations Monday, I want to share with you a fundraiser from the Come Back Alive foundation “The second line of air defense”.
#donations #Ukraine
An article called Maybe you need Kubernetes is surprisingly not about Kubernetes.
Instead, it touches the topic of embracing the complexity of modern tech and, more importantly, how one can only progress by learning complex stuff.
As the author puts it himself:
People don’t like to hear this, but difficulty is a moat. When something gets easy, it gets cheap. If you want to be paid a lot, you need to be really good at something that’s both in-demand and hard. If it were easy, everyone would be doing it.
A new DevOps book bundle on Humble Bundle.
It has some well-known books on Kubernetes, Terraform, Ansible, and other stuff. Also, these are O'Reilly books, which should be good.
#books
There are some articles-cheat sheets that are very useful in certain circumstances.
For example, here's a nice cheat sheet for reassignment of Kafka partitions. As you may know, Kafka doesn't reassign partitions automatically when new brokers are added or removed from a cluster.
Save this one just in case, especially if you have Kafka somewhere.
#kafka #cheatsheet
My talk from DevOps FW Days 2024 about Helm charts testing is available on YouTube now!
All the code that I used for the demo is available on GitHub as well!
The talk is in Ukrainian, but I'll write a blog post in English on this topic soon (tm) - I've just wanted to ensure that the materials are publicly available on the FW Days side, so I don't violate any policies.
#slides #helm #kubernetes
Last week it was the 7th (!) time we had the DevOps Days Ukraine conference!
One of the important part of it, apart from presentations and open space discussions, is to raise funds for Ukrainian charities.
We've been working with the UA Responders foundation for a couple of years already, and this time we've been raising funds for a surgical aspirator for Dnipro University Hospital.
We have a €1000 goal and just a couple of hundreds below the target. So, we can easily make it with your support!
#donations#Ukraine
Bees With Machine Guns is a tool to load test web applications.
The main difference from other popular tools like Vegeta is that in this case instead of using a single CLI, the tool creates a "swarm" of micro instances in AWS to emulate a DDoS attack so the load originates from multiple points, not a single one.
#security
DevOps Days Ukraine 2024 is starting today!
Meet wonderful people, who will talk you through security and also make sure to check out open space rooms to discuss various topics with your peers!
Just to name a few speakers:
- Nazar Tymoshyk — CERT-UA State Communications Engineer
- Anastasiia Voitova — Head of Security Engineering at Cossack Labs
- Brian Tarbox — Principal Solutions Architect at Caylent
- Rotem Refael — Director of Engineering and open-source ARMO
- And many more!
Check out the agenda & register for free 👉 https://www.devopsdays.com.ua
#event
A nice read about ArgoCD.
What I especially liked about it is that it goes beyond your typical “hello world” examples and also touches topics like multi cluster deploys, app-of-apps pattern, and encryption.
#argocd #cicd
At last! I converted my talk from FW Days DevOps 2024 into an article in English.
You can find it in my blog or on Substack.
This is the Part I which goes through the ideas behind the testing of Helm charts. But have no fear! I learn on my previous mistakes, so the second part that walks you through the technical aspects of tests is also ready and will be published tomorrow!
Also, you can still watch the video of my talk on the FW Days conference (in Ukrainian). It has basically the same content as the articles.
Enjoy!
#kubernetes #helm #testing
Convert your rage into donations.
Together with UkrOps Digest we are still raising funds for the Skelyar platoon. These funds will be spent on the equipment for UAV. Right now, we have 1/3 or the required sum.
🎯Goal: 150 000.00 ₴
🔗Monobank Jar
https://send.monobank.ua/jar/6k2H9iu8tN
💳 Direct card number5375411219683781
#donations #Ukraine
Today's Friday, so we can talk about some more relaxed topics.
Your Company's Problem is Hiding in Plain Sight - High Work-In-Progress (WIP) is a good reminder that working on everything everywhere all-at-once is a bad idea. I'd like to bring up this topic, because I think this issue is even more prevalent in platform teams.
What I missed in this article is some advices on how to address the issue in a controlled fashion: how to properly calculate it and "sell" to the management. Still, you can get some ideas from the discussion on Reddit.
So, as a bonus, I'd also like to share these two articles:
- One is on the Little's Law
- The second one is on the cost of context switching
P.S. I'm in that age when I really regret slacking out at the Queuing Theory lectures in the university :\
#culture
A reasonable article on how to provide meaningful feedback. Specifically, on how not to be afraid to provide meaningful feedback.
You may already know many of these points, but it won't hurt to re-read them. Also, this is one of the cases where actual practice weights more than theory.
P.S. The original article seems to be behind a paywall, but I was able to read it just fine via Pocket. In any case, here are the tl;dr points provided by the author himself:
Way before giving feedback…
- Build a relationship with the other person - This starts the path of giving feedback to someone like it’s your close friend. Good relationship = easy feedback.
- Share that you are open to receiving feedback - This results in the other person seeing you are growth-minded and often leads to them asking for feedback too.
- Give positive feedback first - This helps build a positive relationship and ensures the other person knows you are on their side and looking out for them.
When you do need to give feedback, follow the feedback process…
- Look inward first. Know your intent - Ensure you are sharing the feedback for the right reason. Not to vent, but to help the other person.
- Get permission - When in doubt, confirm with the other person. This allows them to opt in and prevents backlash.
- Show you care - The most important step. Let them know the reason you are sharing is because you care.
- State your observations - Stick to the facts of the situation. These should hardly be debatable. Call out the common problem.
- Explain the impact - Help the other person understand why it matters. Is it impacting you, others, or the business?
- Get their thoughts - You’re solving a problem together. Get their take on it.
- Align on next steps - Ensure it’s clear what to do moving forward.
#culture #feedback
Ruby was the first programming language I tried to consciously learn. Meaning, it wasn't a part of a university curriculum or something.
Despite not using it for many years, I still have some warm feelings towards this language. In this article Lucas Seiki Oshiro argues that Ruby is good for shell scripts as well.
Ruby is strongly associated with the Rails framework. So, I think this article is a good reminder that programming languages are more than just frameworks.
#programming #ruby
Programming skills are essential for work in tech. So, here is a book bundle by Pearson with some books that may help you with those skills.
#books #programming
A late night CatOps Digest is here!
https://newsletter.catops.dev/p/catops-digest-2024-06-23
#newsletter #digest
As Charity Majors put it: "Nines do not matter if your users are unhappy". At the same time, nines do not matter if your users do not care.
This small article is a friendly reminder about the cost of adding nines to your SLOs.
P.S. There are some other interesting articles in that blog, BTW.
#slo
For today's Donations Monday, I would like to share with you a fundraiser by Come Back Alive and PrivatBank for the establishment of the "Yatagan" UAV school.
The goal is to raise 33M UAH and currently about 21.5M are raised. It's also possible to donate using a European bank card - I've just checked that ;)
#donations #Ukraine
More conference videos for you!
As you sure know, if you're following this channel, we had a DevOps Days Ukraine conference recently.
Talks are already available on YouTube! Enjoy!
#slides #conference
A new late issue of the CatOps Newsletter is out!
https://newsletter.catops.dev/p/catops-digest-2024-06-09
I'll try to get back to the bi-weekly schedule with newsletters coming on Sundays, but no promises for the Summer.
#digest#newsletter
For those of you who like meddling with their terminal emulators - Oh My Posh is a command line prompt that can replace p10k,
since the latter one is no longer actively maintained.
Here’s a video where it’s shown in action (and basically this is how I discovered it):
https://youtu.be/9U8LCjuQzdc?si=ho-67Xuht02Ql0kT
What I personally liked from the video is a possibility of creating a neat config in YAML or TOML and ease of replacing current config with another one right in the shell configuration file.
I’ll definitely give it a try when I have some time.
#terminal #tools
A case study from Grammarly on their migration from Graphite to VictoriaMetrics, which helped them to improve DevEx as well as save money.
Unfortunately, there are not many technical details in this article, but I still want to share it, ‘coz I’ve rarely seen posts about VictoriaMetrics in production. So, maybe you are the one who can write something on the matter?
P.S. Do you, folks, even remember Graphite?
#observability
Together with GeekOps and Brokee we are starting a fundraiser for reconnaissance units that work on the Sumy direction.
We are raising funds for Starlinks and electronic warfare equipment for communication and protection against enemy's drones.
The goal is: 95 000 UAH.
You can donate on the Monobank Jar:
https://send.monobank.ua/jar/3D2HEywrZ5
Or to the card directly:
4149 4998 0815 3090
Crypto wallets are also available:
USDT trc 20: TCGcEu5eUWFN8niDvrVUSPPtLWosKj61Gu
USDT erc 20: 0x9e7f1d08f71f0d228c6f7f14e1b0192ec964566b
BTC: 3NktSaKQB8Wwv4txaZTKeZ3EUQs5y9dJ2U
#donations #Ukraine
A month ago I had a talk about Renovate after 1 year of its use (in Ukrainian)
Recording - https://youtu.be/zePUpFGWbFM
Slides - https://tinyurl.com/gen-renovate
#slides