And today we have a digest of comparisons:

- Istio 1.5.0 and Linkerd 2.7.1
- Promscale vs VictoriaMetrics
- Benchmark results of Kubernetes network plugins
- Vim vs Emacs

#digest

Recent Google incident post-mortem: https://status.cloud.google.com/incident/zall/20013#20013004

tl;dr: wrong quota applied to the Google User ID Service

#postmortem

An article on why on site coding assessment doesn't fit for hiring senior engineers

I personally tend to agree that live coding sessions are not good. If you want to check their coding skills, give them a home assignment or ask for a public example if they have one.

#culture

Old but good speech "Am I a brilliant jerk?" by Justin Becker from Netflix

#culture

New Year eve is a time for predictions for upcoming trends. Here are predictions by Werner Vogels - CTO at AWS:

- More and more businesses move to the cloud
- Rise of the Machine Learning
- Pictures, video, and audio will speak more than words
- Technology will affect the offline (how we build cities and interact with each other)
- Remote learning earns its place in education
- Quantum Computing starts to bloom
- In 2021 and beyond space will be the area of some greatest advancements

​​Also, the CatOps team interviewed some experts and they predict that the next HUG Kyiv will be on the 26th of January!

So, have a good holiday and come to the event with new strength.
And you can join as a speaker - for this write to @maxymvlasov

#event

Ex-product manager at Google on why GCP lost the race to AWS & Azure

tl;dr: in the business world better sales & marketing beats the better tech

#google #cloud

Happy New Year!

Stay safe and happy!

Thank you being with us 🎉🎉🎉

Yet another DevOps roadmap.

Might be interesting for those who just want to start their career path in this field.

However, I have a strong opinion that the only sane way to excel in a "hybrid specialization" is to get into one of "pure specializations" first. I.e. if you want to become SRE, start with operations, get familiar with it and then learn the Dev part. Alternatively, as a developer start to interest yourself in operations.

Your career is a marathon, not a sprint.

#culture #roadmap

Очень полезный маленький гайд по очередям. Прочитайте, чтобы не изобретать свои https://sudhir.io/the-big-little-guide-to-message-queues/

A Medium post with some benchmarks of gp2 vs gp3 AWS volumes

Putting it into the author's words: "There is no such thing as free lunch". You have cosider tradeoffs. When you're getting cheaper disks, you may see lower performance. This is not a critical issue, this is something you have to always keep in mind.

#aws

How GitOps Improves the Security of Your Development Pipelines

Наткнулся на свежую статью, приводящую примеры того, как методология GitOps может улучшить безопасность вашей среды. К основным примерам относятся аудит и ограничение доступа CI/CD системы. Про проблемы классического подхода DevOps и решения GitOps также можно прочитать в статьях:

- How secure is your CICD pipeline?
- How GitOps Raises the Stakes for Application Security

Однако, как и везде, есть подводные камни. Хорошая статья на тему рисков, связанных с GitOps:

- Securing GitOps Pipeline

В основном здесь все сводится к угрозам системы контроля версий, но не стоит также забывать про RBAC. Ведь, несмотря на широкое ограничение доступа согласно методологии, оператор GitOps все еще может стать отправной точкой для злоумышленника. Еще одна проблема - сильная зависимость от кода и уход от подходов, связанных с контролем Run-time через тот же OPA. Как показывает практика, статические анализаторы далеко не всегда хороши в определении полной картины проблем, связанных с ИБ.

Пока комьюнити ищет золотую середину в подходах, предлагаю вам также прочитать следующий материал:

- GitOps Security with k8s-security-configwatch by Sysdig
- Access Control & Security (GitOps and Kubernetes Book) (у кого есть полная версия книги, буду рад почитать)

Кстати, если вы не знакомы с методологией, то мне нравится перевод от Flant.

#ops #k8s

Move over, Bashsible. Bashernets is the next in line!

#kubernetes #bash

A list of blogs about Go programming language rated by writing quality, technical depth, and usefulness.

Also, here on Reddit people are suggesting even more online resources.

#go #programming

A basic introduction into strategic planning and Wardley mapping by Simon Wardley himself:

- Read on Twitter
- Read on UnrollApp

#culture

My former collegue created a tool to set arbitrary tags for AWS EBS volumes, which are created by Kubernetes Persistent Volume Claims

#aws #kubernetes

​​​​​​​​​​HUG Kyiv #11: Terraform is comming!

Program:
- Nicolai Antiferov will tell about
Non-obvious things with a lock file in Terraform 0.14
- And Anton Babenko with 5+ Ways to Know the Cost of AWS Infrastructure Using Terraform.

Will be 26th Jan, 19:00 (Kyiv TZ) in Zoom and YouTube
Link accessible after registration

#event

​​Some feedback on an upgrade to Terraform 0.14 by Patrick Picard.

Apart from provider configuration, this article focuses on the new sensitive output feature and some possible issues with it.

#terraform #hashicorp

​​I've been looking forward to reading "It Doesn't Have to Be Crazy at Work for a while now. And today it's discounted on Amazon US for only $2.99!

#books

​​Two day ago was HUG Kyiv #11, and here is record and slides (links in denoscription)

Enjoy!

#slides