CatOps

06 мая 2024 14:08

​​A friend of mine is raising funds for an FPV complex for his brother that works as an instructor in the Foreign Legion.

Monobank Jar:
https://send.monobank.ua/jar/2P9ANBRRp4

Card number: 5375411213105070

The goal is 125k UAH and we're almost there.

You can find more info about this fundraiser (in Ukrainian) via these links:

- https://www.instagram.com/reel/C6eCeExtr9B/?igsh=MXM2aHJ4NTc3ejB6eQ==
- https://www.facebook.com/share/v/BvQUapoc2j7jyr3E/?

CatOps

02 мая 2024 13:49

A couple of articles I stumbled upon when researching some things for work.

- You can use ARG in the FROM definition in a Dockerfile. I didn't know that it's possible. Back in a day I tried using ENV there and it didn't work, so I assumed it's non-configurable. Apparently, it is. You may argue if it's a good practice to alter the FROM configuration this way, but I can clearly see use cases for that.

- A workaround for Terraform's `default_tags` definition. This way you can "exclude" the default_tags for some resoures in Terraform. For example, if you're using the default subnets, etc. that were imported in Terraform. You cannot change tags for those things in AWS, so you need to workaround that. Again, using defaults in AWS is probably not a good practice, but sometimes those things are in use for historical reasons, etc.

Again, these two articles have no relation whatsoever, just want to share them with you.

#aws #terraform #docker

CatOps

30 апреля 2024 11:45

At last! A new issue of our Voice Chat is out! It took me way longer, because I had to switch from Davinci Resolve to Kdenlive, since Davinci doesn't really work on Linux despite their claims.

In any case, here we are. We talked about Jenkins this time: who uses it, why is it still in use, and what alternatives would we use instead.

The voice chat is in Ukrainian and is available on:

- YouTube
- Substack
- Spotify
- Apple Podcasts
- or via a direct RSS feed

#voice_chat #cicd #jenkins

CatOps

25 апреля 2024 16:28

Two small security-related articles for you today.

- About vulnerabilities in AI and ML applications. tl;dr: with the raise of popularity of AI/ML applications, the number of potential security holes raises as well. Especially interesting is the fact, that sometimes hackers exploit the same attack vectors that were used against the web applications long ago and were mostly mitigated since then.
- A small excerpt from the DevOpsSec report if you'd rather stick with an "old and prooven" technology, there are some bad news for you as well - according to the DevSecOps2024 report, 90% of Java services have vulnerabilities.

#security

CatOps

23 апреля 2024 11:28

Ha! I was sure I shared this article with y'all before, but when I tried to find it on the channel today, I was unable to. In any case, even it was here, it won't hurt to repeat it.

So, here it is - denisstortisilva/kubernetes-eks-calico-and-custom-admission-webhooks-a2956b49bd0d">Kubernetes: EKS, Calico and custom Admission Webhooks.

This article sheds some light on the EKS networking. The gist is that if you use anything except the native VPC CNI, your control plane pods (API, scheduler, etc.) and workload pods will end up in different networks, because you cannot install any custom pods into the control plane.

Unless you use admission webhooks, you probably won't even notice; but if you do, API won't be able to contact your admission controller pods without some workarounds.

This is the nature of managed services: you gain something - you loose something.

#kubernetes #eks #aws

CatOps

21 апреля 2024 12:44

A fresh issue of the CatOps Digest is here:

https://newsletter.catops.dev/p/catops-digest-2024-04-21

#digest #newsletter

CatOps

18 апреля 2024 12:08

If you work with Kubernetes, there won't be any new information for you. However, when you encounter a namespace stuck in the "Termination" state the first time, it might be dumbfounding.

This article describes what to do in such situations. Also, it's good to learn about finalizers at some point anyway.

#kubernetes

CatOps

16 апреля 2024 15:42

I had a whole talk about testing of the Helm charts, but it's not the only (almost) YAML that you could test!

This blog post describes how one could test their Prometheus alerts. Which is more productive than waiting till something happens.

#observability#testing

CatOps

11 апреля 2024 12:01

A programming books bundle on Humble Bundle by Manning Press.

There are a couple of books that could be interesting to you, even if programming is not your primary occupation.

#books #programming

CatOps

09 апреля 2024 12:31

Sometimes, people claim that I am anti-certifications, which is not true. I haven't had an experience in my life when I had to get a certificate for a new job or a promotion. However, if certification works for you, it's great!

Besides, until the 16th of April, you can buy courses from CNCF with 30% discount.

#courses #cncf

CatOps

07 апреля 2024 15:53

A new issue of the CatOps Newsletter is here:

https://newsletter.catops.dev/p/catops-digest-2024-04-07

#newsletter #digest

CatOps

03 апреля 2024 14:42

I almost forgot to post it here.

Today I'm speaking at the GeekOpsUA Virtual Meetup (in Ukrainian) at 19:00 Kyiv time (18:00 CET).

There's no specific topic, it's going be just a fireside chat.

Here's the link you can join today

- GeekOpsUA on Telegram
- GeekOpsUA on LinkedIn
- GeekOpsUA on YouTube

See you there!

#event

CatOps

02 апреля 2024 19:33

For those who also had holidays.

Everything you need to know about the recent xz vulnerability in one place.

#security

CatOps

29 марта 2024 14:45

Kondense is a Kubernetes tool that allows you resize contianers in a pod based on the memory pressure.

It’s installed as a sidecar and uses real-time memory pressure to determine the optimal memory for each containers in a pod.

You can read the justification behind this tool in this Reddit post

#kubernetes

CatOps

27 марта 2024 12:49

A neat comparison between Argo and Flux.

I like the fact that the article mostly focuses on UX and use cases. Yet, I would disagree with this statement here:

 would deploy one Argo CD per tenant, where each tenant is an independent developer team with their applications, but it can work with multiple clusters, for example, dev/stage/prod, etc.

CatOps

03 мая 2024 08:17

https://itnext.io/benchmark-results-of-kubernetes-network-plugins-cni-over-40gbit-s-network-2024-156f085a5e4e

CatOps

01 мая 2024 13:36

A curious story about S3 billing. So, AWS charges you for unauthorized access attempts to your buckets. Thus, it’s possible to maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1">create an attack to inflate someone’s AWS bill if you know the buckets’ names.

Honestly, I’m not sure what’s the moral of this story. Make your buckets private unless public access is strictly required. Do not use common names or if you have to, use prefixes or/and suffixes to distinguish buckets or randomize the names.

#aws #s3 #security

CatOps

29 апреля 2024 16:21

For today's Donations Monday together with AWS Notes and UA Responders we are raising funds for rehabilitation of our warriors.

After the time in hospitals additional rehabilitation is still required for those who lost their limbs or eyesight. The goal of this fundraiser is to provide additional recovery courses for these people.

You can donate to the Monobank Jar:
https://send.monobank.ua/jar/4H6tH9GEPR

Or via a speacial Stripe link (Monobank jars do not always work with non-Ukrainian cards, at least for me).
https://bit.ly/43GbxKj

#donations #Ukraine

CatOps

24 апреля 2024 12:22

A couple of articles on how to improve your CLI experience.

- 7 Amazing CLI Tools You Won't Be Able To Live Without - I really enjoyed this one and borrowed some configuration from there. It also comes with a complimentary video, so you can see those configs in action.
- How I setup my terminal for max productivity - came in the Substack email today. This is basically just a list of many CLI tools, some of them are useful, others less so. You may find something for you there, though.

#cli #productivity

CatOps

22 апреля 2024 11:45

​​For today’s Donations Monday I would like to remind you about the UA Responders foundation that raises funds for medical equipment.

I know these folks personally, so I can vouch for them.

#donations #Ukraine

CatOps

19 апреля 2024 14:15

Some lightweight read for you on Friday.

From the 80's to 2024 - how CI tests were invented and optimized sneak peeks into the history of automated testing. And evaluates possible future avenues where testing strategies could go.

Fun fact: Jenkins is apparently 20 years old. I didn't know that :D
Another fun fact: we had a voice chat about Jenkins recently. Yet, I still need to find some moral power to edit it.

#cicd

CatOps

17 апреля 2024 14:36

I'm no Azure user - this thing came from the chat.

Azure has a collection of verified modules for Terraform and Bicep (their own IaC tool).

So, if you happened to work with Azure, check it out! Maybe, it could make your life a bit easier.

#iac #terraform #azure

CatOps

15 апреля 2024 14:01

or today's Donations Monday, I'd like to remind you about a big fundraiser by "Come Back Alive" to support the Ukrainian snipers there's still a long way to go, but the majority of the funds are already there.

#donations#Ukraine

CatOps

10 апреля 2024 15:12

Despite a clickbait title, this is actually a good article with a list of good practices for Kubernetes.

tl;dr list:
- Use ephemeral contianers for debug
- Use admission controllers
- Kustomize is a nice tool
- Autoscale based on custom metrics if it makes sense
- Tweak API Priority and Fairness (APF) if it makes sense
- Submariner for multicluster (I have used other tools for multi-cluster, there are many ways of connecting clusters, so it's up to you to decide, what to use)
- Use Topology Spread Constraints

#kubernetes

CatOps

08 апреля 2024 15:09

For today's Donations Monday we need to support a member of our community - Oleksa Baida, who's going to join the Armed Forces of Ukraine soon.

He managed to cover most of the equipment and medical expenses on his own, but there are still things left.

Monobank Jar:
https://send.monobank.ua/jar/7sYxdJPVuo

Top-up a card directly:
5375411215704862

Bank requisites:

Отримувач: Байда Олексій Сергійович
IBAN: UA383220010000026202344355441
ІПН/ЄДРПОУ: 3139812353
Призначення платежу: Поповнення рахунку банки

Also, if you want to meet Oleksa in person, there gonna be a gathering in Kyiv tomorrow at 19:00 (Kyiv time).

If you want to join, please, fill out this form, so he can book a place with enough space for everyone.
https://forms.gle/Q6P6bHLGJcCEpUps8

#donations #Ukraine

CatOps

05 апреля 2024 13:10

Friday is a great day to listen to our CatOps voice chat (in Ukrainian)! Especially, since the topic of this episode is mental health and management.

We kinda slipped into discussing management at some point.

You can find the episode on:

- YouTube
- Substack
- Spotify
- Apple Podcasts
- RSS Feed

Enjoy!

#voice_chat

CatOps

03 апреля 2024 12:14

A nice step-by-step guide of how to test a Python AWS Lambda function locally with LocalStack.

This guide doesn't cover fixtures in LocalStack, though. In my experience, adding fixtures into LocalStack is PITA, but I have a very specific scenario where I need to create a couple of thousands of S3 objects relatively fast.

#aws #serverless #python

CatOps

30 марта 2024 10:18

RedHat reported a 10/10 vulnerability in the xz compression library.

The vulnerability provides remote backdoor access and present in xz 5.6.0 and 5.6.1.

There’s also an interesting discussion of this vulnerability on HackerNews:

 annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of its "great new features".

CatOps

28 марта 2024 15:16

People often say that Observability is a Data problem. Although, it sounds correct intuitively, I cannot say that I fully understood how Data engineering approaches could be applied to the Observability systems.

This article about Wide Events clarified things for me a bit. Indeed, if any event that happened in the system is just an object with some value and useful metadata, things like metrics, logs, and traces become less relevant - it's all events now!

Apparently, this is how Observability is done in Meta, according to the author, and apparently people in Meta like it. I never worked for Meta, I don't know what they really use there and if it's better than the tools available to us mere mortals.

However, this is an interesting concept, and it would be wonderful to see similar projects that are not internal to the Big Tech companies.

#observability

CatOps

26 марта 2024 08:39

Some time ago, I predicted that there is going to be more Kubernetes distributions. Then it didn’t happen, so I thought I was wrong.

Yet, now Canonical has introduced their Kubernetes distribution.

It’s based on the upstream Kubernetes 1.30, has some built-in add-ons, and yes, you can install it with snap.

#kubernetes