DEVOPS WEEKLY
ISSUE #551 - 18th July 2021

Lots of observability posts this week, from introductions to instrumentation to consideration for data engineering. Plus software bill of material standards, the complexities of branching, security posture management and more.


StackHawk sponsors Devops Weekly
============================

On July 28, ZAP Creator Simon Bennetts is giving a first look at ZAP's new automation framework. Grab your spot:

https://sthwk.com/ZAP-Automation-Framework


News
====

The NTIA Multistakeholder process has published the minimum elements for a software bill of materials. Lower level than most considers will care for, but lots happening in this space at the moment on the standards and early tooling fronts.

https://www.ntia.gov/blog/2021/ntia-releases-minimum-elements-software-bill-materials
https://www.ntia.gov/report/2021/minimum-elements-software-bill-materials-sbom


A look at the tradeoffs between testing in a pipeline and observability in production for data engineering.

https://medium.com/bigeye/testing-vs-observability-which-is-right-for-your-data-quality-needs-1ceb34a12867


A post describing 6 categories of security posture in need of management, from cloud and applications to identity and devices.

https://www.linkedin.com/pulse/6-categories-cybersecurity-posture-david-matousek/


The OpenTelemetry standard is making it easier for generic client libraries to have built-in instrumentation, but there are still interesting tradeoffs and design decisions as discussed in this post.

https://neskazu.medium.com/opentelemetry-in-client-libraries-96136d441f0b


Large open source projects have interesting dynamics. This thoughtful post from the Knative project considers whether a project or product mindset would be best for the long term future of the project.

https://hackmd.io/8YbvSOwsS1SCy9gQsyP9mQ


A post on the complexity of branching strategies and the fact many teams just take that friction for granted rather than try something simpler.

https://thinkinglabs.io/articles/2021/07/14/on-the-evilness-of-feature-branching-a-tale-of-two-teams.html


A deep dive on what’s happening under the hood of AWS Lambda.

https://www.bschaatsbergen.com/behind-the-scenes-lambda


An example of using Google Cloud, Pulumi and Debezium, a Change Data Capture framework, to build a fault tolerant event driven architecture.

https://daily.dev/blog/building-a-fault-tolerant-event-driven-architecture-with-google-cloud-pulumi-and-debezium


A nice summary of what observability is and why it’s important.

https://adri-v.medium.com/unpacking-observability-a-beginners-guide-833258a0591f


Tools
=====

A handy Kubernetes operator that simplifies the management of Role Bindings and Service Accounts, using a declarative configuration for RBAC with new custom resources.

https://github.com/FairwindsOps/rbac-manager


Moco is a MySQL operator on Kubernetes using GTID-based semi-synchronous replication.

https://github.com/cybozu-go/moco


If you received this email directly then you're already signed up, thanks! If however someone forwarded this email to you and you'd like to get it each week then you can subscribe at http://devopsweekly.com

--

You opted in for Devops Weekly at http://devopsweekly.com

You can always unsubscribe by visiting https://devopsweekly.us2.list-manage.com/unsubscribe?u=b6635e37e35fa5eff0c2a947a&id=a63f24d068&e=[UNIQID]&c=8fefe02b2e

If you have other queries you can contact the list maintainer at gareth@morethanseven.net

Our mailing address is 43 Gwydir Street, Cambridge, UK, CB1 2LG