Devops Week News — Issue #101
Starting this week, we bring a presentation about Database migrations: the missing link to continuous delivery with Stefano Monti .
On the articles, we have Location-Aware Distribution: Configuring servers at scale, Netflix Cloud Security: Detecting Credential Compromise in AWS, Kubernetes Traffic Engineering with BGP, Kube-hunter — an open source tool for Kubernetes penetration testing, Deploying Vault and Consul with Docker Swarm, How to find stuff in Git, and Containerizing a Node.js API & Using Docker with Kubernetes and Minikube
Do you have a great article? Share it with us! @devopsweeknews.
Video of the week
When we deal with continuous delivery, we often forget to take data migrations into account: this presentation describes a success case of a continuous release automation process that integrates database changes. We discuss the initial technical and organizational context, and we highlight the key principles that drove this initiative, as well as the most stringent (organizational and technical) constraints we had to face. We also discuss how we devised a suitable software development and release process to encompass database change automation, and the impacts on software versioning/branching models already in place. Our project deeply impacted all the steps and tools of a traditional software development and delivery toolchain, hence we provide some key technical details related to the tools involved in the main areas of such toolchain, namely DB automation, Continuous Integration, Source Code Management, Build and Artifact management, Chat management, Security and configuration management. We conclude with key lessons learned in the process, and depict some of the most relevant (business and technical) initiatives this novel approach is unlocking for our customer right now.
This post describes the Facebook Location-Aware Distribution (LAD), a new peer-to-peer system that handles the distribution of configuration changes to millions of servers. LAD is dramatically better at distributing large updates, 100 MB for LAD versus 5 MB previously, and also scales to support around 40,000 subscribers per distributor versus 2,500 subscribers before.
In this post, Netflix will show you how to detect compromised AWS instance credentials (STS credentials) outside of your environment or with other temporary security credentials, such as ECS, EKS, etc.
Turns out you can use good old BGP to power your Kubernetes network! This post will cover how to build your Kubernetes network with BGP and how to use BGP for traffic engineering in your Kubernetes clusters! The expectation of this post is that it will give you enough context to use BGP in your own Kubernetes clusters (where it makes sense), especially for those who are running Kubernetes on-premise.
Kube-hunter is an open source free tool for Kubernetes automated penetration testing. You give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues. After the tests run, you get a unique URL to view the results, which can be shared with anyone interested.
This tutorial shows how to deploy Vault and Consul with Docker Swarm.
When you first started with git, you quickly got up to speed with committing, pushing, pulling, merging, and the like. But then you noticed a gaping hole in your knowledge — how do you find stuff in Git? This post will show you how to achieve it!
This post will walk you through how to containerized an application with Docker and served it locally using Kubernetes and Minikube.