A delayed CatOps Digest is out!
You can find it here:
https://newsletter.catops.dev/p/catops-digest-2024-02-05
#digest #newsletter
You can find it here:
https://newsletter.catops.dev/p/catops-digest-2024-02-05
#digest #newsletter
newsletter.catops.dev
CatOps Digest 2024-02-05
What was on CatOps in the last couple of weeks...
Did you know that Isovalent (a company behind Cilium) has some amazing labs that can teach you about using Cilium, Hubble, and Tetragon.
The labs have multiple tracks, such as: platform, network, security, etc.
These labs also cover topics like the new
#kubernetes #networking #cilium #ebpf
The labs have multiple tracks, such as: platform, network, security, etc.
These labs also cover topics like the new
GatewayAPI
. Doing some of these labs tight now at #cfgmgmtcamp24 and love them so far!#kubernetes #networking #cilium #ebpf
Isovalent
Labs Resource Library - Isovalent
Get hands-on with Isovalent's labs and learn about eBPF, Cilium, network security, and more. Our labs provide step-by-step guides to help you understand and implement our solutions effectively. From getting started with Cilium to advanced use cases, our labs…
For today’s Donations Monday I’d like to remind you about Pavlo and Naya, who raise funds for drones and some telecom equipment for our defenders.
Now they have a neat page with all the requisites in one place.
#donations #Ukraine
Now they have a neat page with all the requisites in one place.
#donations #Ukraine
There was an interesting talk at CfgMgmtCamp 2024 about non blocking code reviews.
The good thing is that there’s also an article on this topic from the author
The general idea is that not all the code changes require a code review, especially when there are enough safety nets configured.
As a result, smaller code changes simply sit there and wait for be reviewed, which may take some time, especially in a remote setup.
The solution is to allow such changes as they are and add them to a backlog of pending reviews.
There are more details in the article. Also, here’s a picture from that presentation that kinda captures the spirit of this idea.
#programming #culture #devops
The good thing is that there’s also an article on this topic from the author
The general idea is that not all the code changes require a code review, especially when there are enough safety nets configured.
As a result, smaller code changes simply sit there and wait for be reviewed, which may take some time, especially in a remote setup.
The solution is to allow such changes as they are and add them to a backlog of pending reviews.
There are more details in the article. Also, here’s a picture from that presentation that kinda captures the spirit of this idea.
#programming #culture #devops
An overview of the progressive delivery principle by Buoyant.
There's also a comparison between Flagger and Argo Rollouts, which are probably the most famous (if not the only) tools designed for progressive delivery.
Now, Buoyant is the company behind Linkerd. So, obviously, their examples are based on Linkerd. However, you don't need any service mesh to adopt this technique. Service mesh will only help you with smarter traffic splitting.
Also, there's an error in this article: it claims that Flagger works with existing deployments, while Argo Rollouts requires its special CRD, which is only partially true. Argo Rollouts can also work with existing Deployment objects. So, in these regards, both tools are the same.
If you prefer a video format, I would also suggest watching a talk about progressive delivery by Carlos Sanchez at Fosdem 2024. There you can see Argo Rollouts in action.
#cicd
There's also a comparison between Flagger and Argo Rollouts, which are probably the most famous (if not the only) tools designed for progressive delivery.
Now, Buoyant is the company behind Linkerd. So, obviously, their examples are based on Linkerd. However, you don't need any service mesh to adopt this technique. Service mesh will only help you with smarter traffic splitting.
Also, there's an error in this article: it claims that Flagger works with existing deployments, while Argo Rollouts requires its special CRD, which is only partially true. Argo Rollouts can also work with existing Deployment objects. So, in these regards, both tools are the same.
If you prefer a video format, I would also suggest watching a talk about progressive delivery by Carlos Sanchez at Fosdem 2024. There you can see Argo Rollouts in action.
#cicd
buoyant.io
Flagger vs Argo Rollouts vs Service Meshes: A Guide to Progressive Delivery in Kubernetes
Progressive delivery is a vital tool for ensuring that new code is deployed safely to production with automated protections if things go wrong. Tools like Argo, Flux, and even service meshes like Linkerd provide different parts of the puzzle.
You might have heard that the WeaveWorks has gone out of business.
Yet, they did a right thing and open sourced their GitOps Enterprise product, which previously was only accessible to the paid customers.
#cicd #gitops
Yet, they did a right thing and open sourced their GitOps Enterprise product, which previously was only accessible to the paid customers.
#cicd #gitops
GitHub
GitHub - weaveworks/weave-gitops-enterprise: This repo provides the enterprise level features for the weave-gitops product, including…
This repo provides the enterprise level features for the weave-gitops product, including CAPI cluster creation and team workspaces. - weaveworks/weave-gitops-enterprise
Friday is a great day to listen to our latest voice chat!
This time we have discussed what would be the next big thing in operations. And of course, the whole conversation was very AI focused.
You can find the latest episode on:
- YouTube
- Spotify
- Apple Podcasts
- Google Podcasts
#voice_chat #ai
This time we have discussed what would be the next big thing in operations. And of course, the whole conversation was very AI focused.
You can find the latest episode on:
- YouTube
- Spotify
- Apple Podcasts
- Google Podcasts
#voice_chat #ai
YouTube
What would be the next big thing in Operations?
В цьому епізоді фантазуємо на тему того, що буде наступним великим зсувом в operatinos після cloud і kubernetes.
Ну і очевидно, все звелось до обговорення AI.
Матеріали, що згадуються у випуску:
- https://github.com/gpt-engineer-org/gpt-engineer
- htt…
Ну і очевидно, все звелось до обговорення AI.
Матеріали, що згадуються у випуску:
- https://github.com/gpt-engineer-org/gpt-engineer
- htt…
AI, AI everywhere…
… we could say after checking Ben Evans's presentation, where he's exploring macro and strategic trends in the tech industry for 2024.
Or we can say that it's still too early and error-prone. Or that we are not sure what we want and what possibilities it provides.
In any case, that is a good analytic, so take your time if you'd like to understand the current state of AI and its near future.
https://www.ben-evans.com/presentations
#ai
… we could say after checking Ben Evans's presentation, where he's exploring macro and strategic trends in the tech industry for 2024.
Or we can say that it's still too early and error-prone. Or that we are not sure what we want and what possibilities it provides.
In any case, that is a good analytic, so take your time if you'd like to understand the current state of AI and its near future.
https://www.ben-evans.com/presentations
#ai
A new issue of the CatOps digest is here! You can find it via:
https://newsletter.catops.dev/p/catops-digest-2024-02-18
#digest #newsletter
https://newsletter.catops.dev/p/catops-digest-2024-02-18
#digest #newsletter
newsletter.catops.dev
CatOps Digest 2024-02-18
What was on CatOps in the last few weeks…
A friend of mine is raising money for an FPV-drone Bomber Insomnia for defenders from the 119 separate brigade of Territorial Defence.
You can donate directly to this Monobank Jar: https://send.monobank.ua/jar/LmRuSA8dm
#Donations #Ukraine
You can donate directly to this Monobank Jar: https://send.monobank.ua/jar/LmRuSA8dm
#Donations #Ukraine
send.monobank.ua
Безпечний переказ коштів
Надсилайте безкоштовно та безпечно кошти
Linux Foundation has some discounts for its courses and certifications till the end of February. Including Kubernetes, ArgoCD, and Istio certifications.
They are still not cheap, but you can save up to 50%, which is nice.
#kubernetes #training #courses
They are still not cheap, but you can save up to 50%, which is nice.
#kubernetes #training #courses
Linux Foundation - Training
Promo Inactive - Linux Foundation - Training
Sign up for our newsletter to get updates on our latest promotions.
For you to know: the full Kubernetes CKS (certified security specialist) is available on YouTube. There are both theory and practice, but obviously you will need to take the exam separately.
#kubernetes
#kubernetes
YouTube
Kubernetes CKS Full Course Theory + Practice + Browser Scenarios
All you need for your Certified Kubernetes Security Specialist (CKS) preparation!
I will present each CKS topic in a simple and visual way. We'll run through various practical hands-on challenges.
You'll setup own CKS cluster in which you'll learn, simple…
I will present each CKS topic in a simple and visual way. We'll run through various practical hands-on challenges.
You'll setup own CKS cluster in which you'll learn, simple…
Some time ago I had a task to split the
So, I found this issue in the Helm’s repository. People were suggesting using AWK for that, but that didn’t work well for me at the time, so I opted out for YQ.
A couple of days ago someone left a comment to that issue that apparently there is a tool called Kubesplit that can do exactly that. So, feel free to use it if you need to achieve something similar to what I did.
#kubernetes
helm template
output into separate files per object.So, I found this issue in the Helm’s repository. People were suggesting using AWK for that, but that didn’t work well for me at the time, so I opted out for YQ.
A couple of days ago someone left a comment to that issue that apparently there is a tool called Kubesplit that can do exactly that. So, feel free to use it if you need to achieve something similar to what I did.
#kubernetes
GitHub
feature request: option in `helm template` to split output files when using {{ range }} · Issue #4680 · helm/helm
Hi When using helm template to generate static yaml files, and when using --output-dir , helm correctly generate multiple files according to source files.. would be useful if in I can add some hint...
Today marks the 2 year of the russian full-scale invasion of Ukraine.
Today there are going to be rallies in many cities around the globe.
You can find the list here:
https://ukrainianvictory.org/publications/announcement-pro-ukrainian-rallies-marking-the-second-anniversary-of-the-russian-invasion-updated/
Go there, take your family, take your friends, take your colleagues.
Remind you local politicians that war is not over and that there would be no peace in this world until ruzzia exists!
Today there are going to be rallies in many cities around the globe.
You can find the list here:
https://ukrainianvictory.org/publications/announcement-pro-ukrainian-rallies-marking-the-second-anniversary-of-the-russian-invasion-updated/
Go there, take your family, take your friends, take your colleagues.
Remind you local politicians that war is not over and that there would be no peace in this world until ruzzia exists!
International Center for Ukrainian Victory | ICUV
Announcement: Pro-Ukrainian Rallies Marking the Second Anniversary of the Russian Invasion (updated) - International Center for…
On February 24th, Ukrainians and supporters of Ukraine worldwide will mark the second anniversary of Russia’s full-scale invasion of Ukraine with mass actions. We will gather in city squares to raise awareness of the devastating war Ukraine is enduring. On…
For today’s Donations Monday I would like to remind you about Pavlo and Naya, who raise money on drones and telecommunication equipment.
P.S. Here’s a photo of a drone you helped to buy last week and it’s already on its way to the place.
P.S. Here’s a photo of a drone you helped to buy last week and it’s already on its way to the place.
Resend had a 12 hour outage on the 21st of February.
tl;dr:
> The database migration accidentally deleted data from production servers…
> … we performed a database migration command locally, but it incorrectly pointed to the production environment instead…
You can read it in more details is the article, but here are some of the action items from this postmortem:
- No accessible user role should have write privileges on the production database.
- Improve local development to reduce risks related to database migrations.
- Create redundancy to preserve sending function even during a database outage.
- Increase cadence for disaster recovery tests.
- Implement incident banner on Resend dashboard to inform users quickly.
So, I dunno, check your database. Maybe, you have such a risk as well.
Also, it’s kinda strange that people rarely talk about network isolation not only between their production and non-production environments, but also between their local environment and production. Make production access conscious. Put it on a separate role/VPN. Add some friction accessing it.
Moreover, for the love of god, validate your DB backups.
#postmortem #databases
tl;dr:
> The database migration accidentally deleted data from production servers…
> … we performed a database migration command locally, but it incorrectly pointed to the production environment instead…
You can read it in more details is the article, but here are some of the action items from this postmortem:
- No accessible user role should have write privileges on the production database.
- Improve local development to reduce risks related to database migrations.
- Create redundancy to preserve sending function even during a database outage.
- Increase cadence for disaster recovery tests.
- Implement incident banner on Resend dashboard to inform users quickly.
So, I dunno, check your database. Maybe, you have such a risk as well.
Also, it’s kinda strange that people rarely talk about network isolation not only between their production and non-production environments, but also between their local environment and production. Make production access conscious. Put it on a separate role/VPN. Add some friction accessing it.
Moreover, for the love of god, validate your DB backups.
#postmortem #databases
Resend
Incident report for February 21st, 2024 · Resend
Detailed postmortem of the outage on February 21st.
S3 cache for GitHub Actions - a drop-in replacement for the native GHA
I haven’t used it personally and I don’t have an AWS account to test it. This thing comes as a part of RunsOn - a solution to setup your self-hosted runners for GHA in AWS.
Might be worth checking if you want to bring your own worker nodes to GHA but don’t want the hustle configuring them.
#github #gha #cicd
cache
functionality that is technically unlimited because of S3.I haven’t used it personally and I don’t have an AWS account to test it. This thing comes as a part of RunsOn - a solution to setup your self-hosted runners for GHA in AWS.
Might be worth checking if you want to bring your own worker nodes to GHA but don’t want the hustle configuring them.
#github #gha #cicd
Runs-On
S3 cache for GitHub Actions
Use an S3 bucket as a cache backend for your actions, to enjoy faster download and upload speeds + unlimited cache sizes
Kubernetes: tracing requests with AWS X-Ray, and Grafana data source is a step-by-step guide on how to setup tracing in your EKS cluster using AWS X-Ray by Arseniy Zinchenko - a member of the Ukrainian DevOps community.
Also, make sure to subscribe to his Substack! He posts new things quite often and I have no idea where does he find time and willpower to do so 😅
#aws #kubernetes #observability
Also, make sure to subscribe to his Substack! He posts new things quite often and I have no idea where does he find time and willpower to do so 😅
#aws #kubernetes #observability
RTFM! DevOps[at]UA
Kubernetes: tracing requests with AWS X-Ray, and Grafana data source
Launching AWS X-Ray on AWS Elastic Kubernetes Service, creating a Python Flask with the AWS X-Ray SDK, and connecting a Grafana data source for X-Ray
I got a bit distracted in the recent days, so I make posts with delays.
Today we have a Donations Monday with a twist.
We are raising funds for two foundations at the same time:
- For NayTak for camouflage nets.
- For UA Responders an IVL and a defibrillator for medics from Kraken.
The twist is that you can win a remnant of an S-300 rocket (on the picture).
Every donation for >50 UAH is a chance to win!
You can donate on:
- a Monobank jar: https://send.monobank.ua/jar/5SizeGGzBM
- top up the card directly: 5375 4112 1191 0851
Please, add your contact details if you don’t use MonoBank for donations, so they know how to find you in case you win.
P.S. Tomorrow I will send a new newsletter issue, that I should’ve sent yesterday.
#Donations #Ukraine
Today we have a Donations Monday with a twist.
We are raising funds for two foundations at the same time:
- For NayTak for camouflage nets.
- For UA Responders an IVL and a defibrillator for medics from Kraken.
The twist is that you can win a remnant of an S-300 rocket (on the picture).
Every donation for >50 UAH is a chance to win!
You can donate on:
- a Monobank jar: https://send.monobank.ua/jar/5SizeGGzBM
- top up the card directly: 5375 4112 1191 0851
Please, add your contact details if you don’t use MonoBank for donations, so they know how to find you in case you win.
P.S. Tomorrow I will send a new newsletter issue, that I should’ve sent yesterday.
#Donations #Ukraine
A new issue of the CatOps digest is here!
I know it’s not Sunday today, but better late than sorry.
https://newsletter.catops.dev/p/catops-digest-2024-03-05
#digest #newsletter
I know it’s not Sunday today, but better late than sorry.
https://newsletter.catops.dev/p/catops-digest-2024-03-05
#digest #newsletter
newsletter.catops.dev
CatOps Digest 2024-03-05
What was on CatOps in the last couple of weeks...
I know that many folks have a mix of corporate and private repositories on their laptops. By private, I mean their small projects,
Here's an interesting guide on one of the ways of how to keep separate users (email, signing key, name) for different repositories.
This would also work if you have repositories backed by different provides. For example, if you need to push to both GitHub and GitLab and use different SSH keys for that.
Here's a condensed version of this article on StackOverflow.
#git
dotfiles
repo, forks of public repositories, etc.Here's an interesting guide on one of the ways of how to keep separate users (email, signing key, name) for different repositories.
This would also work if you have repositories backed by different provides. For example, if you need to push to both GitHub and GitLab and use different SSH keys for that.
Here's a condensed version of this article on StackOverflow.
#git
DEV Community
Multiple Identity Gitconfig (with GPG signing)
Have you ever had these problems like I did? You work with multiple groups or companies, or you wan...