Yusuf Adeyemo’s Post

What are the challenges with Kubernetes Operators? 1. 𝐂𝐨𝐦𝐩𝐥𝐞𝐱𝐢𝐭𝐲 𝐢𝐧 𝐃𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭 -  Building Operators require in-depth knowledge of Kubernetes internals, APIs, and controller patterns. -  Designing robust logic to handle edge cases and errors is non-trivial. 2. 𝐌𝐚𝐢𝐧𝐭𝐞𝐧𝐚𝐧𝐜𝐞 𝐎𝐯𝐞𝐫𝐡𝐞𝐚𝐝 -  Operators need frequent updates to remain compatible with newer Kubernetes versions. -  Keeping up with changes in dependencies or application requirements adds to the workload. 3. 𝐑𝐞𝐬𝐨𝐮𝐫𝐜𝐞 𝐂𝐨𝐧𝐬𝐮𝐦𝐩𝐭𝐢𝐨𝐧 -  Poorly designed Operators can lead to excessive resource usage, impacting cluster performance. -  Mismanagement of control loops may cause unnecessary API server interactions. 4. 𝐓𝐞𝐬𝐭𝐢𝐧𝐠 𝐚𝐧𝐝 𝐃𝐞𝐛𝐮𝐠𝐠𝐢𝐧𝐠 -  Testing reconciliation logic across multiple states and scenarios is challenging. -  Debugging issues in distributed systems can be time-consuming. 5. 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐑𝐢𝐬𝐤𝐬 -  Operators with extensive cluster permissions can pose security risks if exploited. -  Misconfigurations or vulnerabilities can lead to cluster-wide impacts. 6. 𝐋𝐢𝐦𝐢𝐭𝐞𝐝 𝐑𝐞𝐮𝐬𝐚𝐛𝐢𝐥𝐢𝐭𝐲 -  Operators are often highly application-specific, limiting their use in other contexts. 7. 𝐒𝐜𝐚𝐥𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐈𝐬𝐬𝐮𝐞𝐬 -  Managing multiple Operators for different applications can lead to operational overhead in large clusters. 8. 𝐂𝐥𝐮𝐬𝐭𝐞𝐫 𝐃𝐞𝐩𝐞𝐧𝐝𝐞𝐧𝐜𝐢𝐞𝐬 -  Operators depend on specific Kubernetes features, which may not be available in all environments (e.g., managed Kubernetes services). 9. 𝐌𝐨𝐧𝐢𝐭𝐨𝐫𝐢𝐧𝐠 𝐚𝐧𝐝 𝐎𝐛𝐬𝐞𝐫𝐯𝐚𝐛𝐢𝐥𝐢𝐭𝐲 -  Monitoring Operator performance and ensuring proper observability is crucial but can be complex to implement.

What does the perfect CI/CD pipeline look like? Our basic criteria to asses pipelines: - Fast - Reproducible - Secure - Fully automated (yes, some aren't) How do we get there? It depends on the service you are using. Some aspects are not related to the vendor but to your own doing. You want your builds to be fast: - Use appropriate caching - Pre-build images instead of downloading and installing tools at run time. - Re-Use artifacts - Parallelize, use compile flags, test runners, and tools, that support parallelization. Our builds should be reproducible: - Reduce external factors as much as possible - Build test cases that are stable and can handle date/time edge cases and parallelization - You must be able to re-run a test 100 times and get the same final result 100 times Secure builds are a must: - Do not expose any secrets - Do not give access to any systems - They are hardened to prevent dangerous build artifacts from being stored in repositories or even deployed to any system. -Test for security defects and known vulnerabilities Fully automated: - So, it can be triggered and run by anyone within the team - It can be made fast, reproducible, and secure. - Can support the team rather than blocking you. How are your pipelines looking?

Developers, if your inbox looks like an alarm factory, it’s time for a change. 🛠️ 🔸 Optimize incident response through dynamic alert routing 🔸 Silence low-priority alerts 🔸 Enable smarter triage with logs, events and graphs Result: Fewer distractions, faster MTTR, focus on creating great applications. Here’s how: 3 Steps to Minimize Alert Fatigue 👉 https://lnkd.in/gr3zZUyp

tb.lx #KnowledgeSharing 🧠 Curious about #SLOs? Then this one is for you: "The SLO Toolkit" by Adrien Bestel, Principal Ops Engineer @ tb.lx - is hot off the press on our Medium blog 🗞️ This article is the third instalment of the SLO series, and will pivot towards a more advanced and streamlined approach to SLOs. Here are some highlights: - "The cognitive load around SLO concepts is already significant. This load is compounded when faced with manually implementing metrics that allow monitoring SLOs, as understanding and writing complex queries can be intimidating. The queries can be error-prone and become a maintenance headache over time." - "With this exploration into the world of SLOs with Pyrra, we’ve uncovered the pivotal role this tool plays in streamlining SLO setup and alerting. Pyrra stands out as a powerful ally in managing the complexities associated with SLOs in a Prometheus environment." - "By automating and simplifying tasks that were once laborious, Pyrra enables teams to focus more on service improvement, and less on the intricacies of monitoring and alerting setups. Its integration with Grafana enhances our ability to visualize and respond to SLO performance, solidifying our stance in proactive service reliability management." Read the full article to explore how #Pyrra, a robust tool in the #Prometheus ecosystem, revolutionizes SLO setup and alerting. This exploration will not only deepen your understanding of SLO intricacies but also demonstrate practical applications, ensuring your SLO strategies are both efficient and effective. 🔗 Follow this link to read the full article: https://lnkd.in/dfHWXbPY #wearetblx

Happy weekend everyone, here is my first write up about how you can build DevSecOps pipeline with free and open-source tools. In this write I covered: 1. SAST 2. SCA 3. Image scanning 4. DAST This is a basic setup only, any further enhancement will need to be configure with your preference. Let me know your thoughts on this write up here: https://lnkd.in/gHvNysrz

🚀 Key Learnings from Prabesh .( Senior SRE ) talks in PlatformCON hosted by Luca Galante in June .Check out Platform Engineering for more content . • 𝐂𝐈/𝐂𝐃 is the modern way of delivering high quality code which changes more frequently and more reliably using a continuous iterative process and iterative process to build , test and deploy to avoid bugs and code failures . • Security 𝐆𝐨𝐚𝐥𝐬  and 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬 in 𝐂𝐈/𝐂𝐃 Goals are Protecting code from Malicious Actors , Preventing Data Leaks, Maintaing the security policies for CI/CD Pipeline ,Quality Assurance of Code  Practices • Code Repository access restriction and using audited code  • Reviewing Code efficiently  • Maximizing Test Accuracy using SonarQube and Codecov  • Image Scanning and Repository Auditing  • Implementing Safe Deployments using various deployment strategies 𝐃𝐎𝐂𝐊𝐄𝐑 𝐒𝐂𝐎𝐔𝐓 • 𝐃𝐨𝐜𝐤𝐞𝐫 𝐒𝐜𝐨𝐮𝐭 is like the Security Guard for Container Images as it scans each layer of image (A docker build consist of series of ordered build instructions , each instructions get roughly translated to image layer) , identifying software components and checking them against database on known vulnerabilities . • 𝐃𝐨𝐜𝐤𝐞𝐫 𝐒𝐜𝐨𝐮𝐭 is a Security Scanner on Steroids 💉 !!    😂 • 𝐃𝐨𝐜𝐤𝐞𝐫 𝐒𝐜𝐨𝐮𝐭 uses SBOM( a nested inventory of ingredient that makes up software components like dependencies)to cross reference with streaming CVE data to surface vulnerability and potential remediation • 𝐃𝐨𝐜𝐤𝐞𝐫 𝐒𝐜𝐨𝐮𝐭 uses scans for a event driven model ie if a new vulnerability affecting your images is announced scout shows your updated risks within seconds • Key Features of 𝐃𝐨𝐜𝐤𝐞𝐫 𝐒𝐜𝐨𝐮𝐭 are Unified View , Event driven vulnerability updates, In context remediation recommendation .

Debugging can range from solving a minor issue to addressing a complex problem with an unclear root cause. Until the scope of the bug is fully understood, it's impossible to create an effective solution plan. Here are five key questions to ask your tech team when addressing bugs:

Curious about how NS tests IaC on a mission-critical platform? Check out my full article to explore our infrastructure as code testing strategies and learnings. I'm eager to hear your thoughts and experiences. Drop a comment or get in touch if you have any feedback or questions!

Protect ALL of your packages and deliver consistent builds?! Sign us up! Read our latest blog to learn how you can leverage Cloudsmith with Dependabot 🤖 to streamline your dependency management ⬇ ⬇

Read this blog to find out how to use Dependabot with Cloudsmith for your open source and in house binaries Always be Pinning and Updating to latest 😎