2022-07-12: OpenFeature & OpenCost at CNCF, OpenTelemetry for Rust & Python apps, Go Profiling, GitLab DB Split, dns.toys, and much more¶
👋 Hey, lovely to see you again¶
Honestly, reading my bookmarks , this month brought a wealth of knowledge to this newsletter. I did not yet read all my friends' newsletters (o11y.news, Seven-Day DevOps, DevOps'ish, CloudSecList - full list in the Developer Evangelism handbook).
It is great to see developer experience with Security Observability being improved, OpenTelemetry and Sigstore are literally everywhere. On the Ops side, alerts and SLO management become easier. Community efforts create more open standards, CNCF touching base with feature flags and cloud-native cost control.
And whichever new language or tool you choose to learn, many new getting starting and interactive guides come by default. Spin up a Tetragon demo in Kubernetes, hands-on Rust, or start contributing using remote dev environments in Gitpod ... amazing times :-)
Let's see what we can learn together this month :)
 I'm sending myself emails for review that are routed into a special mail folder. Works on every device as a boring solution ;-) Suggestions welcome!
☕ Hot Topics¶
- Continuous Profiling: A New Observability Signal by Dotan Horovits, with Frederic Branczyk
- Developer-Led Landscape: Complexity, Automation & A Future of Autonomous Development by Tyler Jewell
- GitLab database split into Main and CI: announcement blog post, planning epic, Hacker News topic with many planning and infrastructure architecture insights (and a successful migration on GitLab.com on 2022-07-02, yay!)
🎯 Release speed-run¶
kubewarden 1.0.0, a policy engine for Kubernetes using portable WebAssembly modules, helps with Pod Security Policy replacement. Trivy 0.29.0 supports RBAC scanning of Kubernetes Roles/ClusterRoles, and also scans Helm charts in the latest release. PolarSignals' ArcticDB was renamed to FrostDB. Zabbix 6.2 adds support for secure secrets using CyberArk next zo HashiCorp Vault. Vault 1.11 provides a new Kubernetes secrets engine to dynamically generate Kubernetes service account tokens, service accounts, role bindings, and roles.
🛡️ The Sec in Ops in Dev¶
Anaïs Urlichs created an amazing visual landscape of cloud-native security scanners. Recommend bookmarking. If you want to learn more about container image signing with Sigstore, Chainguard provides a free getting started course.
The transparency and helpful resources from Cloudflare are amazing: From the Cloudflare outage on June 21, 2022 retrospective to Optimizing TCP for high WAN throughput while preserving low latency, a thorough and in-depth read on TCP windows, tuning kernel settings and multiple kernel patch attempt until successful.
⛅ Cloud Native¶
OpenFeature is now a sandbox CNCF project. Congrats to everyone involved in building a common standard for (cloud-native) feature flags! OpenCost is a new CNCF sandbox project to help with resource efficiency and cost estimation for Kubernetes. The project is based on the KubeCost engine, which is open source.
I also recommend diving into more KubeCon EU talks with Logs told us it was DNS, it felt like DNS, it had to be DNS, it wasn't DNS, learning from production incidents. Jaeger Tracing: Present and Future brings the idea of "Aggregated Trace Metrics (ATM)" forward, generating metrics from traces.
Another great learnk8s resource: Dive into authentication and authorization and learn about user and workload identities in Kubernetes. A worthwhile architecture read is inside the Google Container tools, kpt design docs: Configuration as data and Package Orchestration.
Let's start with an insightful read on eBPF, sidecars, and the future of the service mesh. You'll see more eBPF content in the future, I am slowly adopting the topic and am following a lot of resources and communities to learn more. This newsletter inspired last month's EveryoneCanContribute cafe to try Tetragon from Cilium live in the meetup.
Telemetry and Observability at BlackRock dives into the all-mighty question of alerting strategies and how alert backtesting frameworks help here. Developers need transparency on how their applications are performing - give them Observability with alerts and SLOs. My Philosophy on Alerting, based on observations as an SRE at Google. Another helpful tip in the same area: How to alert for Pod Restart & OOMKilled in Kubernetes.
The integration of Clickhouse as a datastore for Error Tracking in GitLab provides innovative insights and many things to learn. The blueprint for production readiness on GitLab.com review caught my attention with key metrics to monitor Clickhouse: system.asynchronous_metrics), system.metrics), Load on processors which are exposed as a metrics endpoint for Prometheus. More Clickhouse observability insights soon!
🔍 The inner Dev¶
If you are learning Rust, these insights about each every Rust keyword in this Twitter thread can be helpful. OpenTelemetry is getting easier for Rust developers - these web app frameworks provide out-of-the-box support for better Observability:
Polarsignals wrote a great article about gRPC, and how they use it for a web app. Also, a good resource to get started with the basic concepts of gRPC with a visual aid, as the protocol is used in OpenTelemetry, Kubernetes, etc.
HashiCorp announced their new Developer Site in beta, a place to learn in interactive labs, tutorials, and many documentation resources. They'll start with Vault and Waypoint, more to come soon. Another great resource to level up your developer career: Companies using RFCs or Design Docs and Examples of these -- learning how document architecture vision and reviews.
Recommended resources for Python developers: Next-level Concurrent Programming in Python with Asyncio, Logging in Python like a Pro, OpenTelemetry for Python Developers
... and maybe the next level of even ;-)
📈 Your next project could be ...¶
- Start learning WebAssembly (WASM) with awesome-wasm
- Learn how to instrument an Apache HTTP Server with OpenTelemetry
- Build your own Cubernetes
📚 Tools and tips for your daily use¶
- One-liner for running queries against CSV files with SQLite, using a great trick with in-memory databases.
- excalidraw for creating great visuals, and presentations even.
- Awesome Prometheus Alerts: Kubernetes, a complete collection of Prometheus alert rules, not only for Kubernetes.
- A set of modern Grafana dashboards for Kubernetes.
- kube-bench checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.
- dns.toys is a DNS server that takes creative liberties with the DNS protocol to offer handy utilities and services that are easily accessible via the command line.
- vuepress with GitLab pages works great for minimal websites, as an alternative to MkDocs and other static site generators. My most recent project is here.
- Ultimate GitOps: Deploy Secure Microservices to AWS EKS with the GitLab Agent workshop
- Terraform Cookbook, early release by Taylor Dolezal and Kerim Satirli
- Incubation Engineering at GitLab latest playlist, insights into innovative features and projects, such as Cloud Seed (handbook).
- eCHO News, a newsletter about cloud native networking, observability, and security - and eBPF.
- Top 12 Kubernetes Resources: Learn and Stay Up-to-Date
🎥 Events and CfPs¶
- Sep 5-7: Container Days EU in Hamburg, Germany. Join me there!
- Sep 13-16: OS Summit EU in Dublin, Ireland
- Oct 24-28: KubeCon NA in Detroit, Michigan
- Nov 10-11: All Day DevOps, virtual
- Nov 16-17: Continuous Lifecycle / Container Conf in Mannheim, Germany. Join me there!
👋 CfPs due soon
- Oct 12-13: Kubernetes Community Days Munich 2022, CfP due Aug 16
- Oct 24: Cloud Native Wasm Day NA 2022, CfP due Aug 8
- Oct 24-25: Cloud Native SecurityCon NA 2022, CfP due Jul 25
- Oct 25: Kubernetes AI DAy NA 2022, CfP due Jul 25
- Oct 25: Cloud Native Kubernetes on Edge Day NA 2022, CfP due Jul 25
- Oct 25: GitOpsCon NA 2022, CfP due Jul 25
Looking for more CfPs? Try CFP Land.
Kitboga for the many laughs when scammers tried their evil on Windows 3.11. Recommend subscribing too, very insightful and also helpful for family and friends avoiding to fall for these scams.
Thanks for reading! If you are viewing the website archive, make sure to subscribe to stay in the loop!
PS: If you want to share items for the next newsletter, please check out the contributing guide - tag me in tweet replies or send me a DM. Thanks!