DEVOPS WEEKLY
ISSUE #556 - 22nd August 2021

Identify and access management, data operations, root cause analysis, SLOs and a few interesting Kubernetes security posts and tools this week.


StackHawk sponsors Devops Weekly
============================

Trying to automate application and API security testing? See how StackHawk and Burp Suite Enterprise stack up:

https://sthwk.com/burp


News
====

Access and Identify is a deep topic, no more so when it comes to AWS. This post does a good job of explaining the current situation and related problems, and discusses potential improvements.

https://ben11kehoe.medium.com/aws-doesnt-know-who-i-am-here-s-why-that-s-a-problem-4aeca591b0a6


Gatekeeper (the Kubernetes policy enforcement tool) now has an alpha capability to mutate resources. This post is a good introduction, including an example of automatically fixing pod security admission issues.

https://medium.com/@LachlanEvenson/mutating-kubernetes-resources-with-gatekeeper-3e5585d49ead


Everyone likes the idea of a single root cause when a problem occurs. This post compares that to how we think about successes, to make the point about the fragility of looking for a singular root cause.

https://surfingcomplexity.blog/2021/08/13/root-cause-of-failure-root-cause-of-success


A detailed post on how best to audit and secure an AWS account.

https://acloudguru.com/blog/engineering/how-to-audit-and-secure-an-aws-account


A good post on service level objectives. It starts out with a good introduction, but it’s nice to see concrete examples and discussion of how to implement this in code, in this case with Ruby and Java.

https://www.betterment.com/resources/service-level-objectives-slo


If you’ve read much about SRE, you’ll probably have heard of the four golden signs of monitoring. This post provides a quick introduction and suggests some improvements and gaps.

https://rootly.io/blog/how-to-improve-upon-google-s-four-golden-signals-of-monitoring


The infrastructure for storage and usage of internal data is an ever-growing part of lots of operations teams responsibilities. This post provides a useful high level view of such a modern data platform.

https://towardsdatascience.com/the-anatomy-of-an-active-metadata-platform-13473091ad0d


Tools
=====

Secrets and Kubernetes can be a challenge. This webhook provides one option, injecting secrets into Kubernetes resources from various secrets managers including Vault, AWS, GCP and Azure secrets managers.

https://github.com/OT-CONTAINER-KIT/k8s-vault-webhook


Kubescape is a new security scanning tool for checking the setup of a Kubernetes cluster, based on the recently published NSA and CISA guidance.

https://github.com/armosec/kubescape



If you received this email directly then you're already signed up, thanks! If however someone forwarded this email to you and you'd like to get it each week then you can subscribe at http://devopsweekly.com

--

You opted in for Devops Weekly at http://devopsweekly.com

You can always unsubscribe by visiting https://devopsweekly.us2.list-manage.com/unsubscribe?u=b6635e37e35fa5eff0c2a947a&id=a63f24d068&e=[UNIQID]&c=5a32ea11c1

If you have other queries you can contact the list maintainer at gareth@morethanseven.net

Our mailing address is 43 Gwydir Street, Cambridge, UK, CB1 2LG