CatOps
DevOps and other issues by Yurii Rochniak (@grem1in) - SRE @ Preply && Maksym Vlasov (@MaxymVlasov) - Engineer @ Star. Opinions on our own. We do not post ads including event announcements. Please, do not bother us with such requests!
Більше5 753
Підписники
-524 години
-407 днів
+7030 днів
Час активного постингу
Триває завантаження даних...
Find out who reads your channel
This graph will show you who besides your subscribers reads your channel and learn about other sources of traffic.
Аналітика публікацій
| Дописи | Перегляди | Поширення | Динаміка переглядів |
01 We are all aware of questinos like: "What happens when you type google.com in a browser?" or "What happens when you do kubectl apply?", but do you know What Happens on GitLab When You do git push?
#gitlab #git #cicd | 568 | 5 | Loading... |
02 Some say that 2024 will finally be a year of serverlessless /s
So, here’s a comparison from Ahrefs of their costs of running physical data centers vs running in a cloud.
However, many these comparisons lack an important point. At least, Ahrefs acknowledges that:
article doesn’t take into account other aspects that would make the comparison even more complicated. These include people skills, financial controls, cash flow, capacity planning depending on the load type, etc.
Their solution? Hire all those people laid off from Big Tech!
My brother in Christ, system engineers are the last to be laid off…
P.S. It’s quite ironic to post this article from the AWS Summit :D
#aws #cloud | 1 007 | 9 | Loading... |
03 Dzyga's Paw foundation raises money for anti-drone systems, which are crucially important for our defenders.
You can read more about this fundraiser here.
The goal is $30 000.
#donations #Ukraine | 1 150 | 1 | Loading... |
04 A new issue of the CatOps digest is here, even though it's one week late:
https://newsletter.catops.dev/p/catops-digest-2024-05-12
#digest #newsletter | 1 237 | 1 | Loading... |
05 This may not classify as a technical post per-se, but apparently you can run amplification attacks using Mastodon - a popular open-source decentralized social network.
The idea is very simple: when you post a link, it will try to fetch a preview. Since this is a decentralized platform, each federated node will try to fetch assets on its own.
And this issue just exists. Frankly, I don’t think the mitigation is any different from a generic DDoS protection. It’s just an interesting fact about federated social networks.
P.S. Now, I wonder if Blue Sky has this problem as well.
#security | 1 838 | 7 | Loading... |
06 The biggest problem in software engineering is distractions.
This is what this article is about. So, I have distracted myself to read it and now I'm distracting you with this post.
Enjoy!
#culture | 1 537 | 23 | Loading... |
07 Go is super popular in platform engineering. Just recently I participated in a discussion about it on Reddit :D
And at last, HumbleBundle has a book collection dedicated to this language!
#go #programming #books | 1 493 | 5 | Loading... |
08 A friend of mine is raising funds for an FPV complex for his brother that works as an instructor in the Foreign Legion.
Monobank Jar:
https://send.monobank.ua/jar/2P9ANBRRp4
Card number: 5375411213105070
The goal is 125k UAH and we're almost there.
You can find more info about this fundraiser (in Ukrainian) via these links:
- https://www.instagram.com/reel/C6eCeExtr9B/?igsh=MXM2aHJ4NTc3ejB6eQ==
- https://www.facebook.com/share/v/BvQUapoc2j7jyr3E/? | 1 489 | 0 | Loading... |
09 https://itnext.io/benchmark-results-of-kubernetes-network-plugins-cni-over-40gbit-s-network-2024-156f085a5e4e | 1 690 | 7 | Loading... |
10 A couple of articles I stumbled upon when researching some things for work.
- You can use ARG in the FROM definition in a Dockerfile. I didn't know that it's possible. Back in a day I tried using ENV there and it didn't work, so I assumed it's non-configurable. Apparently, it is. You may argue if it's a good practice to alter the FROM configuration this way, but I can clearly see use cases for that.
- A workaround for Terraform's `default_tags` definition. This way you can "exclude" the default_tags for some resoures in Terraform. For example, if you're using the default subnets, etc. that were imported in Terraform. You cannot change tags for those things in AWS, so you need to workaround that. Again, using defaults in AWS is probably not a good practice, but sometimes those things are in use for historical reasons, etc.
Again, these two articles have no relation whatsoever, just want to share them with you.
#aws #terraform #docker | 1 909 | 9 | Loading... |
11 A curious story about S3 billing. So, AWS charges you for unauthorized access attempts to your buckets. Thus, it’s possible to create an attack to inflate someone’s AWS bill if you know the buckets’ names.
Honestly, I’m not sure what’s the moral of this story. Make your buckets private unless public access is strictly required. Do not use common names or if you have to, use prefixes or/and suffixes to distinguish buckets or randomize the names.
#aws #s3 #security | 1 758 | 22 | Loading... |
12 At last! A new issue of our Voice Chat is out! It took me way longer, because I had to switch from Davinci Resolve to Kdenlive, since Davinci doesn't really work on Linux despite their claims.
In any case, here we are. We talked about Jenkins this time: who uses it, why is it still in use, and what alternatives would we use instead.
The voice chat is in Ukrainian and is available on:
- YouTube
- Substack
- Spotify
- Apple Podcasts
- or via a direct RSS feed
#voice_chat #cicd #jenkins | 1 642 | 3 | Loading... |
13 For today's Donations Monday together with AWS Notes and UA Responders we are raising funds for rehabilitation of our warriors.
After the time in hospitals additional rehabilitation is still required for those who lost their limbs or eyesight. The goal of this fundraiser is to provide additional recovery courses for these people.
You can donate to the Monobank Jar:
https://send.monobank.ua/jar/4H6tH9GEPR
Or via a speacial Stripe link (Monobank jars do not always work with non-Ukrainian cards, at least for me).
https://bit.ly/43GbxKj
#donations #Ukraine | 1 690 | 1 | Loading... |
14 Two small security-related articles for you today.
- About vulnerabilities in AI and ML applications. tl;dr: with the raise of popularity of AI/ML applications, the number of potential security holes raises as well. Especially interesting is the fact, that sometimes hackers exploit the same attack vectors that were used against the web applications long ago and were mostly mitigated since then.
- A small excerpt from the DevOpsSec report if you'd rather stick with an "old and prooven" technology, there are some bad news for you as well - according to the DevSecOps2024 report, 90% of Java services have vulnerabilities.
#security | 2 360 | 11 | Loading... |
15 A couple of articles on how to improve your CLI experience.
- 7 Amazing CLI Tools You Won't Be Able To Live Without - I really enjoyed this one and borrowed some configuration from there. It also comes with a complimentary video, so you can see those configs in action.
- How I setup my terminal for max productivity - came in the Substack email today. This is basically just a list of many CLI tools, some of them are useful, others less so. You may find something for you there, though.
#cli #productivity | 2 180 | 41 | Loading... |
16 Ha! I was sure I shared this article with y'all before, but when I tried to find it on the channel today, I was unable to. In any case, even it was here, it won't hurt to repeat it.
So, here it is - Kubernetes: EKS, Calico and custom Admission Webhooks.
This article sheds some light on the EKS networking. The gist is that if you use anything except the native VPC CNI, your control plane pods (API, scheduler, etc.) and workload pods will end up in different networks, because you cannot install any custom pods into the control plane.
Unless you use admission webhooks, you probably won't even notice; but if you do, API won't be able to contact your admission controller pods without some workarounds.
This is the nature of managed services: you gain something - you loose something.
#kubernetes #eks #aws | 2 018 | 10 | Loading... |
17 For today’s Donations Monday I would like to remind you about the UA Responders foundation that raises funds for medical equipment.
I know these folks personally, so I can vouch for them.
#donations #Ukraine | 1 926 | 1 | Loading... |
18 A fresh issue of the CatOps Digest is here:
https://newsletter.catops.dev/p/catops-digest-2024-04-21
#digest #newsletter | 1 909 | 3 | Loading... |
19 Some lightweight read for you on Friday.
From the 80's to 2024 - how CI tests were invented and optimized sneak peeks into the history of automated testing. And evaluates possible future avenues where testing strategies could go.
Fun fact: Jenkins is apparently 20 years old. I didn't know that :D
Another fun fact: we had a voice chat about Jenkins recently. Yet, I still need to find some moral power to edit it.
#cicd | 2 069 | 10 | Loading... |
20 If you work with Kubernetes, there won't be any new information for you. However, when you encounter a namespace stuck in the "Termination" state the first time, it might be dumbfounding.
This article describes what to do in such situations. Also, it's good to learn about finalizers at some point anyway.
#kubernetes | 2 194 | 20 | Loading... |
We are all aware of questinos like: "What happens when you type google.com in a browser?" or "What happens when you do kubectl apply?", but do you know What Happens on GitLab When You do git push?
#gitlab #git #cicd
What Happens on GitLab When You do git push?
Ever wondered how Git and GitLab operate under the hood? Grab your favorite IDE and join me on an exploratory journey into the mechanics of these tools!
🔥 1
What Happens on GitLab When You do git push?
Support Ukraine 🇺🇦
Some say that 2024 will finally be a year of serverlessless /s
So, here’s a comparison from Ahrefs of their costs of running physical data centers vs running in a cloud.
However, many these comparisons lack an important point. At least, Ahrefs acknowledges that:
article doesn’t take into account other aspects that would make the comparison even more complicated. These include people skills, financial controls, cash flow, capacity planning depending on the load type, etc.
How Ahrefs Saved US$400M in 3 Years by NOT Going to the Cloud
Clouds for IT infrastructure are so popular lately that moving into the cloud has become a trend. Infrastructure as a service (IaaS) cloud provides multiple advantages: flexibility, low time for…
👍 9
How Ahrefs Saved US$400M in 3 Years by NOT Going to the Cloud
Support Ukraine 🇺🇦
Dzyga's Paw foundation raises money for anti-drone systems, which are crucially important for our defenders.
You can read more about this fundraiser here.
The goal is $30 000.
#donations #Ukraine
👍 5❤ 1
Saving lives with Anti Drone Systems!
Support Ukraine 🇺🇦
A new issue of the CatOps digest is here, even though it's one week late:
https://newsletter.catops.dev/p/catops-digest-2024-05-12
#digest #newsletter
CatOps Digest 2024-05-12
What was on CatOps in the last few weeks…
❤ 1
CatOps Digest 2024-05-12
Support Ukraine 🇺🇦
This may not classify as a technical post per-se, but apparently you can run amplification attacks using Mastodon - a popular open-source decentralized social network.
The idea is very simple: when you post a link, it will try to fetch a preview. Since this is a decentralized platform, each federated node will try to fetch assets on its own.
And this issue just exists. Frankly, I don’t think the mitigation is any different from a generic DDoS protection. It’s just an interesting fact about federated social networks.
P.S. Now, I wonder if Blue Sky has this problem as well.
#security
Please Don’t Share Our Links on Mastodon: Here’s Why!
We need to talk about this problem. Should Mastodon step up?
Please Don’t Share Our Links on Mastodon: Here’s Why!
Support Ukraine 🇺🇦
The biggest problem in software engineering is distractions.
This is what this article is about. So, I have distracted myself to read it and now I'm distracting you with this post.
Enjoy!
#culture
Distracting software engineers is much more harmful than you think
Why software engineers MUST have no-distractions time
👍 12❤ 3😁 1
Distracting software engineers is much more harmful than you think
Support Ukraine 🇺🇦
Go is super popular in platform engineering. Just recently I participated in a discussion about it on Reddit :D
And at last, HumbleBundle has a book collection dedicated to this language!
#go #programming #books
Golang Programming by Packt
Add the powerful open source language Go to your programming repertoire with this bundle of 19 books! Your purchase helps Save the Children.
❤ 5🤨 1
Golang Programming Books Bundle
Support Ukraine 🇺🇦
A friend of mine is raising funds for an FPV complex for his brother that works as an instructor in the Foreign Legion.
Monobank Jar:
https://send.monobank.ua/jar/2P9ANBRRp4
Card number: 5375411213105070
The goal is 125k UAH and we're almost there.
You can find more info about this fundraiser (in Ukrainian) via these links:
- https://www.instagram.com/reel/C6eCeExtr9B/?igsh=MXM2aHJ4NTc3ejB6eQ==
- https://www.facebook.com/share/v/BvQUapoc2j7jyr3E/?
👍 2💩 1
Monobank Jar
Info on Insta
Info on Facebook
Repost from [не]правильний DevOps
Показати все...Benchmark results of Kubernetes network plugins (CNI) over 40Gbit/s network [2024]
This article is a new run of my previous benchmark (2020, 2019 and 2018), now running Kubernetes 1.26 and Ubuntu 22.04 with CNI version…
A couple of articles I stumbled upon when researching some things for work.
- You can use ARG in the FROM definition in a Dockerfile. I didn't know that it's possible. Back in a day I tried using ENV there and it didn't work, so I assumed it's non-configurable. Apparently, it is. You may argue if it's a good practice to alter the
FROM configuration this way, but I can clearly see use cases for that.
- A workaround for Terraform's `default_tags` definition. This way you can "exclude" the default_tags for some resoures in Terraform. For example, if you're using the default subnets, etc. that were imported in Terraform. You cannot change tags for those things in AWS, so you need to workaround that. Again, using defaults in AWS is probably not a good practice, but sometimes those things are in use for historical reasons, etc.
Again, these two articles have no relation whatsoever, just want to share them with you.
#aws #terraform #dockerTerraform: Prevent default_tags on a specific resource
Prevent AWS default_tags from being applied to a specific resource
👍 6
Use an ARG in Dockerfile FROM for dynamic image specification
Terraform: Prevent default_tags on a specific resource
Support Ukraine 🇺🇦