Bullish DevOps Bulletin — March 2021

Bullish DevOps. What does it mean? We see Bullish DevOps as the DevOps that helps your business to grow and, to the contrary, Bearish DevOps is the approach that is not helpful enough, when unprofessionally implemented, and even leads to catastrophic losses. So, we’re sure DevOps at It Svit is Bullish enough at least we are very bullish on our DevOps! We created a DevOps bulletin for DevOps engineers, ambitious developers and system administrators, IT leaders to catch up on the latest DevOps news and updates including the latest tools and methodologies. Plus helpful guides, tips and recommendations to deal with challenging DevOps projects. Ready to taste the DevOps World’s latest updates and other goodies? Follow us then! 

HashiCorp Consul as a fully managed service for AWS 

In February Hashi Corporation announced that HashiCorp Consul now performs as a fully managed service for AWS environments on the HashiCorp Cloud Platform (HCP). HCP Consul is the first fully managed service mesh solution handled and supported by the specialists who created the product. HCP Consul provides a simple service discovery tool easily adopted service mesh for both individuals and businesses while diminishing the operational trouble of launching and running it in production. HCP Consul is designed to help minimize the steps necessary to use Consul within your AWS environments. At a high level, here are the four tasks such as create, deploy, peer and connect that customers need to accomplish to start using HCP Consul. Hashi Corporation also announced the availability of a new HashiCorp Terraform provider for HCP. Terraform tutorials — 1 & 2.

Guide for picking the right Terraform Security Code Analysis Tool

Have you ever been puzzled by the wide range of choices of static analysis tools for Terraform?  Marko Fábry, Cloud Architect and Marek Šottl, Cloud Security Engineer at Revolgy closely looked at the tooling to identify security vulnerabilities and misconfigurations for AWS and GCP. The experts decided to unify different preferences of engineers at Revolgy to provide improved and more consistent secure services to customers. Revolgy engineers started their own testing PoC and evaluated results based on various metrics including false positive and false negative rating, integration options and quality of the recommendations themselves. Revolgy experts in their complete guide for picking the right tool for Terraform Security Code Analysis stressed that there are other tools besides Kubernetes and Ansible aimed at security scanning that are more plug-and-play. At the end of the article, they compare a specific set of such tools.

Curated Collection of SRE Resources and Examples from first-rate IT organizations

Need examples of how IT organizations practice SRE (site reliability engineering) around the world? Here is a curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice SRE. In 2003 Google had given a task to their software engineers to make their grand scale site more efficient, reliable and user-friendly. The approach Google team used to work with the site turned out to be so effective that many IT giants decided to adopt it. We talk about site reliability engineering practices that are used to implement software development solutions into IT operations processes like performance planning, configuring, monitoring, failure alerting and others. These practices correlate perfectly with DevOps such as continuous integration/delivery and infrastructure as a code approach. Due to SRE, tasks traditionally performed by operation specialists, manually, as a rule, are resolved using automation and software. Automation is the most essential component of the SRE model as site reliability engineers are always searching for ideas on how to improve and automate operations tasks. This way, SRE enhances system’s reliability. In the curated repository of best SRE practices, Github experts collected the most reliable and efficient tools, techniques, books lists from leading IT organizations. However, note please, that repository was created recently, the list itself might refer to some of the articles, posts, videos, tools, and techniques published a couple of years ago.

Kubernetes API Priority and Fairness regulation 

Ivan Slim in his article about the Kubernetes API Priority and Fairness (APF) shared what he has discovered and showed how to define policies to prioritize and throttle inbound requests to the Kubernetes API server. Additionally, Ivan went over some metrics and debugging endpoints that can be used to determine if APF is affecting controllers. As a result, he showed how to create custom FlowShema and PirorutyLevelConfiguration resources to regulate inbound traffic to API servers and went over the specifications of these resources.

Kubernetes NetworkPolicy Editor 

If you want to adopt Kubernetes NetworkPolicies for apps in your cluster, you should be ready that the learning curve from very basic examples to more complex real-world policies is steep. Even experienced Kubernetes YAML-experts can still easily make their brain explode working through an advanced network policy use case. In the Livestream from Cloud Native Computing Foundation, Thomas Graf went over everything from the basics of Kubernetes Network Policy to more advanced concepts. He explained step by step from setting up simple policies to tackling trickier questions such as spotting and avoiding conflicting rules, looking at common mistakes, and examining some advanced real-world policy examples similar to those implemented by major Kubernetes users. What’s more, CNI Cilium experts created the NetworkPolicy Editor project, which allows you to create, visualize and share network policies online. 

IAM Access Analyzer Policy Validation Update

A couple of weeks ago, AWS announced the release of the policy validation add-on for the IAM Access Analyzer — a tool allowing to validate IAM policy configurations for security compliance (over 100 tests based on AWS IAM best practices) and detailed recommendations for configuring IAM. You can use it directly from the IAM Console web interface when creating IAM policies, and the same CLI/API AWS access analyzer validate-policy for integration with custom CI/CD workflows, without the need for third-party tools. From a security point of view, this is a very useful and on-demand functionality that is designed to at least partially solve the problem of misconfigs when configuring IAM policies.

DevOps roadmap 

Dreaming about a DevOps engineer’s role in a high-class company? DevOps experts of the DevOps Journey community prepared a quite helpful video informing entry-level DevOps specialists or developers/sysadmins wishing to switch to DevOps of the DevOps roadmap relevant in 2021. DevOps engineers are supposed to work with developing and IT operations teams, QA specialists and production teams to supervise the code delivery and release. DevOps engineers are supposed to have and utilize well-developed soft and hard skills to break the time-honored wall between software production teams and impeccably manage IT infrastructure. Moreover, DevOps engineers should be endowed with leadership and business skills to work with the teams. If you desire to become one, you have to accept the fact that your way to success will not be a piece of cake, just remember IT Svit is here to help you at any stage of your path. 

Wrapping things up

Would you like to get such a bulletin regularly? We hope you’re nodding at least! Well, tell us in the comments what was good to learn and what you want to hear in the next piece. Bullish DevOps Bulletin — April 2021 is coming up!