There were too many overwhelming news yesterday.

So, a couple of things I want to share:
- A new issue of the CatOps newsletter is out
- I’m almost done with the processing of our recent voice chat audio. Expect it to be released in upcoming days!
- Keep supporting the Ukrainian military. As always you can find links to reliable foundations in the URL buttons below each post.

Have a safe week!

As promised, a recording of our conversation with Oleks Maistrenko (in Ukrainian) is available on YouTube as well as on the major podcast platforms such as Anchor, Spotify, Apple Podcasts, and Google Podcasts.

We’ve talked about engineering management, what types of manager are out there, how can one become a manager, and even more important, what makes one a good manager.

Even though it’s on YouTube, this is just audio. So, you can listen to it in the background.

Let me know if you like the idea of inviting different people to make recorded voice chats! I can try to figure out something about it. And in the meantime, you can donate some money to the Armed Forces of Ukraine or various volunteer organizations.

#говорилка #management

An interesting comparison between Grafana Mimir and VictoriaMetrics by VictoriaMetrics team.

This article is particularly interesting, because they also describe the test setup. Therefore, one can try to re-produce the test results.

This benchmark was inspired by the original report from Grafana, when they have scaled Mimir to 1 billion active series

#observability #victoriametrics #grafana #mimir

Howdy folks, my colleague Vlad (DevOps Engineer) needs a car for the 128th brigade where he serves.

Volkswagen T4/T5

> We need a car for unfolding/folding communication nodes.
> For example this https://auto.ria.com/auto_volkswagen_t5_transporter_pass_33307692.html

Link to the MonoBank jar: https://send.monobank.ua/jar/AfWQTNoK5w

Bank card number:
5375 4112 0077 9804

Thank you for your support.

​HUG Kyiv #15: Terraform

What:
- How (not) to test terraform.
- Helm charts in TF, good together :)

Who:
- Vsevolod Polyakov, SRE engineer @ Let's Enhance, founder of ukrops.club and author of @UkropsDigest.
- Oleksiy Kraevy, Senior DevOps engineer @ YayPay, a DevOps switcher from telecom, currently at a fin-tech startup on AWS.

When: Tuesday 25th October, 19:00 (Kyiv TZ)
Where: Online
Language: Ukrainian

Please, register here

#event

A blog post by Charity Majors about Platform Engineering as a next generation of OPS-ish work.

She also created a table of skills, or rather skills differences, between Platform engineers and DevOps engineers. I don’t fully agree with all those differences, but I’m not quite sure yet, is it because I’m not fully onboarded yet to the concept of Platform Engineering or I just generally disagree.

Anyways, if you need a single-sentence summary of the Platform Engineering, let it be this one:

One of the key principles of any developer platform is that it should be easy to do the right things, and hard to do the wrong things.

#culture #platform_engineering

A blog post by The Duckbill’s Group CEO Mike Julian with an ambitious noscript: “Why Cloud Finance Is Broken and Ineffective”.

The Duckbill’s Group is a consultant company that helps its customers to reduce their cloud spendings. Mostly in AWS (frankly, I’m not sure if they work with other clouds).

Despite the ambitious noscript, this article advocates for a very simple idea: “the cost of a cloud is a matter of architecture”. Yes, you can apply AWS savings plans to reduce the cost, you can obviously terminate dangling instances and volumes. It all contributes to your savings, but still the most important part is the architecture.

There’s also a linked article in the same blog that clarifies a bit this thesis as well as provides some practical insights into how to think about your architecture as a cost center.

The second article is AWS-specific, but the first one basically applies to any cloud.

#cloud #money #aws

Do you prefer understandable diagrams to tons of text?

C4 model - describe principles for creating architecture diagrams and how to be sure that they will be useful and readable.

The site includes talk, which is so amazing, that I propose you spend 35min on it.

One of the mentioned tools in the talk is Structurizr. We start adopting that tool a few weeks ago and the final results look pretty nice.

And yes, Structurizr is more powerful than Mermaid, but do not work in plain markdown.

#documentation

The new issue of the CatOps Newsletter is live!

#newsletter

​​HUG Kyiv #15: Terraform will start in a few hours

When: Tuesday 25th October, 19:00 (Kyiv TZ)
Where: Online
Language: Ukrainian

Youtube - https://youtu.be/S3LeJUhkJMw
Zoom - https://www.meetup.com/kyiv-hashicorp-user-group/events/288776938/

A nice article by a friend of mine on how to replace GNU Make with Invoke and Python. The nice part is that it goes beyond some simple “Hello world” examples.

I think using a tool like Invoke or Rake is beneficial. Yet, I still use GNU Make in many places mostly because it’s available almost everywhere out of the box.

As a bonus you can also check out the Task tool - yet another task automation tool written in Go. It uses YAML for configuration, therefore it’s declarative, but you know… YAML. Also, using a full fledged programming language obviously provides more features and flexibility.

#make #iac #automation

A list of security tools for AWS. It has both defensive and offensive as well as auditing tools.

This list is really huge, so I’m pretty sure that if you’re working on hardening your AWS setup, you’ll find something interesting for you there.

#security #aws

It looks like on Tuesday, Nov 1st, we will need to patch OpenSSL 3.x.x.

A critical vulnerability has been found in OpenSSL versions 3.0.0 through 3.0.6. So, older version are likely not affected by this problem.

Yet, Ubuntu 22.04 and RHEL 9.x have OpenSSL 3.x.x, hence require an upgrade.

The same news from another source.

#security

Humble Bundle has a new collection of Ops courses by Pluralsight.

This is a bundle of 20 items that together cost ~€31. And it has courses for different topics like Kubernetes, Terraform, cloud technologies, etc.

#courses #humblebundle

The whole purpose of managed services is that you don’t need to care much about many things except costs. Yet, cost management could be tricky in the cloud.

Obviously, there are many consultants and services that build their business model by helping people to save some bucks.

However, there are also community solutions.

For example, here’s a community calculator for AWS VPN and a similar calculator for Google Cloud VPN.

Bonus: Reddit discussion about the Google Cloud VPN Costs calculator.

#aws #gcp #costs #networking

There's gonna be a couple of posts today, so here's the first one.

AWS now allows one to transfer Elastic IPs between AWS accounts.

That's it. These are the news. However, it's a significant change especially for those, who are in process of re-design their cloud architecture.

#aws

So, recently I posted about the TLS vulnerability that was patched on the 1st of November.

Here someone gathered the list of affected operation systems and patched version references

Make sure to check if you’re covered!

#security #tls

A nice technical article about volume snapshots in Kubernetes.

Kubernetes has a snapshot-controller with vendor-independent API. This article explains what are the benefits of using snapshots as well as provides several use case scenarios with configuration examples.

#kubernetes

Bi-weekly issue of the CatOps Digest is out!
You can check it out on Substack.

#newsletter

pgdump-aws-lambda is a ready-to-use Lambda function that creates a dump of your PostgreSQL database and streams it it S3.

There is already a native way to backup RDS databases. However, I can see a couple of use cases for this tool. For example:
- Backup databases that run on plain EC2 machines. I’m not sure if anyone does it today, but I worked in a company that did.
- Backup databases located outside AWS in case of hybrid setups. Obviously, it’s going to be challenging to configure such interconnection in a secure and reliable way, but if you’re using a hybrid setup, you already know what am I talking about.
- Use this Lambda function as a blueprint and extend its functionality. For example, obfuscate certain fields to create a non-production DB for tests, etc.

TBH, I’m not sure how it’s going to work with the 15 minutes hard limit for execution time for Lambdas, but you won’t find out unless you try, I guess.

So overall, an interesting project that I won’t likely use myself, but it might be fun to play with.

#databases #aws #serverless