Skip to content

2023-01-11: 2023 trends: AI/MLOps, eBPF, OpenTelemetry, SBOMs everywhere; GPT3-visualized, DORA metrics, Keptn Lifecycle Toolkit, Fluxninja Aperture, Coroot, Rust Atomics and Locks book, Zed

Thanks for reading the web version, you can subscribe to the Ops In Dev newsletter to receive it in your mail inbox.

πŸ‘‹ Hey, lovely to see you again

Happy new year to everyone who celebrates it! 2023 will be a great year with new challenges, and technology to learn. I'll cover the best learning pieces in this newsletter and invest in learning hot topics like AI/ML. I started my year early on January 2nd, and boom, a CI/CD pipeline failed with a fancy stack trace. Got me thinking - what if AI could assist with solving pipeline errors for better efficiency? And what happens when the AI is down?

AI is down, modified xkcd 303.

Image generated with go-excusegen; xkcd comic image and font credit.

Auto-instrumentation with eBPF and OpenTelemetry is another topic I'll cover in more depth in 2023, together with Chaos Engineering, SLOs and DevSecOps. I'm speaking at Config Management Camp 2023, and will attend FOSDEM and GitLab Contributor Days from Feb 4 - 8, 2023.

Stay tuned for future newsletters; for now, enjoy reading!

β˜• Hot Topics

🎯 Release speed-run

Coroot 0.11.0 now monitors the memory usage and detects memory leaks before the OOM killer invokes container restarts. tracee v0.10.0 now supports network events, experimental support for "everything is an event" and new filtering features for context, syscall and binary path. GitLab 15.7 allows to sign Git commits with your SSH key, brings support for variables in merge request description templates, $ character in CI/CD variables, and much more. FlowForge 1.2 provides SSO and persistent context storage on its open-source platform to run Node-RED at scale. Open Policy Agent (OPA) v0.48.0 improves error reporting in policy evaluation, and adds support for AWS Signing Version 4A.

πŸ›‘οΈ The Sec in Ops in Dev

Better security for everyone. GitLab will soon automatically revoke Personal Access Tokens (PATs) when the secret detection finds them in public repositories. This feature will be enabled for SaaS and self-managed users and is available for free and paid tiers. Leaked tokens are processed on the system they are found.

PEACH, a tenant isolation framework for cloud applications defines a security review strategy following Privilege hardening, Eencryption hardening, Authentication hardening, Connectivity harderning, Hygiene and apply it onto the ChaosDB vulnerability as example.

Chainguard shared their 2023 technology trends and predictions for software security. Here are few quotes that stand out for me:

  • "Tooling will finally coalesce to allow doing useful things with SBOMs."
  • "Sigstore will kill of PGP [...] keyless signing and widespread adoption of digital software signatures across projects like Kubernetes can only grow at this point."
  • "CVE Zero will be the new Inbox Zero." - "Software supply chain security awareness 2.0 [...] we're really going to start seeing companies put real effort into safeguarding themselves."
  • "We will start seeing Open Source projects being accused of copyright infringement, generating a legal risk to all users of the software. ChatGPT and copilot are being used to help write code. But these models were trained on existing code and in some cases will copy that code wholesale. Unless carefully vetted, this exposes users to potential copyright infringement claims."

β›… Cloud Native

Google Cloud published the infrastructure reliability guide, a helpful visual tutorial on the building blocks in Google Cloud. It comes with architecture recommendations for desigining reliable infrastructure for cloud workloads.

While reading a blog post about securing GitLab, I came across Constellation which allows to create a Confidential Kubernetes cluster. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.

πŸ‘οΈ Observability

FluxNinja Aperture is a new flow control and reliability management platform, focussed on cloud applications. Microservices can be vulnerable to cascading failures with sudden loads, new deployments or performance issues. This is where flow control helps with graceful degradation to help preserve key user experience. Aperture is open-source and licensed under GPLv3. This Twitter thread sheds more light in the development process, and how they were inspired by CNCF projects. Recommend following this project!

You should instrument your code with OpenTelementry is a great learning story, told by Viktor Farcic. The why, vendor support, example with Golang traces and Gin as middleware.

Andi Grabner shared an interesting workflow with DORA metrics, automatically for all your Kubernetes workloads. Built on the shoulders of OpenTelemetry and the Keptn Lifecycle Toolkit, this workflow collects DORA metrics without pipeline instrumentation. There is more to that, looking at this overview of what the Keptn Lifecycle Toolkit can do and the demo tutorial on YouTube.

Julius Volz started a YouTube learning series for Prometheus with 5-15 minutes length:

πŸ” The inner Dev

Things I want as SRE/DevOps from Devs is a great reminder for embracing visibility for services: Health state, restarts, failure patterns, exposed metrics, architecture, data flow, test coverage. We all can collaborate and make our lives easier!

Debugging applications and tracing syscalls or open files with strace always has been my go-to on Linux. With the increased awareness of (e)BPF, using bpftrace is a new approach. There is a mention of an example to hook into the open syscall entry and exit, and provide details of all opened files.

The Hacker News discussion about the new Web IDE Beta in GitLab brought my attention to a newly developed editor by the creators of Electron and Atom: Zed. It is invite only at the moment, macOS app first. Linux and Windows support is coming later before the 1.0 release.

πŸ“ˆ Your next project could be ...

πŸ“š Tools and tips for your daily use

πŸ”– Book'mark

πŸŽ₯ Events and CFPs

πŸ‘‹ CFPs due soon

Looking for more CfPs?

🎀 Shoutouts

Randall Munroe for the latest xkcd: Euler Diagrams.

A LEGO Washing Machine that actually works - thanks Sameer Kamani!


Thanks for reading! If you are viewing the website archive, make sure to subscribe to stay in the loop!

See you next month - let me know what you think on LinkedIn, Twitter, Mastodon.



PS: If you want to share items for the next newsletter, please check out the contributing guide - tag me in the comments or send me a DM. Thanks!