Forwarded from DevOps & SRE notes (tutunak)
Looking for a hosting platform to practice with Linux, Kubernetes, etc.? Register using my referral link on DigitalOcean and get $200 in credit for 60 days. By registering through my referral link, you also support this Telegram channel.
👉 Register
👉 Register
❤3
This post from Chainguard Unchained introduces the concept of audited least privilege as a critical security measure for the software supply chain. It explains how this principle helps verify that components only have the permissions they strictly need to function.
https://www.chainguard.dev/unchained/audited-least-privilege
https://www.chainguard.dev/unchained/audited-least-privilege
www.chainguard.dev
Audited least privilege
Strengthen your software supply chain security with audited least privilege. Learn how Chainguard's approach minimizes risk and enhances trust.
👍1💯1
In this unique piece, author explores the interesting and often overlooked capabilities of GitRepo volumes in Kubernetes. The content details some fun experiments and practical applications for dynamically providing content to pods directly from a Git repository.
https://raesene.github.io/blog/2024/07/10/Fun-With-GitRepo-Volumes/
https://raesene.github.io/blog/2024/07/10/Fun-With-GitRepo-Volumes/
raesene.github.io
Fun With GitRepo Volumes
👍1
This opinionated report argues that Large Language Models (LLMs) are not the ultimate solution for complex socio-technical problems in the SRE and operations space. It cautions against over-reliance on AI, emphasizing the continued need for human expertise and critical thinking.
https://blog.relyabilit.ie/llms-wont-save-us/
https://blog.relyabilit.ie/llms-wont-save-us/
RelyAbility Blog
LLMs won't save us
The AI wave is passing over us: what of genuine value will be left behind? asks Niall Murphy
As a long-time observer of the SRE/DevOps tooling market, I look at the tsunami of AI-powered and LLM-enabled currently engulfing our industry like most great wave…
As a long-time observer of the SRE/DevOps tooling market, I look at the tsunami of AI-powered and LLM-enabled currently engulfing our industry like most great wave…
❤1👍1
Martin Atkins's latest study presents a clever technique for handling "ephemeral values" in Terraform, which are values needed during a plan but should not be stored in the state. The method helps manage dynamic or sensitive data that is only relevant for a single operation.
https://log.martinatkins.me/2024/05/22/terraform-ephemeral-values/
https://log.martinatkins.me/2024/05/22/terraform-ephemeral-values/
Development Log by Martin Atkins
Ephemeral Values in Terraform
A different approach to sensitive values in Terraform state.
👍1
A terminal-based LDAP server explorer built with Go and BubbleTea, providing an interactive interface for browsing LDAP directory trees, viewing records, and executing custom queries.
https://github.com/ericschmar/moribito
https://github.com/ericschmar/moribito
GitHub
GitHub - ericschmar/moribito
Contribute to ericschmar/moribito development by creating an account on GitHub.
👍2
This in-depth article by Henrik Gerdes benchmarks various container runtime interfaces (CRIs) for Kubernetes. It provides a detailed comparison of runc, crun, gvisor, and youki, focusing on performance and memory consumption.
https://henrikgerdes.me/blog/2024-07-kubernetes-cri-bench/
https://henrikgerdes.me/blog/2024-07-kubernetes-cri-bench/
henrikgerdes.me
Benchmarking what actually drive our containers
Kubernetes success and versatility often overshadows the lower-level details of what actually drives our containers. I took a deeper took on how the default con…
👍2❤1
This blogpost explores the statistical complexities of using Mean Time to Resolve (MTTR) as a key incident metric. The author argues that due to the power-law distribution of incident durations, MTTR trends can be misleading.
https://surfingcomplexity.blog/2024/12/01/mttr-when-sample-means-and-power-laws-combine-trouble-follows/
https://surfingcomplexity.blog/2024/12/01/mttr-when-sample-means-and-power-laws-combine-trouble-follows/
Surfing Complexity
MTTR: When sample means and power laws combine, trouble follows
Think back on all of the availability-impacting incidents that have occurred in your organization over some decent-sized period, maybe a year or more. Is the majority of the overall availability im…
👍2
kubectl-validate is a SIG-CLI subproject to support the local validation of resources for native Kubernetes types and CRDs.
https://github.com/kubernetes-sigs/kubectl-validate
https://github.com/kubernetes-sigs/kubectl-validate
GitHub
GitHub - kubernetes-sigs/kubectl-validate
Contribute to kubernetes-sigs/kubectl-validate development by creating an account on GitHub.
❤🔥1
This write-up from incident.io introduces the "Incident Maturity Model," a framework for evaluating and improving an organization's incident management processes. The model outlines three stages: Centralized, Distributed, and Democratized, offering a roadmap for growth.
https://incident.io/blog/the-incident-maturity-model
https://incident.io/blog/the-incident-maturity-model
incident.io
The Incident Maturity Model | Blog
Incidents are inevitable—how you handle them matters. The Incident Maturity Model shows how to level up from basic response to company-wide resilience, with actionable steps backed by real data. Where does your team stand?
👍1
Lawrence Jones provides an analysis of the challenges and incentives surrounding company status pages. The text delves into why transparency can be difficult for businesses, especially when SLAs and financial penalties are involved.
https://blog.lawrencejones.dev/status-pages/
https://blog.lawrencejones.dev/status-pages/
blog.lawrencejones.dev
Uptime, status pages, and transparency calculus
From the evergreen AWS status page to hardcoded 100% uptime, no one fully trusts a status page anymore. But why is this? Companies often start with good intentions, aiming for full transparency. So why do so many change along the way: what pressures people…
🔥1
This tutorial from Steven Sklar on DEV Community explains how to implement Kubernetes-powered leader election in Go applications. It walks through the use of Kubernetes Leases and the
https://dev.to/sklarsa/how-to-add-kubernetes-powered-leader-election-to-your-go-apps-57jh
client-go/tools/leaderelection package with a practical code example.https://dev.to/sklarsa/how-to-add-kubernetes-powered-leader-election-to-your-go-apps-57jh
DEV Community
How to add Kubernetes-powered leader election to your Go apps
Learn about leader election and how you can leverage part of the Kubernetes standard library to add this feature to your next application
👍1
This comprehensive guide details the process of setting up a high-availability k3s Kubernetes cluster. It uses keepalived for a virtual IP, a Galera cluster for the database, and Longhorn for distributed block storage to ensure no single point of failure.
https://raymii.org/s/tutorials/High_Available_k3s_kubernetes_cluster_with_keepalived_galera_and_longhorn.html
https://raymii.org/s/tutorials/High_Available_k3s_kubernetes_cluster_with_keepalived_galera_and_longhorn.html
👍3
⚠️ Ingress Nginx will be retired!
To prioritize the safety and security of the ecosystem, Kubernetes SIG Network and the Security Response Committee are announcing the upcoming retirement of Ingress NGINX 🪦
https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/
To prioritize the safety and security of the ecosystem, Kubernetes SIG Network and the Security Response Committee are announcing the upcoming retirement of Ingress NGINX 🪦
https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/
Kubernetes
Ingress NGINX Retirement: What You Need to Know
To prioritize the safety and security of the ecosystem, Kubernetes SIG Network and the Security Response Committee are announcing the upcoming retirement of Ingress NGINX. Best-effort maintenance will continue until March 2026. Afterward, there will be no…
1😢7❤3🎉3💩2