CatOps Voice chats on Thursdays aka “Говорилка CatOps” are back!

And I’d like to make this comeback a little bit special. Therefore, next Thursday, the 22nd of September, we are having a special edition of our voice chat with a recording.

We’ll speak with Oleks Maistrenko - a co-host of the famous DOU Podcast and a host of its chapter dedicated to the engineering management.

We will talk about engineering management, DevOps, and other stuff. You can also ask your question in Slido and, of course, you’re more than welcome to join us live on the 22nd of September at 20:00 (Kyiv time) in the CatOps Chat!

~See~ hear you there!

#говорилка

Uber apparently has been hacked.

There are not many details in the mainstream tech press, as well as there’s no official write up yet, only a tweet about the incident.

However, here’s an interesting Twitter thread about the scope of the attack (the scope is huge!).

If you rather prefer a web page view, here’s the same thread via Unroll app.

The key takeaways from that thread:
- Rely on MFA protected from phishing such as hardware keys
- Pay as much attention to your internal network as to the public facing interfaces

#security

IAM Policy Validator for Terraform can validate your IAM policies written in Terraform against best practices.

It uses AWS IAM Access Analyzer, therefore you need to grant it respective permissions to access this service. On the good side, unlike isolated tools, you don’t have to rely on the tool’s developers to update the validation policies. Everything comes from AWS itself.

#aws #terraform

Yet another small collection of tutorials. Hopefully, you will be able to find something useful for you there!

- 90DaysOfDevOps - a tutorial with a little bit of everything.
- 100daysofdevops - a collection of Medium articles on AWS things.
- 100DaysOfCloudIdeas - a list of challenges to get yourself familar with the cloud. Has challenges for AWS, Azure, and GCP.
- AWS Skill Builder - an official collection of AWS tutorials, some of which are free.
- AWS Ramp-Up Guides - official AWS guides.
- Fast-Kubernetes - a list of labs to get yourself familiar with Kubernetes (I’ve already posted it before).

#tutorials #guides #learn

Just a friendly that this Thursday we are having a voice chat with Oleks Maistrenko - a co-host of the DOU Podcast and the host of the new podcast “Going Beyond Development” about engineering management.

We will talk about engineering management, devops, and other stuff. Join us live this Thursday at 20:00 (Kyiv time).

Link to the voice chat (currently inactive): https://news.1rj.ru/str/catops_chat?videochat

Also, you can ask your question via this form in SliDo.

See you there!

P.S. I had an idea of raising some funds for Ukrainian Army during our chat, but then realized that we can do that without an intermediate person. So, I would appreciate your donations to any foundation or charity of your choice. From my side, I can recommend some people, who are not that famous, but whom I know in person and therefore trust them:

- Pavlo and Naya are collecting funds for drones and radios. You can find their contacts here (Pavlo’s) or here (Nastia’s)

- UA Responders - a foundation that is specialized on tactical medicine. My wife helps them with some media topics and my schoolmate takes care of the logistics there. This foundation also has an account in Poland, so may be easier to transfer money for those abroad.

And remember: there is no such thing as too small donation!

Not so long since the previous book bundle and now we have a “Cloud Infrastructure & Operations” bundle by O’Reilly.

This bundle contains books on Kubernetes, distributed apps, tracing, database reliability in the cloud and so on. One of the book in this bundle is the one, I’m reading at the moment actually - “Implementing Service Level Objectives” 😄 It’s an Ok book. Definitely not a mustread, but good to check if you’re working on SLOs at the moment.

#books

Beware that there’s an issue with DNS in Kubernetes 1.25.0 (therefore k3s has it as well) and Alpine (musl).

So, first of all: it’s always DNS. Secondly, it seems like Kubernetes 1.25.1 has a fix for this. So, you may want to jump straight to that version and skip 1.25.0 all together.

Frankly, you probably always should jump to the first patch version if you want to play safe.

Another thing is that this is not the first time when musl specifically is affected. So again, if you want to play safe, it’s probably better to use “slim”, “distroless”, or “scratch” images.

#kubernetes #dns

Sup!

In less than an hour we are having a voice chat, where we are going to talk a bit about the engineering management and it’s relations with the DevOps methodology.

Here’s the participant’s link: https://news.1rj.ru/str/catops_chat?videochat

See you there!

P.S. I’ll drop one more message here, once we start.

A new issue of the CatOps Newsletter is now live on Substack!

#newsletter

DoorDash has written a nice article about them leveraging policies-as-code for Terraform with Atlantis. They are using OPA with Conftest for that.

For me the interesting part was the idea to keep the policies in an S3 bucket for Atlantis. It looks a bit over complicated (why not store them just in Git?), but I don’t have much experience with Atlantis, so I dunno.

Also, there’s this passage that can make a grownup man cry:

> The core-infra team engineers soon became full-time code reviewers for all the changes that were needed to keep the platform from breaking.

#terraform #atlantis #opa

​Terraform 1.3.1 released, which means we are now safe to use 1.3.x, where optional() feature in variables is GA:

variable "with_optional_attribute" {
  type = object({
    a = string                # a required attribute
    b = optional(string)      # an optional attribute
    c = optional(number, 127) # an optional attribute with a default value
  })
}

More here - https://github.com/hashicorp/terraform/releases/tag/v1.3.0

#terraform

I’ve decided to clean up my old saved articles a little bit. So, here’s Charity Major’s take on “the trap of prematurely senior engineer”.

It’s kinda old, but age is irrelevant on that matter, in my opinion.

In nutshell, this is the same argument about “if you’re the smartest person in a room, you’re in a wrong room”. Yet, with a better wording. Sometimes it’s very appealing to be “the smartest person”, but it also could be a trap. I like it, when it’s put this way.

#culture

It looks like Linkerd is also removing a proxy from its architecture.

The proxy is supposed to be replaced with eBPF:

https://twitter.com/wm/status/1577081662848241664?s=46&t=Z1tocg3BTRFKNSGBmvzLOw

#kubernetes #networking #linkerd

A couple of good and bad practices collections for Ansible.

Even though configuration management topic is not that hot nowadays, many people use configuration management tools in their daily jobs. Hence, I think such topics are valuable.

- An official list by RedHat
- An opinionated list
- A discussion on Reddit about the second list

#ansible #cfg_mgmt

There were too many overwhelming news yesterday.

So, a couple of things I want to share:
- A new issue of the CatOps newsletter is out
- I’m almost done with the processing of our recent voice chat audio. Expect it to be released in upcoming days!
- Keep supporting the Ukrainian military. As always you can find links to reliable foundations in the URL buttons below each post.

Have a safe week!

As promised, a recording of our conversation with Oleks Maistrenko (in Ukrainian) is available on YouTube as well as on the major podcast platforms such as Anchor, Spotify, Apple Podcasts, and Google Podcasts.

We’ve talked about engineering management, what types of manager are out there, how can one become a manager, and even more important, what makes one a good manager.

Even though it’s on YouTube, this is just audio. So, you can listen to it in the background.

Let me know if you like the idea of inviting different people to make recorded voice chats! I can try to figure out something about it. And in the meantime, you can donate some money to the Armed Forces of Ukraine or various volunteer organizations.

#говорилка #management

An interesting comparison between Grafana Mimir and VictoriaMetrics by VictoriaMetrics team.

This article is particularly interesting, because they also describe the test setup. Therefore, one can try to re-produce the test results.

This benchmark was inspired by the original report from Grafana, when they have scaled Mimir to 1 billion active series

#observability #victoriametrics #grafana #mimir

Howdy folks, my colleague Vlad (DevOps Engineer) needs a car for the 128th brigade where he serves.

Volkswagen T4/T5

> We need a car for unfolding/folding communication nodes.
> For example this https://auto.ria.com/auto_volkswagen_t5_transporter_pass_33307692.html

Link to the MonoBank jar: https://send.monobank.ua/jar/AfWQTNoK5w

Bank card number:
5375 4112 0077 9804

Thank you for your support.

​HUG Kyiv #15: Terraform

What:
- How (not) to test terraform.
- Helm charts in TF, good together :)

Who:
- Vsevolod Polyakov, SRE engineer @ Let's Enhance, founder of ukrops.club and author of @UkropsDigest.
- Oleksiy Kraevy, Senior DevOps engineer @ YayPay, a DevOps switcher from telecom, currently at a fin-tech startup on AWS.

When: Tuesday 25th October, 19:00 (Kyiv TZ)
Where: Online
Language: Ukrainian

Please, register here

#event

A blog post by Charity Majors about Platform Engineering as a next generation of OPS-ish work.

She also created a table of skills, or rather skills differences, between Platform engineers and DevOps engineers. I don’t fully agree with all those differences, but I’m not quite sure yet, is it because I’m not fully onboarded yet to the concept of Platform Engineering or I just generally disagree.

Anyways, if you need a single-sentence summary of the Platform Engineering, let it be this one:

One of the key principles of any developer platform is that it should be easy to do the right things, and hard to do the wrong things.

#culture #platform_engineering

A blog post by The Duckbill’s Group CEO Mike Julian with an ambitious noscript: “Why Cloud Finance Is Broken and Ineffective”.

The Duckbill’s Group is a consultant company that helps its customers to reduce their cloud spendings. Mostly in AWS (frankly, I’m not sure if they work with other clouds).

Despite the ambitious noscript, this article advocates for a very simple idea: “the cost of a cloud is a matter of architecture”. Yes, you can apply AWS savings plans to reduce the cost, you can obviously terminate dangling instances and volumes. It all contributes to your savings, but still the most important part is the architecture.

There’s also a linked article in the same blog that clarifies a bit this thesis as well as provides some practical insights into how to think about your architecture as a cost center.

The second article is AWS-specific, but the first one basically applies to any cloud.

#cloud #money #aws