DEVOPS WEEKLY
ISSUE #528 - 7th February 2021

The usual mix of topics this week, but several posts on build systems; building container images, Cargo build tricks, the importance of securing software build pipelines and more.


env0 sponsors Devops Weekly
========================

Prevent cloud misconfigurations by shifting security left in your IaC deployments!

https://www.env0.com/blog/better-together-checkov-and-env0

About env0: use Infrastructure as Code to let your team manage their own environments across clouds. Governed by your policies and with complete visibility & cost management.


News
====

A detailed post on the Bottlerocket build system. You may not have quite as complex a project, but lots of interesting tricks in here for using Cargo for much more than just building Rust code.

https://aws.amazon.com/blogs/opensource/how-the-bottlerocket-build-system-works/


A post on how to best defend your software build pipeline from targeted supply chain attacks.

https://www.ncsc.gov.uk/blog-post/defending-software-build-pipelines-from-malicious-attack


Architecture diagrams often feature lots of boxes and arrows, but how do you overlay more useful information without visual overload? This post provides a handy visual language.

https://blogs.mulesoft.com/api-integration/strategy/a-visual-language-for-digital-integration/


Dockerfiles are ubiquitous for building container images. But if you’re looking for something that provides a higher level interface and stronger opinions then buildpacks are worth a look. This post compares the two.

https://technology.doximity.com/articles/buildpacks-vs-dockerfiles


Threat modelling is a useful tool for getting people thinking about the security of their systems. It’s also a great way of encouraging collaboration between development and security teams. This new manifesto is a good starting point.

http://www.threatmodelingmanifesto.org


Ever wanted to understand how Kubernetes allocates IP addresses when you run a high-level command like kubectl expose? This post has you covered.

https://thebsdbox.co.uk/2021/01/01/Putting-a-VIP-in-your-Kubernetes-Clusters/


gRPC is optimised for fast, secure over-the-wire transfer. But that makes it harder to debug than something like JSON over HTTP. Here’s how to use Wireshark for analyzing gRPC messages.

https://grpc.io/blog/wireshark/


A case study for building a Kubernetes-powered CI/CD pipeline using GitLab and Helm.

https://nextlinklabs.com/insights/kubernetes-ci-cd-gitlab-with-helm


Events
======

WTF is SRE? Container Solutions presents a new WTFinar that tackles the beginning of understanding SRE. Join Nathen Harvey from Google to learn about service level indicators (SLIs) and service level objectives (SLOs) - components of error budgets. 9th February, 15:00 CET

https://bit.ly/3atRvHI


Tools
=====

Vorteil provides a super interesting toolkit for building and running fast micro-VMs. You can even convert an OCI-compliant container image directly to a VM and run it using Vorteil.

https://github.com/vorteil/vorteil


Kubenav provides desktop, web and mobile apps for monitoring the status of a Kubernetes cluster.

https://github.com/kubenav/kubenav


If you received this email directly then you're already signed up, thanks! If however someone forwarded this email to you and you'd like to get it each week then you can subscribe at http://devopsweekly.com

--

You opted in for Devops Weekly at http://devopsweekly.com

You can always unsubscribe by visiting https://devopsweekly.us2.list-manage.com/unsubscribe?u=b6635e37e35fa5eff0c2a947a&id=a63f24d068&e=[UNIQID]&c=addff5196d

If you have other queries you can contact the list maintainer at gareth@morethanseven.net

Our mailing address is 43 Gwydir Street, Cambridge, UK, CB1 2LG