​​Last week, I promised a series of posts about modern application delivery. Last time, we briefly discussed the problems that are generated by the disconnection between application code and its infrastructure dependencies.

Today, let's talk about a proposed formal way of solving this issue - Open Application Model. This is a specification of application bundle definition that contains all the required components as well as traits (we'll talk later on this one). The main purpose is to provide a reasonable abstraction for customers. So, they can use components and traits as building blocks for their application's infra dependencies.

This concept was proposed by people from Alibaba Cloud (and Microsoft?) and the whole thing is fairly new. However, it already has an implementation for Kubernetes - KubeVela. Although, I still have unanswered questions for this tool. For example, is it possible to provide default traits? What should I do if I want all my apps to have an autoscaler, etc.?

In any case, those are implementation details. Nothing stops you from embracing concepts of OAM and implementing them using, let's say, Helm.

As a bonus, here is a great video by Viktor Farcic about KubeVela with some basic "Hello world" example. It helps to better understand the problem that OAM is trying to solve as well as its concepts like components, traits and the difference between them. 'Coz the official documentation, let's be honest, is not that great.

https://youtu.be/2CBu6sOTtwk

#oam #app_bundle #kubernetes

очередная уязвимость и выпуск 2.17 версии, чтоб защититься от DoS атаки через log4j
https://www.bleepingcomputer.com/news/security/upgraded-to-log4j-216-surprise-theres-a-217-fixing-dos/

How Kubernetes traffic management tools work?
Get sense of solving the challenges of resilience, visibility, and security that come with running Kubernetes in production.
An Ingress controller and service mesh topics are included.

"DevOps is not a person".

We have this picture in mind, but to move current situation on client or our side, we need to have some people to bring this culture into it.

Sometimes hiring stuff, client, managers or other people, easy to name it as "DevOps engineer" to just hire such members, who help them to bring this culture.

But I guess we are all Engineers and need to help people to solve their problems.

So possibly like in Agile, in different level of maturity we have separate SCRUM Master, who help team to start working in that behaviour, sometimes it is just a role, and sometimes it is not needed. The same picture with DevOps. At start, when people work in silos, they need someone to share new vision, culture, methodology and experience, because they cannot work in that way. But this process to work as a whole team, not as many separate teams, but as One Team, it can be long time process of transformation. And not always, it can be changed in some understandable period of time. It can go as continuous process.

Just leave it here: https://web.devopstopologies.com/ as a different topologies of DevOps

The ROAD to SRE.

https://proglib.io/w/c59a878b

From our subscribers.

People can use AWS Elastic Container Registry to cache public Docker images.

From their press-release:

This new capability gives AWS customers a simple and highly available way to pull Docker Official Images, while taking advantage of the generous AWS Free Tier. Customers pulling images from Amazon ECR Public to any AWS Region get virtually unlimited downloads. For workloads running outside of AWS, users not authenticated on AWS receive 500 GB of data downloads each month. For additional data downloads, they can sign up or sign in to an AWS account to get up to 5TB of data downloads each month after which they pay $0.09 per GB.

If you have any interesting things to share, you can always do it in our chat!

#aws

https://contains.dev/
Отличная замена приложению dive, которая позволяет посмотреть что внутри публичного докер образа

SSH Bastion Host Best Practices
https://www.reddit.com/r/netsec/comments/s358o4/ssh_bastion_host_best_practices/?utm_medium=android_app&utm_source=share

🖧 30+ вопросов и ответов на интервью по SSH

SSH – это важная часть технического собеседования по Linux.

Как новички, так и опытные технические специалисты могут проверить свои знания

Это очень обширная и интересная тема.

Читать

Запись моего выступления "Container escapes: Kubernetes edition" с секции Defensive Track конференции ZeroNights, что была 30 июня 2021.

В рамках данного доклада я рассматривал, как и что могут атакующие и что можно сделать, чтобы усложнить побег из Pod’а.

И небольшой инсайд: в этом году я также планирую представить новое исследование на тему Kubernetes на ZeroNights 2022. На текущий момент это скорее всего будет исследование с рабочим названием "NetworkPolicy: родной межсетевой экран Kubernetes". Посмотрим на то как и что могут NetworkPolicy и как они устроены в различных CNI и куда они развиваются.

​👨‍🎓️ ТОП-11 бесплатных учебных курсов по Go

Библиотека программиста сделала для вас подборку бесплатных учебных курсов по Golang на русском языке.

https://proglib.io/sh/CE8WBcrmAG