CatOps

19 Dec 2023 11:44

A Linux book bundle on Humble Bundle. Now, I know that people have mixed feelings about books by Packt. Some folks say that they are too basic.

So, if you’re unhappy about the Packt books, you may want to check the Software Development bundle that has a couple of books on CI/CD, DevOps, and SRE topics.

#books

CatOps

15 Dec 2023 15:32

If you are running dynamic environments in Kubernetes or any other ephemeral workloads, you need a way to clean up things once these environments are no longer needed or once your tests are done.

k8s-cleaner may help with it. It's a controller that deletes Kubernetes resources, including custom resources, on a schedule. It supports dry run and some options for customizations.

#kubernetes

CatOps

12 Dec 2023 12:46

A brief glance into how Uber’s ETA calculator works.

tl;dr: Graph segmentation and smart guessing.

#programming #system_design

CatOps

10 Dec 2023 12:52

A new issue of the CatOps Digest is here!

https://open.substack.com/pub/catops/p/catops-digest-2023-12-10

#digest #newsletter

CatOps

06 Dec 2023 14:22

A collection of video tutorials on various DevOps-ish topics on Humble Bundle.

I don’t know if any of those are good, but there are some of the big names behind some videos.

If you’re not interested in videos, there’s also a bundle of book on ML and AI from O’Reilly. Those are usually good.

#books

CatOps

04 Dec 2023 13:35

​​A new fundraiser by Come Back Alive to strengthen Ukrainian snipers.

Unfortunately, the page is only available in Ukrainian as for now. Yet, all the modern browsers have the translate function these days.

The goal is 220M UAH.

#donations #Ukraine

CatOps

29 Nov 2023 13:16

Aqua Security warn people about the danger of the supply chain attacks using Kubernetes Secrets.

We all know this story: base64 is not an encryption, Kubernetes Secrets may have a ton of sensitive information, etc. The article just provides some data from Aqua’s recent research.

However! There’s another viewpoint on Kubernetes Secrets - Plain Kubernetes Secrets are fine. This is the thing I wanted to share with you today.

The main gist of this article is that you cannot really tell if something is secure or not without a threat modeling. Also, that the auto-unsealing feature in Vault kinda negates some if its security features.

Apparently, there’s a discussion about this article in a form or a podcast but I haven’t checked it out yet.

Also, if you need some guides for threat modeling, OWASP website is a good place to start.

So, do your due diligence, do threat modeling, and have a nice day!

#security #kubernetes

CatOps

26 Nov 2023 20:40

A new issue of the CatOps Newsletter is here!

Also, we have a great CyberWeek deal: you can subscribe to CatOps on Telegram, WhatsApp, or Substack for free instead of $0! Don’t miss it!

#digest #newsletter

CatOps

23 Nov 2023 18:33

Backstage is not an Internal Developer Portal, but a framework to build one.

This article highlights an important difference between the two. Basically, you won’t get an IDP out of the box with Backstage, you need to put some time and effort to make it useful and this fact leaves people, who thought otherwise, frustrated.

Also, it’s interesting how the author draws a parallel with Kubernetes. I would argue that Kubernetes is also a framework to build a platform and not an out of the box solution.

#backstage #idp

CatOps

20 Nov 2023 13:01

​​Today let’s continue helping Pavlo and Naya with drones, telecom equipment, and tactical medicine.

- Pavlo’s requisites
- Naya’s requisites

See the attached picture for this week’s goals.

#donations #Ukraine

CatOps

16 Nov 2023 16:03

Чисто нагадати, що сьогодні ми будемо робити Говорилку CatOps про менторство, а точніше: як стати хорошим ментором.

Стартуєм о 20:00 по Києву (19:00 по Берліну) в чаті.

Посилання на Говорилку

#voicechat

CatOps

14 Nov 2023 09:30

​​Terraform variable validation, when 2+ vars depend on each other

Basically, where is the answer in SO how to do it in 0.13+ via locals, but it does not include some important details:

This check works only for known during terraform plan values of variables.
If value of any of variables in the check is not known during terraform plan, the check will be skipped and error message will pop up only after terraform apply in the next terraform plan.

The pic below is an example of how that check works.


Note, that there is a feature request to make able to refer to other variables in the variable condition check, but that's needs architecture redesign, so there no ETA when we can drop that hack.

P.S. You can achieve something similar by using lifecycle precondition and postcondition in case if you support only TF 1.2+


#terraform

CatOps

12 Nov 2023 12:27

A train edition of the CatOps Digest is here!

A couple of highlights from that digest related to CatOps itself:

- We are going to have a voice chat on Thursday at 20:00 Kyiv (19:00 Berlin) time.
- You can now follow CatOps on WhatsApp! I haven’t figured out yet if it’s possible to use markdown or any other formatting there but still.

#digest #newsletter

CatOps

10 Nov 2023 11:50

Here's dekel_malul/balancing-security-and-operability-for-eks-cluster-907fb6b91f4a">a neat article with some good practices regarding security when configuraing an EKS cluster.

If you work with AWS and Kubernetes a lot, it won't give you any dramatic insights, but you could still use it as a checklist / cheat sheet when configuring a cluster, since it's easy to forget something when there are many moving parts.

#aws #kubernetes

CatOps

06 Nov 2023 13:33

​​For today’s Donations Monday I suggest supporting Pavlo and Naya, who are raising funds different equipment for the AFU.

This week their goal is to get 4 drones, 2 EcoFlows, and a thermal vision unit.

- Pavlo’s Requisites
- Naya’s Requisites

#donations #Ukraine

CatOps

18 Dec 2023 13:09

​​Protect the Sky fundraiser has 5% left to close its goal!

It was 10% two weeks ago, when I previously posted this fundraiser.

Thus, I believe it’s possible to close it before the end of the year!

#donations #Ukraine

CatOps

14 Dec 2023 13:23

An interesting read by Monzo about how they implemented Kubernetes Network Policies for 1.5k microservices.

There are some questionable parts in there, in my opinion. For example, why building your own tool to "guess" where an app connects to if you could use a network monitoring tool. However, those are not directly related to the main topic.

An interesting part is how folks in Monzo "reverted" the idea behind Network Policies using templating. So, instead of a target services allowing internal connections, a caller can specify the groups of services it wants to connect to.

Although, I think it partially negates the idea of Network Policies, I can completely understand, why Monzo did that from the UX perspective.

Also, here's a Reddit discussion on the topic. I love the top comment there:

 How would you even know that another team plans to connect your apps?
- By communicating...

CatOps

11 Dec 2023 14:01

​​Less than 10% left to fulfill the Protect the Sky fundraiser that Come Back Alive is doing together with Nova Posta.

This is a big one, but let’s pull out!

#donations #Ukraine

CatOps

09 Dec 2023 12:07

I haven’t participated in salary surveys by DOU because it was limited to people based in Ukraine. This limitation is lifted now.

Also, this time (not sure if it was always like this) salary survey comes together with the survey about the popularity of programming languages. It would be interesting to compare its results with the similar research by StackOverflow.

Yet, for the results to be representative, make sure to spend a couple of minutes and fill out the survey!

CatOps

05 Dec 2023 18:03

An opinionated article that claims that one has to keep all the dependencies in version control.

Now, I don’t have strong opinions here. On one hand the proposal in this article sounds extreme. On another hand, my team has quite a few Go projects and we use vendored modules there.

So, we actually keep the dependencies in VCS. As anything else, it has its pros and cons. I could build a project and run some isolated tests on a plane. But also it almost impossible to review a PR that touches that vendor/ directory.

The author points out that it’s Git’s fault that it’s not designed to work with large number of files and files of a large size. Yes, I’d ask for a reality check here, some Git is omnipresent these days.

#programming #git #opinion

CatOps

01 Dec 2023 12:00

A new episode of the CatOps Voice Chat is here!

This time we have talked about mentoring other people and some other topics.

You can find it on:

- YouTube
- Substack
- Spotify
- Apple Podcasts
- Google Podcasts

#voice #mentorship

CatOps

27 Nov 2023 17:03

​​You likely know that this weekend more than 70 Shahed drones were shot down.

It’s crucial to support Air Defense and Come Back Alive together with Nova Posta do just that!

Donate to strengthen the Air Defense. Currently, 84% of the total goal is reached.

#donations #Ukraine

CatOps

24 Nov 2023 14:57

​​git branches: intuition & reality - an explainer by Julia Evans.

#git

CatOps

21 Nov 2023 15:20

I think I have posted something like this before, but anyway...

Here's a two part story of how to optimize memory usage of a Go application just by reshuffling fields in structs.

Part one provides some theory on this matter, while part two has some benchmarking results.

I'm not trying to say that you should run and reshuffle fields in all your Go structs right now. Especially, if you're satisfied with the memory consumption of your app - sometimes it makes sense to optimize for readability or just store pointers in structs.

However, these articles describe some details of how memory allocation works in Go, which you may find interesting.

#programming #go

CatOps

18 Nov 2023 13:18

TemaBit (a part of Fozzy Group) TemaBitFozzyGroup/terraform-integration-at-temabit-fozzy-group-achieving-impactful-outcomes-5f534e67a78a">wrote an article on how to manage SonarQube with Terraform. They’ve also mentioned that they manage GitLab with Terraform, but without examples.

A nice quick read for weekend that shows that Terraform is not just for Infrastructure (i.e. cloud) but basically a thin glue code for providers that can manage whatever you want.

#terraform

CatOps

16 Nov 2023 12:28

Starting from February 1, 2024 AWS will charge their customers $0.005 per IP per hour

This number doesn't look huge without a perspective, however this might add some significant networking costs to some topologies. Thus, the best time to move your things into private subnets was a couple of years ago, the second best time is now.

#aws

CatOps

13 Nov 2023 10:52

​​It's getting colder, so I would like to remind you to support the Air Defence Forces!

You can do it by donating to the joint fundraiser by Nova Posta and Come Back Alive - Protect the Sky.

The goal is to raise 330M UAH ($8.9M) for Ukrainian Air Defence.

#donations #Ukraine

CatOps

11 Nov 2023 14:36

This article with a clickbait title got my attention recently. It was even translated in Ukrainian by one of the largest Ukrainian developers-oriented media.

The most interesting part of this article, in my opinion, isn’t its premise and even not the points that the author is making (some of those points are 5 years late, TBH). The thing that caught my attention was what the author chooses to compare Kubernetes to. And those are managed platforms like Heroku, etc.

This is interesting for a couple of reasons: first of all it seems like other orchestration solutions are out of the table already. Second, it reaffirms the statement of Viktor Farcic (you can find those in the Den Vasyliev’s blog). Basically, the idea is that in the future Kubernetes will “disappear”. Not in the sense that it will fade away, but in the same way hypervisors have “disappeared”. The majority of us use them today, but we rarely think about what virtualization powers our cloud instances, etc. In the same way at some point there will an extendable API that allows one to run workloads and whatever cluster technology is underneath would be a concern of a cloud provider.

#kubernetes

CatOps

07 Nov 2023 08:56

An article that could be a tweet (xeet?) but with more context.

tl;dr: avoid Helm hooks when possible.

I totally agree with the statement, yet an example in this article is rather weak. Anyways, if you need to have some imperative actions for your app, it’s always better to use higher level abstractions like ordering on the CD tool level or even an operator.

Having an init container that has access to the API is rather a security concern than a workaround.

#kubernetes

CatOps

02 Nov 2023 14:38

If you want to learn SQL, or you know somebody who wants (or should, lol), or you want to refresh your SQL skills, you can use interactive lessons on SQL Bolt.

They're simple, but good enough to get up to speed with the basics.

#databases