Database trends spotted by Redis at KubeCon.

In nutshell:
- Running databases is hard.
- Running databases in Kubernetes = all the complexity of running databases + all the complexity of running Kubernetes.
- Yet, Data on Kubernetes community exists and has quite a few success stories.
- One of the problems is that there are no standard. Frequently, there are at least a couple of different operators and charts to run %dbname%. So, it might be hard for users to decide what tools to use in which case.
- Another problem is the lack of people, who are experts in both running databases and running Kubernetes.

So, if you want to be in demand on the market, get yourself familiar with data operations. That thing is getting momentum right now.

#databases #kubernetes

Avery nice read for the weekend - Postmortem of a 2005 Flickr Outage Modernized for Today.

It’s cool because it’s not just a postmortem from a well-known, but this piece also contains some history! Trust me, you will like the root cause of this one ;)

#postmortem #history

Today's Donations Monday goes to the artillery.

The "Reactive Post" charity organization allows creating a monthly subnoscription for donations which go to artillery brigades for spare parts, repairs, etc. You can check their website for more information.

They accept one-time donations as well. Plus, they support crypto.

#donations #Ukraine

I know that currently there is a hiring freeze in many companies as well as a lot of folks stay put and not actively looking into changing their jobs.

Yet, some hiring is still happening, and some folks are actually joining new companies and therefore going through onboarding.

Hence, I would like to share this article with you - What I Wish I Knew About Onboarding Effectively.

This article has some interesting thoughts. For example, that you are the one who's "owning" your onboarding process. It seems obvious on the surface, but I saw many folks who assume otherwise.

Also, this article has some practical advises on how to prepare for an onboarding and make it a success.

#culture #onboarding

I'm still editing the latest issue of our CatOps Voice Chat. So, while you're waiting, you can check out a pilot episode of the new DOU DevOps Podcast.

In this episode, they've discussed the certifications as well as touched the causes which led to the emerging of Platform Engineering.

#dou

More than a year ago, I made a prediction that new Kubernetes distributions would emerge and the whole K8s installation process would be very similar to the Linux desktop experience: yes, the kernel is the same, but you have some pre-installed stuff that makes your experience smoother.

Yet, I was wrong. Some Kubernetes distributions emerged indeed, but the reality is that for the majority of people the real answer is to simply use whatever a cloud provider gives you and install necessary plugins by yourself.

Though, not everyone is operating in a cloud, as well as not everyone is using a managed Kubernetes service within a cloud. Therefore, I want to share with you an article called Kubernetes Installation Methods The Complete Guide.

This is not a complete guide, of course. There are a couple more methods and distributions. Moreover, I believe there are some exotic ways of people managing their clusters that never go public (we have a custom Kubernetes deployer in the company, lol).

However, this guide provides a nice overview of what's available on the market and which solutions suit better to which situations. So, if you're looking into starting your Kubernetes journey, you have a good place to validate your ideas about the tools.

#kubernetes

ANY KUBERNETES CERT - 50% DISCOUNT

coupon: friendsfamily23

#k8s #kubernetes #course

It was a long one but finally I made it!

A new episode of our Voice Chat (in Ukrainian) is available! This time we shared stories of our fuckups as well as discussed a little bit the value of certifications and the interviewing process.

You can find the episode on:
- Spotify
- Apple Podcasts
- Google Podcasts
- Direct RSS link

So, if were looking for something to listen to on the weekend, we’ve got you covered!

#voice #говорилка

I usually post donation requests on Mondays but this is an urgent one.

Mike is raising funds for laptops for the Southern Front.

The goal is ₴38k. So, I believe we can close this one fast.

I know Mike personally. You can trust this fundraiser as if it was done from myself.

You can donate to the Monobank Jar:

https://send.monobank.ua/jar/8EPmTTkUrv

#donations #Ukraine

A new issue of my CatOps Digest newsletter is here!

#newsletter #digest

​​Yesterday I posted Mike's fundraiser for the laptops for the Southern Front. So, without changing the topic, I want to remind you about the Cyberdefence fundraiser by the Come Back Alive foundation.

It's currently at ~87% of its goal.

P.S. You can still donate to Mike's fundraiser as well. There is like 9k UAH left: https://send.monobank.ua/jar/8EPmTTkUrv

#donations #Ukraine

​​I've been working a lot with Makefiles lately, and I must say, it's not the most pleasant experience. Back in a day, I had a post here about how to replace GNU Make with Python's Invoke.

Today, I want to share a tool called Mage. It is a make/rake-like build tool using Go that depends only on Go's standard library. Ofc, some other Go-based task execution tools exist, like, for example Task.

However, unlike Task, Mage leverages plain Go syntax while Task uses YAML to define its recipes. Thus, Mage is much more flexible, especially when it comes to loops and so on. Also, you can write automation for your projects with Go!

P.S. A link to the post about Invoke.

#go #tools

Production Considerations for Spring on Kubernetes is a long detailed articles on the consideration you have to take when running Spring Boot applications in Kubernetes.

It starts with how do you build your image and covers topics such as graceful shutdown, CPU/Mem requests and limits, configuration changes and so on.

From my understanding the primary target audience is Java developers. However, you can get much value from this article since it explains some specifics of how Java OCI images are built as well as some specifics of how Kubernetes works. Also, it may provide you some conversation-starters to share the best practices with your developers. Hence, probably not all of them have read this (or similar) article.

Some disclaimers:
- This article was written in the end of 2022
- It has Spring Boot 2.x in mind. Spring Boot 3.x is already available and has many changes compared to 2.x. Yet, 2.x is still widely adopted.
- Thus, some recommendations may change as well as new recommendations may appear for Spring Boot 3.x
Some takeaways:
- Use the latest LTS JDK version. If you‘re still on Java 8, at least make sure that you‘re using the latest patch version.
- Use cloud-native image builders such as JIB.
- Make sure that your application can be shut down gracefully. You may want to use preStop hook with a simple sleep and adjust the terminationGracePeriodSeconds setting to achieve that.
- Be mindful about your Liveness and Readiness probes. Spring has a default health endpoint but it usually checks the overall health of an application including downstream connections to the databases, etc. It’s suboptimal to use that for Liveness probe, because K8s will simply restart your app in a loop if something happens to the DB connection.
- Spring’s Liveness and Readiness Health Groups may help to prepare your app to K8s environments.
- Profile your application before setting requests and limits
- For CPU set adequate requests and use -XX:ActiveProcessorCount parameter of JAVA_TOOL_OPTIONS to limit the number of vCPU for JVM. Thus, you can omit setting CPU limits on the K8s side.
- Make sure you have both requests and limits set for the Memory, though!
- Prefer K8s native abstractions for configuration and service discovery over Spring Cloud.
- Yet, if you cannot remove Spring Cloud easily, the article provides some advices on how to make an app more K8s-native.

So, do you use Java or Kotlin in your company? If yes, share this post with your developers!

#kubernetes #java #programming
-

​​Friday is a good day for some humor.

I bet you have heard about the 10x Engineer. But have you heard about -10x Engineer.

Jokes aside, this is a nice article of what things to avoid at work.

And here's a good review of this article by Primagen.

Remember that a couple of years ago GitHub has disabled automatic execution for its Actions?

The idea behind this decision is more or less described in this article - Build Pipeline Security. The problem described in this article is not some sort of a rocket science. Thus, any malicious actor can do something similar.

This brings me to the topic of CI integrations for public repositories. I think on some podcast or in some article I’ve heard an advice for the beginners to create their pet project and configure CI for it. So, you can show that you have some practical experience. Ok, GitHub has you covered, but what about other CIs which are available for public repositories? Thus, I might have been a good advice, if we were living in the world here all the people are kind to each other, which is not the case.

Does it mean that you cannot have a CI for your pet-project? Of course, not! Just be careful with what it actually can execute on each step. The author of the linked article suggests putting deploy noscripts into a separate private repository. I think, nowadays any major VCS vendor allows one to have at least one private repository for free.

Yet, I would say that this is not good enough and you should also make sure that you should follow GitHub’s steps and enforce a mandatory approvals for CI runs as well as have some quotas in place for the compute resources available for your CI. Again, GitHub has you covered here, but if you want to use something else, you are on your own.

#cicd #security #github #aws

​​Today it's been 6 years since this channel was created.

It's all started on the 22nd of May 2017. Thank you for staying with us for so long and hope you enjoy this journey as much as I do!

If you want to with CatOps happy birthday, you could donate to one of these charities:

- Pavlo Bondarenko
- UA Responders
- Come Back Alive
- Serhiy Prytula Charity Foundation
- Kolo Foundation
- Or any other fundraiser that you trust

I'm also thinking about making a special AMA edition of our voice chat this Thursday. If you have any questions you would like to ask us, feel free to add them to this Sli.Do form. Even if we don't have a voice chat, I can answer them in writing anyway.

Cheers!

#donations #Ukraine

If you want to get familiar with Cilium, the Linux Foundation has a free Introduction to Cilium course, which is a part of the bigger CNCF learning path.

#learning #networking #cilium

A short article on how to infect SSH public keys.

Is it a serious threat - no, not really. However, this article describes a rather unknown feature of SSH as well as serves as a reminder that using keys for SSH access has its flaws.

#security #ssh

A little bit later than usual but a new issue of the CatOps Digest is here!

#newsletter #digest

​​Today I want to remind you about the UA Responders Foundation that raise funds for tactical medicine.

Tactical medicine saves lives!

#donations #Ukraine

​​DNS is one of the protocols that powers the Internet. Yet, sometimes it seems like people dismiss it as something trivial or boring.

NsLookup Learning Center is a collection of articles about various concepts of DNS that can help you to better understand how it works.

#dns