DEVOPS WEEKLY
ISSUE #559 - 12th September 2021

A few good hindsight design posts this week, both on API design and on data storage cost control. As with lots of decisions, you can apply some patterns too early, but knowing you’ll need to change later if you succeed is useful to remember.


StackHawk sponsors Devops Weekly
============================

Trying to figure out how to keep your APIs secure? You're not the only one. See how DataRobot is automating API security testing with StackHawk.

https://sthwk.com/DataRobot-API-Security


News
====

A good post on the early decisions (in this case around data storage) that can lead to cost control discussions later. You can apply this to other systems as well.

https://medium.com/riskified-technology/over-pay-as-you-go-for-your-datastore-11a29ae49a8b


Details on combining ttl.sh (which provides anonymous and ephemeral container registries) and Cosign to sign the images. A few interesting use cases for this sort of thing.

https://blog.ediri.io/ttlsh-and-cosign-signing-an-anonymous-and-ephemeral-docker-image-registry


A critical review of the recently released Kubernetes security guidance from the NSA, including some up-to-date recommendations.

https://research.nccgroup.com/2021/09/09/nsa-cisa-kubernetes-security-guidance-a-critical-review/


Authentication of the Docker socket is all or nothing, but you can always use a reverse proxy for finer-grained control. A good example using Caddy.

https://raesene.github.io/blog/2021/09/05/restricting-docker-access-with-a-proxy/


An interesting observation about the relationship between observability and the needs of auditors for compliance.

https://vc-sree.medium.com/security-observability-compliance-501f308dcab1


Whenever you’re building a new API, or consuming an API of another system, you quickly build up opinions about what a good API feels like. This post has some good advice for both processes, practices and principles.

https://slack.engineering/how-we-design-our-apis-at-slack/


Tools
=====

SLO Tracker is a dashboard application for displaying SLO and error budget information, based on integration to gather SLI data from Prometheus, Grafana, Datadog and other monitoring tools.

https://github.com/roshan8/slo-tracker
https://slotracker.com


EKS Anywhere is an option to run AWS EKS (the AWS Kubernetes service) on your own infrastructure. The main use case is to standardise the management side of operating a service like this.

https://github.com/aws/eks-anywhere




If you received this email directly then you're already signed up, thanks! If however someone forwarded this email to you and you'd like to get it each week then you can subscribe at http://devopsweekly.com

--

You opted in for Devops Weekly at http://devopsweekly.com

You can always unsubscribe by visiting https://devopsweekly.us2.list-manage.com/unsubscribe?u=b6635e37e35fa5eff0c2a947a&id=a63f24d068&e=[UNIQID]&c=291a6c84eb

If you have other queries you can contact the list maintainer at gareth@morethanseven.net

Our mailing address is 43 Gwydir Street, Cambridge, UK, CB1 2LG