​​HUG Kyiv #15: Terraform will start in a few hours

When: Tuesday 25th October, 19:00 (Kyiv TZ)
Where: Online
Language: Ukrainian

Youtube - https://youtu.be/S3LeJUhkJMw
Zoom - https://www.meetup.com/kyiv-hashicorp-user-group/events/288776938/

A nice article by a friend of mine on how to replace GNU Make with Invoke and Python. The nice part is that it goes beyond some simple “Hello world” examples.

I think using a tool like Invoke or Rake is beneficial. Yet, I still use GNU Make in many places mostly because it’s available almost everywhere out of the box.

As a bonus you can also check out the Task tool - yet another task automation tool written in Go. It uses YAML for configuration, therefore it’s declarative, but you know… YAML. Also, using a full fledged programming language obviously provides more features and flexibility.

#make #iac #automation

A list of security tools for AWS. It has both defensive and offensive as well as auditing tools.

This list is really huge, so I’m pretty sure that if you’re working on hardening your AWS setup, you’ll find something interesting for you there.

#security #aws

It looks like on Tuesday, Nov 1st, we will need to patch OpenSSL 3.x.x.

A critical vulnerability has been found in OpenSSL versions 3.0.0 through 3.0.6. So, older version are likely not affected by this problem.

Yet, Ubuntu 22.04 and RHEL 9.x have OpenSSL 3.x.x, hence require an upgrade.

The same news from another source.

#security

Humble Bundle has a new collection of Ops courses by Pluralsight.

This is a bundle of 20 items that together cost ~€31. And it has courses for different topics like Kubernetes, Terraform, cloud technologies, etc.

#courses #humblebundle

The whole purpose of managed services is that you don’t need to care much about many things except costs. Yet, cost management could be tricky in the cloud.

Obviously, there are many consultants and services that build their business model by helping people to save some bucks.

However, there are also community solutions.

For example, here’s a community calculator for AWS VPN and a similar calculator for Google Cloud VPN.

Bonus: Reddit discussion about the Google Cloud VPN Costs calculator.

#aws #gcp #costs #networking

There's gonna be a couple of posts today, so here's the first one.

AWS now allows one to transfer Elastic IPs between AWS accounts.

That's it. These are the news. However, it's a significant change especially for those, who are in process of re-design their cloud architecture.

#aws

So, recently I posted about the TLS vulnerability that was patched on the 1st of November.

Here someone gathered the list of affected operation systems and patched version references

Make sure to check if you’re covered!

#security #tls

A nice technical article about volume snapshots in Kubernetes.

Kubernetes has a snapshot-controller with vendor-independent API. This article explains what are the benefits of using snapshots as well as provides several use case scenarios with configuration examples.

#kubernetes

Bi-weekly issue of the CatOps Digest is out!
You can check it out on Substack.

#newsletter

pgdump-aws-lambda is a ready-to-use Lambda function that creates a dump of your PostgreSQL database and streams it it S3.

There is already a native way to backup RDS databases. However, I can see a couple of use cases for this tool. For example:
- Backup databases that run on plain EC2 machines. I’m not sure if anyone does it today, but I worked in a company that did.
- Backup databases located outside AWS in case of hybrid setups. Obviously, it’s going to be challenging to configure such interconnection in a secure and reliable way, but if you’re using a hybrid setup, you already know what am I talking about.
- Use this Lambda function as a blueprint and extend its functionality. For example, obfuscate certain fields to create a non-production DB for tests, etc.

TBH, I’m not sure how it’s going to work with the 15 minutes hard limit for execution time for Lambdas, but you won’t find out unless you try, I guess.

So overall, an interesting project that I won’t likely use myself, but it might be fun to play with.

#databases #aws #serverless

A very interesting article about when to use AWS Lambda functions and when not.

The article explores a couple of serverless scenarios and whether it’s required to use a Lambda function there.

In nutshell: do not use Lambda when there’s a native integration between the components; and use it to transform data, not to transport it.

#aws #serverless

This is a small nice article about how small changes could impact performance.

I like such stories very much. I believe, they expose the beauty of software engineering. Just like in maths classes complex equations result in something like x = 1.

Also, one can learn from this article a thing or two about the memory allocation in Go as well as some performance profiling techniques.

#programming #go #performance

Well, it’s happening. Pulumi now supports YAML in GA.

Here are my thoughts about this. The imperative revolution didn’t happen. We haven’t suddenly started to define the infrastructure in TypeScript or Go. Also, it looks like both approaches can co-exist just fine, even as a part of a single tool.

I think that the second point is great, because the users (we) have more options. Smaller setups can benefit from a simpler declarative way, while more complicated installations can leverage the whole power of general purpose languages.

#iac #pulumi

A new issue of the CatOps Newsletter is live!

#newsletter

A neat summary for upgrading EKS to 1.24.

This article contains some considerations and action items before an upgrade as well as some points for future releases.

P.S. This article came from the chat. So, if you have interesting things to share, feel free to join it! The chat is in Ukrainian.

#aws #kubernetes

In case of major power outages, we can schedule deployment by a sheet of paper, and when power return - scan and use SheetOps.

https://github.com/learnk8s/xlskubectl

By the way, have a nice day :)

​​Amazon has made 120 AWS courses available for free.

To get courses, you only need to know English and make a few additional steps:
0. Login OR Create an account in Amazon

After sign in/up, you will be redirected here
1. Choose and go to any course you like
2. Click "Order Now for free"
3. Get the error "Sorry, we couldn't complete your purchase". Press "change your country/region"
4. Click on the "Country / Region Settings". It will open with "Current country/region – Unknown"
5. Click Change
6. Now you need to enter absolutely any address and mobile phone from the USA. You can take any from here. The mobile phone must be indicated without spaces/brackets/dashes - i.e. only numbers.
7. Now you can return and get courses.

P.S. That works up to 9 Dec 2022. You can access courses up to 28 Apr 2023.
P.P.S. You can get only 6 courses if you click them one by one. But if you order many courses at the same time - the number of ordered courses will be limited to the number that you will have time to order before Amazon prepares 6 courses in your Amazon Online Learning cabinet. So click quickly to get more courses :)

I remember people creating NAT instances in AWS because NAT Gateway was not available at a time.

Now, some claim that NAT Gateway is too expensive, thus nat instances is the way.

The circle is complete, I guess.

Anyways, here’s alterNAT - self provisioned NAT instances in AWS.

To be completely honest, there are use cases for NAT instances indeed and they do not claim that this solution is for everyone.

#aws #networking

Kubeshark is an traffic viewer for Kubernetes providing deep visibility into all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster.

I don’t have much to add here. This is basically a Wireshark for Kubernetes. So, if you probably know it if you need something like this. Otherwise, I would say that one can live Ok without it. Yet, if you ever need to analyze, what’s going on with requests in your cluster, you can always use this tool!

#kubernetes #networking