DEVOPS WEEKLY
ISSUE #554 - 8th August 2021

Posts this week on monitoring (with posts on scaling Prometheus and the relationship between testing and observability), Docker usage tips, modern Unix tools, hardening ubernetes and more.


StackHawk sponsors Devops Weekly
============================

ICYMI ZAP Creator and Project Lead Simon Bennetts recently unveiled ZAP's new automation framework. Watch the session and see how it works:

https://sthwk.com/automation-frmwrk


News
====

A great post on scaling Prometheus. Slow queries, data retention, high availability and more areas of discussion.

https://hackernoon.com/my-prometheus-is-overwhelmed-help-qi1937xj


We often see hello-world CI/CD examples, but real world examples are invariably more complex. This post does a good job of avoiding some of the hello world issues, looking at a full pipeline with Kubernetes, Tekton and ArgoCD.

https://piotrminkowski.com/2021/08/05/kubernetes-ci-cd-with-tekton-and-argocd/


A post on a common problem, how to access secure resources (like from a private GitHub repository or Nexus or other private package repository) from within a Docker build, without leaking sensitive information in the resulting image.

https://medium.com/marionete/pass-secure-information-for-building-docker-images-8adeafe08355


Relational SQL accounts for maybe 20% of the current specification. This site contains lots of information about modern advances in SQL and the support in different databases for them.

https://modern-sql.com/


I’ve always found the overlap between testing and monitoring interesting. This post delves into the topic, looking at observability, mutation testing, chaos testing and more.

https://rodolfohansen.medium.com/unit-tests-give-you-observability-cae71ee23303


Kubernetes hardening guidance from the NSA, covering scanning of containers and Pods for vulnerabilities or misconfigurations, running containers and Pods with the least privileges possible, and using network separation, firewalls, strong authentication, log auditing and more.

https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/


Tools
=====

A collection of modern replacement tools for standard unix utilities like ls, grep, cut, sed, ping, history and more.

https://github.com/ibraheemdev/modern-unix


If you’re using Docker and needing to work with multiple cloud-provider container registries you’ll have had to jump through hoops when it comes to credentials. docker-credential-magic makes all of that much simpler.

https://github.com/docker-credential-magic/docker-credential-magic
https://medium.com/@jdolitsky/docker-credential-magic-a-magic-shim-for-docker-credential-helpers-deae9e78c2df


PipeCD is a new continuous delivery tool for declarative Kubernetes, serverless and infrastructure applications

https://pipecd.dev/
https://github.com/pipe-cd/pipe



If you received this email directly then you're already signed up, thanks! If however someone forwarded this email to you and you'd like to get it each week then you can subscribe at http://devopsweekly.com

--

You opted in for Devops Weekly at http://devopsweekly.com

You can always unsubscribe by visiting https://devopsweekly.us2.list-manage.com/unsubscribe?u=b6635e37e35fa5eff0c2a947a&id=a63f24d068&e=[UNIQID]&c=206c979fae

If you have other queries you can contact the list maintainer at gareth@morethanseven.net

Our mailing address is 43 Gwydir Street, Cambridge, UK, CB1 2LG