​​I've been working a lot with Makefiles lately, and I must say, it's not the most pleasant experience. Back in a day, I had a post here about how to replace GNU Make with Python's Invoke.

Today, I want to share a tool called Mage. It is a make/rake-like build tool using Go that depends only on Go's standard library. Ofc, some other Go-based task execution tools exist, like, for example Task.

However, unlike Task, Mage leverages plain Go syntax while Task uses YAML to define its recipes. Thus, Mage is much more flexible, especially when it comes to loops and so on. Also, you can write automation for your projects with Go!

P.S. A link to the post about Invoke.

#go #tools

Production Considerations for Spring on Kubernetes is a long detailed articles on the consideration you have to take when running Spring Boot applications in Kubernetes.

It starts with how do you build your image and covers topics such as graceful shutdown, CPU/Mem requests and limits, configuration changes and so on.

From my understanding the primary target audience is Java developers. However, you can get much value from this article since it explains some specifics of how Java OCI images are built as well as some specifics of how Kubernetes works. Also, it may provide you some conversation-starters to share the best practices with your developers. Hence, probably not all of them have read this (or similar) article.

Some disclaimers:
- This article was written in the end of 2022
- It has Spring Boot 2.x in mind. Spring Boot 3.x is already available and has many changes compared to 2.x. Yet, 2.x is still widely adopted.
- Thus, some recommendations may change as well as new recommendations may appear for Spring Boot 3.x
Some takeaways:
- Use the latest LTS JDK version. If you‘re still on Java 8, at least make sure that you‘re using the latest patch version.
- Use cloud-native image builders such as JIB.
- Make sure that your application can be shut down gracefully. You may want to use preStop hook with a simple sleep and adjust the terminationGracePeriodSeconds setting to achieve that.
- Be mindful about your Liveness and Readiness probes. Spring has a default health endpoint but it usually checks the overall health of an application including downstream connections to the databases, etc. It’s suboptimal to use that for Liveness probe, because K8s will simply restart your app in a loop if something happens to the DB connection.
- Spring’s Liveness and Readiness Health Groups may help to prepare your app to K8s environments.
- Profile your application before setting requests and limits
- For CPU set adequate requests and use -XX:ActiveProcessorCount parameter of JAVA_TOOL_OPTIONS to limit the number of vCPU for JVM. Thus, you can omit setting CPU limits on the K8s side.
- Make sure you have both requests and limits set for the Memory, though!
- Prefer K8s native abstractions for configuration and service discovery over Spring Cloud.
- Yet, if you cannot remove Spring Cloud easily, the article provides some advices on how to make an app more K8s-native.

So, do you use Java or Kotlin in your company? If yes, share this post with your developers!

#kubernetes #java #programming
-

​​Friday is a good day for some humor.

I bet you have heard about the 10x Engineer. But have you heard about -10x Engineer.

Jokes aside, this is a nice article of what things to avoid at work.

And here's a good review of this article by Primagen.

Remember that a couple of years ago GitHub has disabled automatic execution for its Actions?

The idea behind this decision is more or less described in this article - Build Pipeline Security. The problem described in this article is not some sort of a rocket science. Thus, any malicious actor can do something similar.

This brings me to the topic of CI integrations for public repositories. I think on some podcast or in some article I’ve heard an advice for the beginners to create their pet project and configure CI for it. So, you can show that you have some practical experience. Ok, GitHub has you covered, but what about other CIs which are available for public repositories? Thus, I might have been a good advice, if we were living in the world here all the people are kind to each other, which is not the case.

Does it mean that you cannot have a CI for your pet-project? Of course, not! Just be careful with what it actually can execute on each step. The author of the linked article suggests putting deploy noscripts into a separate private repository. I think, nowadays any major VCS vendor allows one to have at least one private repository for free.

Yet, I would say that this is not good enough and you should also make sure that you should follow GitHub’s steps and enforce a mandatory approvals for CI runs as well as have some quotas in place for the compute resources available for your CI. Again, GitHub has you covered here, but if you want to use something else, you are on your own.

#cicd #security #github #aws

​​Today it's been 6 years since this channel was created.

It's all started on the 22nd of May 2017. Thank you for staying with us for so long and hope you enjoy this journey as much as I do!

If you want to with CatOps happy birthday, you could donate to one of these charities:

- Pavlo Bondarenko
- UA Responders
- Come Back Alive
- Serhiy Prytula Charity Foundation
- Kolo Foundation
- Or any other fundraiser that you trust

I'm also thinking about making a special AMA edition of our voice chat this Thursday. If you have any questions you would like to ask us, feel free to add them to this Sli.Do form. Even if we don't have a voice chat, I can answer them in writing anyway.

Cheers!

#donations #Ukraine

If you want to get familiar with Cilium, the Linux Foundation has a free Introduction to Cilium course, which is a part of the bigger CNCF learning path.

#learning #networking #cilium

A short article on how to infect SSH public keys.

Is it a serious threat - no, not really. However, this article describes a rather unknown feature of SSH as well as serves as a reminder that using keys for SSH access has its flaws.

#security #ssh

A little bit later than usual but a new issue of the CatOps Digest is here!

#newsletter #digest

​​Today I want to remind you about the UA Responders Foundation that raise funds for tactical medicine.

Tactical medicine saves lives!

#donations #Ukraine

​​DNS is one of the protocols that powers the Internet. Yet, sometimes it seems like people dismiss it as something trivial or boring.

NsLookup Learning Center is a collection of articles about various concepts of DNS that can help you to better understand how it works.

#dns

Who will win: Kubernetes or a simple list request? is a postmortem-like story that unveils how Kubernetes objects are retrieved from ETCD.

It’s useful to know those quirks bot only when you write software that talk to the Kube API, but also when you operate a cluster under the load since those request could be generated by something else.

#kubernetes #etcd

At last!

I have finalized the results of this year’s Kubernetes Operations Survey by CatOps! You can find it:

- In my personal blog.
- On Substack.

Ukrainian version is currently in review and (hopefully) is coming soon.

Also, I would appreciate it, if you subscribe to my Substack, since I put such long posts there rather than on Telegram.

Have a great weekend!

#kubernetes #catops

An incredible story by Juraj Majerik.

In his spare time he has created an Uber-simulation app. With Go on backend and React on front-end.

He didn’t just created an app but also deployed it and configured the infrastructure and monitoring for it. Moreover, he has documented the entire process. So, you can pretty much follow his journey.

There is also a neat summary of this project by Gergely Orosz (Pragmatic Engineer). Here is a part I want to highlight:

I really like how this project showcases _just_ _how much time_ can go into infrastructure setup. At companies with dedicated platform teams, those teams take exactly this kind of load off other teams building greenfield projects.

Both as an engineer, and especially as an engineering manager, don’t forget there’s a real cost to setting up and then maintaining infrastructure. Much infrastructure work is invisible as it does not involve commits, and most engineers won’t document the time they spend on these tasks, like Juraj has. But this is work that still needs to be done!

#programming #devops

Today we have a joint fundraiser by DOU and Kolo: Send a shark to the seaside.

The goal is to raise ₴10М to buy 5 Shark UAVs for the 15th Separate Brigade of the Artillery Reconnaissance.

The link above is in Ukrainian. Unfortunately, there’s no English version yet. However, here’s a direct link to donate.

#donations #Ukraine

A new episode of our voice chat (in Ukrainian) is here!

This time we discussed our job interviews experience from different countries. We also talked about what’s it like to lay off people and if AI will replace us.

You can find this new episode on:

- YouTube
- Spotify
- Apple Podcasts
- Google Podcasts
- Substack

P.S. I have switched to Substack for episodes hosting. So, it’s a good time to subscribe 😉

#voice #interviews #говорилка

Convert your rage into donations.

There are two important ongoing fundraisers by Come Back Alive:

- Pack the Sky to strengthen the air defense.
- We are living here for demining operations.

#donations #Ukraine

Kubernetes as a Platform.

Frankly, you can skip the most of the text from this article. However, it gives a nice high-level overview of the tools you can use in Kubernetes to address various aspects of the platform building.

#kubernetes #platform

Late night CatOps Digest:

https://newsletter.catops.dev/p/catops-digest-2023-06-11

#CatOps #newsletter

For today’s Donations Monday I would like to remind you about Pavlo and Naya who raise funds for recon drones and equipment for them.

This week’s goal is to get a bit more than €10k drones and the telecommunication equipment.

- Pavlo’s requisites
- Naya’s requisites

#donations #Ukraine

In my last Kubernetes Operations Survey, there were very few Cluster API users. However, the technology is not abandoned at all.

So, if you want to know more about Cluster API, check out the learning course by VMware.

Also, check out the results of the Kubernetes survey if you haven't done that already.

#kubernetes

A kinda old article by Sarah Drasner with a couple of tips for Engineering Managers. Yet, those advices are timeless, one could say.

I'm posting this since I assume that there are also people in EM roles among the subscribers.

Also, if you missed the voice chat about Engineering Management with Oleks Maistrenko, make sure to check that out too!

#management