Not so long since the previous book bundle and now we have a “Cloud Infrastructure & Operations” bundle by O’Reilly.

This bundle contains books on Kubernetes, distributed apps, tracing, database reliability in the cloud and so on. One of the book in this bundle is the one, I’m reading at the moment actually - “Implementing Service Level Objectives” 😄 It’s an Ok book. Definitely not a mustread, but good to check if you’re working on SLOs at the moment.

#books

Beware that there’s an issue with DNS in Kubernetes 1.25.0 (therefore k3s has it as well) and Alpine (musl).

So, first of all: it’s always DNS. Secondly, it seems like Kubernetes 1.25.1 has a fix for this. So, you may want to jump straight to that version and skip 1.25.0 all together.

Frankly, you probably always should jump to the first patch version if you want to play safe.

Another thing is that this is not the first time when musl specifically is affected. So again, if you want to play safe, it’s probably better to use “slim”, “distroless”, or “scratch” images.

#kubernetes #dns

Sup!

In less than an hour we are having a voice chat, where we are going to talk a bit about the engineering management and it’s relations with the DevOps methodology.

Here’s the participant’s link: https://news.1rj.ru/str/catops_chat?videochat

See you there!

P.S. I’ll drop one more message here, once we start.

A new issue of the CatOps Newsletter is now live on Substack!

#newsletter

DoorDash has written a nice article about them leveraging policies-as-code for Terraform with Atlantis. They are using OPA with Conftest for that.

For me the interesting part was the idea to keep the policies in an S3 bucket for Atlantis. It looks a bit over complicated (why not store them just in Git?), but I don’t have much experience with Atlantis, so I dunno.

Also, there’s this passage that can make a grownup man cry:

> The core-infra team engineers soon became full-time code reviewers for all the changes that were needed to keep the platform from breaking.

#terraform #atlantis #opa

​Terraform 1.3.1 released, which means we are now safe to use 1.3.x, where optional() feature in variables is GA:

variable "with_optional_attribute" {
  type = object({
    a = string                # a required attribute
    b = optional(string)      # an optional attribute
    c = optional(number, 127) # an optional attribute with a default value
  })
}

More here - https://github.com/hashicorp/terraform/releases/tag/v1.3.0

#terraform

I’ve decided to clean up my old saved articles a little bit. So, here’s Charity Major’s take on “the trap of prematurely senior engineer”.

It’s kinda old, but age is irrelevant on that matter, in my opinion.

In nutshell, this is the same argument about “if you’re the smartest person in a room, you’re in a wrong room”. Yet, with a better wording. Sometimes it’s very appealing to be “the smartest person”, but it also could be a trap. I like it, when it’s put this way.

#culture

It looks like Linkerd is also removing a proxy from its architecture.

The proxy is supposed to be replaced with eBPF:

https://twitter.com/wm/status/1577081662848241664?s=46&t=Z1tocg3BTRFKNSGBmvzLOw

#kubernetes #networking #linkerd

A couple of good and bad practices collections for Ansible.

Even though configuration management topic is not that hot nowadays, many people use configuration management tools in their daily jobs. Hence, I think such topics are valuable.

- An official list by RedHat
- An opinionated list
- A discussion on Reddit about the second list

#ansible #cfg_mgmt

There were too many overwhelming news yesterday.

So, a couple of things I want to share:
- A new issue of the CatOps newsletter is out
- I’m almost done with the processing of our recent voice chat audio. Expect it to be released in upcoming days!
- Keep supporting the Ukrainian military. As always you can find links to reliable foundations in the URL buttons below each post.

Have a safe week!

As promised, a recording of our conversation with Oleks Maistrenko (in Ukrainian) is available on YouTube as well as on the major podcast platforms such as Anchor, Spotify, Apple Podcasts, and Google Podcasts.

We’ve talked about engineering management, what types of manager are out there, how can one become a manager, and even more important, what makes one a good manager.

Even though it’s on YouTube, this is just audio. So, you can listen to it in the background.

Let me know if you like the idea of inviting different people to make recorded voice chats! I can try to figure out something about it. And in the meantime, you can donate some money to the Armed Forces of Ukraine or various volunteer organizations.

#говорилка #management

An interesting comparison between Grafana Mimir and VictoriaMetrics by VictoriaMetrics team.

This article is particularly interesting, because they also describe the test setup. Therefore, one can try to re-produce the test results.

This benchmark was inspired by the original report from Grafana, when they have scaled Mimir to 1 billion active series

#observability #victoriametrics #grafana #mimir

Howdy folks, my colleague Vlad (DevOps Engineer) needs a car for the 128th brigade where he serves.

Volkswagen T4/T5

> We need a car for unfolding/folding communication nodes.
> For example this https://auto.ria.com/auto_volkswagen_t5_transporter_pass_33307692.html

Link to the MonoBank jar: https://send.monobank.ua/jar/AfWQTNoK5w

Bank card number:
5375 4112 0077 9804

Thank you for your support.

​HUG Kyiv #15: Terraform

What:
- How (not) to test terraform.
- Helm charts in TF, good together :)

Who:
- Vsevolod Polyakov, SRE engineer @ Let's Enhance, founder of ukrops.club and author of @UkropsDigest.
- Oleksiy Kraevy, Senior DevOps engineer @ YayPay, a DevOps switcher from telecom, currently at a fin-tech startup on AWS.

When: Tuesday 25th October, 19:00 (Kyiv TZ)
Where: Online
Language: Ukrainian

Please, register here

#event

A blog post by Charity Majors about Platform Engineering as a next generation of OPS-ish work.

She also created a table of skills, or rather skills differences, between Platform engineers and DevOps engineers. I don’t fully agree with all those differences, but I’m not quite sure yet, is it because I’m not fully onboarded yet to the concept of Platform Engineering or I just generally disagree.

Anyways, if you need a single-sentence summary of the Platform Engineering, let it be this one:

One of the key principles of any developer platform is that it should be easy to do the right things, and hard to do the wrong things.

#culture #platform_engineering

A blog post by The Duckbill’s Group CEO Mike Julian with an ambitious noscript: “Why Cloud Finance Is Broken and Ineffective”.

The Duckbill’s Group is a consultant company that helps its customers to reduce their cloud spendings. Mostly in AWS (frankly, I’m not sure if they work with other clouds).

Despite the ambitious noscript, this article advocates for a very simple idea: “the cost of a cloud is a matter of architecture”. Yes, you can apply AWS savings plans to reduce the cost, you can obviously terminate dangling instances and volumes. It all contributes to your savings, but still the most important part is the architecture.

There’s also a linked article in the same blog that clarifies a bit this thesis as well as provides some practical insights into how to think about your architecture as a cost center.

The second article is AWS-specific, but the first one basically applies to any cloud.

#cloud #money #aws

Do you prefer understandable diagrams to tons of text?

C4 model - describe principles for creating architecture diagrams and how to be sure that they will be useful and readable.

The site includes talk, which is so amazing, that I propose you spend 35min on it.

One of the mentioned tools in the talk is Structurizr. We start adopting that tool a few weeks ago and the final results look pretty nice.

And yes, Structurizr is more powerful than Mermaid, but do not work in plain markdown.

#documentation

The new issue of the CatOps Newsletter is live!

#newsletter

​​HUG Kyiv #15: Terraform will start in a few hours

When: Tuesday 25th October, 19:00 (Kyiv TZ)
Where: Online
Language: Ukrainian

Youtube - https://youtu.be/S3LeJUhkJMw
Zoom - https://www.meetup.com/kyiv-hashicorp-user-group/events/288776938/

A nice article by a friend of mine on how to replace GNU Make with Invoke and Python. The nice part is that it goes beyond some simple “Hello world” examples.

I think using a tool like Invoke or Rake is beneficial. Yet, I still use GNU Make in many places mostly because it’s available almost everywhere out of the box.

As a bonus you can also check out the Task tool - yet another task automation tool written in Go. It uses YAML for configuration, therefore it’s declarative, but you know… YAML. Also, using a full fledged programming language obviously provides more features and flexibility.

#make #iac #automation

A list of security tools for AWS. It has both defensive and offensive as well as auditing tools.

This list is really huge, so I’m pretty sure that if you’re working on hardening your AWS setup, you’ll find something interesting for you there.

#security #aws