Unless you contribute to Terraform core, this won't be super relevant for you.
However, this update is a bit disturbing.

Quote:

Due to current low staffing on the Terraform Core team at HashiCorp, we are not routinely reviewing and merging community-submitted pull requests. We do hope to begin processing them again soon once we're back up to full staffing again, but for the moment we need to ask for patience. Thanks!

Source

Kudos to HashiCorp for being explicit about it, though!

#hashicorp #terraform

Yet another list of tools, which ease Kubernetes operations.

The majority of things in this list are not new and actually well-known across the industry. However, I found here a few interesting things I would like to take a closer look at. For example, Capsule for multi-tenant support and Kubevela - an implementation of Open Application Model (OAM).

BTW, Open Application Model is a pretty interesting concept. I really need to write about it here more often.

#kubernetes

A humble bundle with books about Kubernetes from Pluralsight.

As usual, you can pay €21.24 for 23 books, €17.64 for 13, or at least €1 for 7.

The books in this bundle are practical guides for configuring different aspects of Kubernetes or setting up it on platforms like AKS.

Personally, I'm not a big fan of technology-specific books. This type of knowledge tend to become obsolete too fast these days. However, if you need hands-on manuals for Kubernetes right here right now, this could be a good choice.

Also, I've never read books by Pluralsight, but their online courses are nice. So, I think the books should also be good.

#books

Flame graphs is a powerful tool to visualize an application profile and spot narrow places in your codebase.

Kubectl Flame brings this functionality as a frictionless kubectl plugin! Now, you can generate a flame graph from a running pod using just kubectl.

Currently, it supports Java using async-profiler, Go using ebpf profiling. Python support is based on py-spy. Ruby support is based on rbspy.

Also, since we're talking about performance, here is a free-to-use Kubernetes Instacne Calculator, which helps you to calculate the optimal size of cloud nodes based on your resource requests and limits.

#kubernetes #performance

An article that saved me some time yesterday.

It's about how to append custom paths to the $PATH variable on a GitHub Actions runner. As you may guess, it's not simply $PATH.

However, you can do it as below:

 - run: echo "${HOME}/<YOUR_CUSTOM_BIN>" >> $GITHUB_PATH

#cicd #gha

It’s been 5 years since Envoy was open sourced.

Therefore, Matt Klein (one of the creators of Envoy) published a longread with the retrospective of these years and the way Envoy made from an internal proxy in Lift to kinda default choice for cloud environments.

This read may beinteresting for those who work on the open source tools in their companies as well as for the individual open source contributors.

#oss #longread

​​Sometimes it is worth getting your head from clouds down to Earth.

Here is a great post-mortem story of a failed Ceph cluster.

The investigation led them down to more “invisible” underlying layers rather than just Ceph itself, but I won’t spoil more. This is an interesting and not that long read, so you can go through it yourself. Also, at least for me, every post-mortem looks like a detective story, not just a technical article.

P.S. I haven’t worked much with Ceph myself. When I was a very junior engineer, we had a few small Ceph clusters in a company I worked for. I was not involved in that project, though. However, I remember that once we had an issue with one of the clusters and my colleague spent a night fixing it.

The next day he said: “We didn’t quite lose the data. We just cannot retrieve it”. I think from that time this became a strong association for me with Ceph, even though Ceph is usually not the case.

#postmortem #ceph #linux

​​More and more often I bump into articles about Kubernetes backups.

So, I decided to pull my old draft and make it an article. Actually, a series of 3 articles. Although, only the first part is ready yet.

So, the first one is just a brief overview of Velero (former Heptio Ark). A tool I used for backing up Kubernetes objects.

The second part would contain some general opinions on Kubernetes backups. And lastly, the third part would be about managing clusters as cattle, what it takes and what are the pitfalls of such an approach.

Obviously, I won't promise when Part II and III will come out.

#kubernetes #backup

A gist on how to escape a character in Jenkins

#cicd #jenkins

Next Thursday on 30th of September we gonna have our usual voice chat, but in unusual format.

I’ve invited a few guests from people operation teams for a fireside chat about contr-offers.

Langugages: Ukrainian and Russian.

The first hour will be a discussion between guests with a recording and then we’ll turn off the recording and open the discussion for everybody as always.

So, in case you have any questions regardign contr-offers or hiring process in general (or maybe you’re looking for a job?), you can leave your question via this link:

https://app.sli.do/event/9gepm5pf

tl;dr:

What: CatOps fireside chat with people operation team members about contr-offers

When: Thursday, 30th of September

Where: Here in Telegram. A voice chat will take place in our discussions group. I will post a link here before we start.

Languages: Ukrainian, Russian

P.S. The recording will be available in mid October because I’ll be traveling a bit. So, if you don’t want to wait that long, you’d better join live!

#event

​​Rover is a tool to visuzlize your Terraform resources and their relations for better understanding of what's going on in your systems.

Rover:
- Generates a plan file and parses the configuration in the root directory.
- Parses the plan and configuration files to generate three items: the resource overview (rso), the resource map (map), and the resource graph (graph).
- Consumes the rso, map, and graph to generate an interactive configuration and state visualization hosts on localhost:9000.

#terraform #toolz

You can now use Application Load Balancer as the target for Network Load Balancer in AWS.

From the document itself:

 configuration combines the features of both load balancers and offers the following advantages:

- You can use the layer 7 request-based routing feature of the Application Load Balancer in combination with features that the Network Load Balancer supports, such as endpoint services (AWS PrivateLink) and static IP addresses.

- The configuration works well for applications that use multi-protocol connections, such as media services using HTTP for signaling, and RTP to stream content.

- You can use this feature with an internal or internet-facing Application Load Balancer as the target of an internal or internet-facing Network Load Balancer.

#aws

Here you can get a free copy of Chaos Engineering book by Casey Rosenthal & Nora Jones in exchange for your personal data.

#books

Just want to remind you that tomorrow we're going to have a voice chat about counter offers.

You still can put your question here:
https://app.sli.do/event/9gepm5pf/live/questions

Hear you tomorrow!

#event

Just in 5 minutes we’re starting the live discussion about counter offers!

You can join via this link:

https://t.iss.one/catops_chat?voicechat=fe301b35ab320101fc

Language: Ukrainian / Russian

P.S. You can still ask your question in Slido:
https://app.sli.do/event/9gepm5pf

#event

Friday material.

Here's a Gist for pre-commit hook that detects words from a disallowed list and blocks the commit.

No more fucks in your code!

SpiceDB is now open source!

But, what's SpiceDB anyways? It is a production-ready implementation of Google’s Zanzibar paper. Zanzibar is a distributed relationship-based authorization system that Google uses to manage permissions for most of their core cloud products.

It has some nice additions to it as well. It can use various backends, output valuable metrics, etc.

Also, it can compute inverse permissions for a user. It means that you can not only ask the question: “does user have permission to access resource?” With SpiceDB you can additionally ask: “which resources can user access?”.

#security #oss #auth

Operator Builder is an extension of Kubebuilder to facilitate development and maintenance of Kubernetes operators.

For example, it can generate а CRD based on special markers in your static YAML. So, you can convert a subset of basic k8s resources into a custom one.

#kubernetes

Very detailed post by Cloudflare, what happens with Facebook yesterday.

It's good time to remember (or learn) how BGP and DNS works

The official postmortem by Facebook

P.S. The recent one this time

Humble Bundle books on infrastructure and OPS by O'Reilly

As usual, you can pay different amount of money to unlock items in the bundle. These bundle contains:

>= €1:
- Database Reliability Engineering
- Dynamic Reteaming, 2nd Edition
- Learning Kali Linux
- Prometheus: Up & Running
- Jenkins 2: Up and Running

>= €8.54:
- €1 bundle +
- Migrating to AWS: A Manager's Guide, 1st Edition
- Terraform: Up & Running, 2nd Edition
- Learning Apache OpenWhisk
- Cybersecurity Ops with Bash
- Seeking SRE

>= €15.38:
- All from above +
- Kubernetes Operators
- Kubernetes Best Practices
- Learning Helm
- Distributed Systems with Node.js
- Distributed Tracing in Practice

#books