Bullish DevOps News/Updates — April 2021

Bullish DevOps News/Updates April edition is here! As promised, we’ve prepared a new compilation of fresh DevOps news and updates including the latest tools, methodologies, guides, tips and recommendations to deal with challenging DevOps projects. Does everyone recall what ‘Bullish DevOps’ means?  Yes, you are right — Bullish DevOps helps your business to grow as opposed to Bearish DevOps that is not helpful, respectively. So, we’re sure hardly anyone will deny that DevOps at IT Svit is Bullish enough! We created a DevOps digest for DevOps engineers, developers, system administrators and IT leaders to taste the DevOps World’s latest updates and other goodies. 

Tonari introduces Innernet

Meet Innernet — an open-source tool to protect secure work environments like Nebula, Tailscale with access control and WireGuard under the hood. It comes with some added features to make life easier, and it is friendly with various sizes of networks: one for your organization, one for your project, one for your social circle to create an idealistic alternate internet universe. When creating innernet Tonari experts had these simple goals in mind: 1) conveniences as a typical WireGuard user wants to have peer names, auto-updating peer lists, groups based on IP blocks so on; 2) free, open-source environment; 3) straightforward architecture — a simple SQLite server-client model. In the guide, Tonari explained how innernet works by an example network. 

Kubernetes says ‘goodbye’ to PodSecurityPolicy

Tabitha Sable, Kubernetes SIG Security announced that PodSecurityPolicy (PSP) is being deprecated in Kubernetes 1.21. The countdown to its removal has started, but it doesn’t change anything else. PodSecurityPolicy will continue to be fully functional for several more releases, and in the meantime, they are developing a replacement for PSP. What are Pod Security Policies? Why did you need them? Why are they going away, and what’s next? How does this affect you? These key questions are covered here. You can follow the development of a replacement in the Kubernetes Enhancement Proposal here. 

How to provision Kubernetes clusters on AWS with Terraform and EKS

Kristijan Mitevski has offered a detailed guide to configuring a Kubernetes cluster on AWS, GCP, and Azure using the CLI and Terraform. With this guide, you will learn how to create clusters on the AWS Elastic Kubernetes Service (EKS) with eksctl and Terraform. By the end of the tutorial, you will automate creating three clusters (dev, staging, prod) complete with the ALB Ingress Controller in a single click. Having the infrastructure defined as code makes your job easier. If you wish to change the version of the cluster, you can do it in a centralized manner and have it applied to all clusters.

How to minimize DNS latency 

Frank Danis in his “Random Thoughts” has encouraged us to stop using ridiculously low DNS TTLs. DNS latency is a key component to having a good online experience. And just to minimize DNS latency, carefully picking DNS servers and anonymization relays play a key role. However, the best way to minimize latency is to avoid sending useless queries to start with. How we can do that is described here.

How to compose operating system images 

Meet OS Build Composer — a tool for composing operating system images, creating your own VM images. Read here about what OS Build is and what projects are part of it. Github OS Build Composer is here. Front End for OS Build Composer can be performed with the help of  Cockpit — a web-based management console with UI extension to build operating system artifacts. Plus, we give you helpful info on how to create your own Fedora image and push it to the cloud and build AWS images with Image Builder.

Dealing with Prometheus remote write issues 

Callum Styan explains how to troubleshoot remote write issues in Prometheus. With Prometheus remote write system having plenty of tunable knobs, it could be hard to distinguish which ones to adjust, in the event of an issue. In his article, Styan gives metrics that can help you analyze remote write issues, detect problems and decide which configuration parameters you might need to change.

How to benchmark persistent disk performance

Still benchmarking persistent disk performance with the help of dd and the similar? Use FIO instead! By default, dd uses a very low I/O queue depth, so it is difficult to ensure that the benchmark is generating a sufficient number of I/Os and bytes to accurately test disk performance. What’s more, the dd devices are pretty slow, as a rule, and do not reflect persistent disk performance. Basically, try to avoid using devices like /dev/urandom, /dev/random, and /dev/zero in your persistent disk performance benchmarks. How to benchmark persistent disk performance correctly is here. 

Wrapping things up

Bullish DevOps digest is all about the latest updates to make sure people who are interested in DevOps catch up with brand-new and helpful info from the DevOps world. Tell us in the comments what was good to learn and what you want to hear in the next issue. Bullish DevOps Bulletin — May 2021 is on the way!