10+ Nov-Dec 2021 DevOps News, Updates & Tips DevOps-Fond People Shouldn’t Ignore!
Do you want to know what’s happening in the world of DevOps? In case you missed something, Profisea’s experts have prepared a new selection of the trending DevOps news to share with everyone who loves DevOps and works on DevOps projects. Ready for a new portion of the DevOps-worthy November-December stuff? Follow us then!
1. Announcing Grafana OnCall
Grafana Labs is happy to announce Grafana OnCall, an easy, user-friendly, and flexible on-call management tool available to all Grafana Cloud users. Being a result of the recent Grafana Lab’s acquisition of Amixr, Grafana OnCall is built to improve on-call management with convenient workflows and interfaces adjusted for devs. The tool offers a wide array of cool features to help eliminate toil in on-call management.
With Grafana OnCall, DevOps and SRE teams get:
- easy management of on-call schedules
- automatic escalations with flexible routing to ensure outages are addressed
- a display of all incidents within Grafana Cloud
- automatic grouping of alerts in Slack to avoid alert storms
- integrations with a large variety of monitoring systems including Datadog, New Relic, and AWS SNS
2. Azure Chaos Studio goes public
At Ignite 2021, Microsoft showcased Azure Chaos Studio in public preview. Azure Chaos Studio is an experimental platform that is designed to improve applications’ resilience to disruptions. The service allows users to practice chaos engineering, a method of experimenting with controlled fault injection against applications to help estimate, understand and strengthen resilience against real-life incidents. Actually, chaos engineering has become one of the top trends in DevOps, and a common way to examine complex systems and applications. According to Gartner, 40% of organizations will adopt chaos engineering approaches as part of DevOps initiatives by 2023, decreasing unplanned downtime by 20%.
With the help of Azure Chaos Studio, users can effectively identify and mitigate potential gaps before the application is impacted by a real issue. Azure Chaos Studio is now free, and from April 4th, 2022, users will be pay-as-you-go based on experiment execution. Further details can be found on the Azure portal.
3. Google Cloud announces new regions
2021 was a busy year for big cloud providers, with AWS, Azure, and Google expanding their infrastructure all over the globe. With 29 cloud regions and 88 zones already available, Google Cloud announced a new set of cloud regions in the coming months and years. These new regions, all with three availability zones, will be in Germany, Israel, Saudi Arabia, and Chili. More cloud regions are coming to the US as well.
In 2021, Google opened new regions in Warsaw (Poland), Delhi NCR (India), Melbourne (Australia), and Toronto (Canada), making their cloud infrastructure closer to more customers across multiple countries.
4. Announcing Knative 1.1
In the middle of December, the Knative project hit a paramount milestone with the release of version 1.0 and then version 1.1. Initiated by Google back in 2018, the Knative project includes collaborations from VMWare, IBM, Red Hat, and SAP. Since its successful start, Knative has become one of the top installable serverless solutions. Knative offers several infrastructure and developer-centric features to simplify the Kubernetes experience and free time and resources for more important tasks.
What’s new? Actually, there have been many changes since the initial release of Knative. Along with fixing bugs and improving performance and stability, additional efficiencies were incorporated.
Here are some of the highlights:
- support for multiple HTTP routing layers (Istio, Ambassador, Contour, and Kourier are included)
- support for multiple storage layers for Eventing concepts with popular Subscription methods (RabbitMQ, Kafka, and GCP PubSub)
- a “duck type” abstraction to process arbitrary Kubernetes resources
- a command-line client that allows supporting extra feature plugins
- support for HTTP/2, gRPC, and WebSockets
- support for horizontal pod autoscaling based on concurrency or RPS
- support for injecting event destination addresses into PodTemplateSpec shaped objects
- and many others.
Read more about Knative 1.1 on the site and check the project documentation for technical info.
5. Gartner says 85% of organizations will be “cloud-first” by 2025
The cloud is going to be the core of a new reality, says Gartner. The analysts estimate that over 85% of organizations will develop a cloud-first strategy by 2025, and more than 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021. Milind Govekar, distinguished vice president at Gartner, says: “Adopting cloud-native platforms means that digital or product teams will use architectural principles and capabilities to take advantage of the inherent capabilities within the cloud environment. New workloads deployed in a cloud-native environment will be pervasive, not just popular and anything noncloud will be considered legacy.” In other words, cloud technologies are expected to rise rapidly and they will be the first business priority for the next few years. If you are using cloud infrastructure or just taking your first steps in cloud computing, consult us to implement CloudOps best practices for your organization.
6. Book recommendations by Gergely Orosz
Reading good books is still an excellent way for IT specialists to learn something new as books accumulate knowledge and, with the right approach, can help anyone move up as professionals. Gergely Orosz, an author of The Pragmatic Engineer Blog, asked on Twitter about the best books his followers have read as engineering managers or software engineers in 2021. He collected the most-mentioned books and added stars for titles that are also his choice.
Among his recommendations are:
- An Elegant Puzzle by Will Larson
- Become an Effective Software Engineering Manager by James Stanier
- Team Topologies by Matthew Skelton and Manuel Pais
- Accelerate by Nicole Forsgren, Jez Humble, and Gene Kim
- The Phoenix Project & The Unicorn Project by Gene Kim
- Staff Engineer by Will Larson
- Designing Data Intensive Applications by Martin Kleppmann
- Working in Public: The Making and Maintenance of Open Source Software by Nadia Eghbal
- Empowered by Marty Cagan
- Building Mobile Apps at Scale: 39 Engineering Challenges by Gergely Orosz
To view the full list, visit the post on The Pragmatic Engineer blog. Although the article includes holiday book recommendations, these books would be useful at any time of the year.
7. A critical vulnerability in Grafana is disclosed
On December 7, 2021, open-source analytics and monitoring solution Grafana issued an emergency update to fix a critical zero-day vulnerability that opened access to restricted files on the server. The vulnerability, marked as CVE-2021-43798, affected the Grafana Labs’ core product, the Grafana dashboard, widely used by companies from all over the world to observe and collect logs and other parameters from across their local or remote networks. The solution helps users to better monitor and understand their data through clear visualizations, queries, and alerts.
The vulnerability put at risk data that potential attackers could use in subsequent attacks — files storing passwords and configuration settings. All Grafana self-hosted servers using 8.x versions were supposed to be vulnerable. At the same time, Grafana Cloud instances have not been affected. The problem was fixed with the release of Grafana 8.3.1, 8.2.7, 8.1.8, and 8.0.7. For more technical details, read the post in the Grafana blog.
8. Introducing Prometheus Agent Mode
Since its creation in 2012, Prometheus has changed a lot, offering more and more innovative opportunities for its users, and providing them reliable, inexpensive, and accurate metric-based monitoring. In November 2021, they announced Prometheus Agent Mode, an effective and cloud-powered way to metric forwarding that became a part of Prometheus version 2.32. The specialized mode can disable some of the project’s features and let Prometheus operate as a remote write-only scraper and forwarder. The new way of working comes with new workflows: low-resources environments, IoT, and edge networks. It utilizes fewer resources and is able to efficiently forward data to centralized remote endpoints. Along with the Agent Mode, a number of other improvements were made: they fixed TSDB bugs and added arm64 support for Windows.
9. AWS announces the further expansion of Local Zones
Great news for AWS users! The company announced the launch of more than 30 new AWS Local Zones in big cities around the world to enhance their global infrastructure. They will be available starting in 2022 in over 21 countries, including Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, Colombia, Czech Republic, Denmark, Finland, Germany, Greece, India, Kenya, Netherlands, Norway, Philippines, Poland, Portugal, and South Africa.
AWS Local Zones are a type of AWS infrastructure deployment that makes compute, storage, database, and other useful services available to organizations and individuals, enabling them to deliver applications that require single-digit millisecond latency to end-users. For more details about new AWS Local Zones, visit the AWS site.
10. CISA, FBI, and NSA release joint advisory for Log4j vulnerabilities
The most respectable and well-known cybersecurity agencies from Canada, Australia, New Zealand, the United Kingdom, and the United States of America issued a joint advisory to address numerous vulnerabilities in Apache’s Log4j library. “Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. These vulnerabilities are likely to be exploited over an extended period,” the agencies said in their statement. In the new guidance, you can find detailed instructions on mitigating Log4Shell and other Log4j-connected vulnerabilities. CISA has also issued a special scanner tool to detect systems that are vulnerable to Log4Shell, in addition to the utility created by CERT/CC.
Obviously, the Apache Software Foundation didn’t stay aside. ASF released a series of patches to fix Log4j vulnerabilities. The most recent security flaws have been addressed in Apache Log4j 2.16.0, issued on 13 December 2021.
11. PagerDuty releases a new version of its PagerDuty Operations Cloud
In this last release in 2021, PagerDuty introduced several improvements, as part of the PagerDuty Operations Cloud, to enable organizations to automate incident response in the most efficient ways and speed up getting critical work done. Some helpful features were introduced to connect and automate the processes, along with delivering flexibility. Dynamic Service Graph helps users to identify, map, and visualize various service dependencies to ensure the health of their ecosystems. Rundeck Cloud allows automation engineers and operations specialists to upgrade their workflows by using real-time standardized automated actions during dealing with incidents. Now, engineers can create self-service automated scenarios without the need to deploy or administer a Rundeck cluster. Read PagerDuty’s blog article to learn more about the latest innovations. If you are looking for any cloud services, our experienced cloud experts are here to help. We know how to maximize the scalability and reliability of your cloud infrastructure, and create an optimized automated multi-cloud environment with any cloud vendor of your choice, so contact us to discuss any cloud issues.
12. Integrating Regula with Scalr
Among other useful updates and tricks, here is a repository created by Aidan O’Connor and Curtis Myzie from Fugue to integrate open source Regula for IaC scanning with Scalr’s custom hooks feature. The goal of the integration is to combine Regula’s IaC scanning capabilities and Scalr’s features, and as a result, to automate the secure deployment of cloud infrastructure with Terraform. The solution allows Regula and Scalr to work together to prevent misconfigured infrastructure from being deployed to the cloud, building an effective deployment pipeline. For more details, check the GitHub repository.
13. The test to evaluate engineering culture
The demand for software engineers is constantly increasing without showing any signs of stopping. The rate of software development employment is expected to grow 21% by 2030, which is much faster than average. Software engineers aren’t looking for jobs now, instead, companies compete to hire them. And here is where company culture comes into play. To attract the best engineer talent, companies need to create a unique and strong engineering culture, which is a central pillar of product innovation and career development. But how can candidates evaluate a prospective employer to decide that it’s a match?
Gergely Orosz, an author of The Pragmatic Engineer Blog, has created a test to assess the engineering culture in a team. This test includes 12 questions, which a candidate can ask during the interviewing process. Software engineers who aren’t looking for new job opportunities can evaluate their current companies as well! You can find the test here, plus Gergely Orosz has already shared the results based on 200 submissions, so don’t miss the opportunity to check what companies are the best.
Profisea’s team carefully collects the latest updates and the most interesting news to be sure you follow up on all that is happening in the world of DevOps. Tell us what you want to see in our next digest and what topics we need to cover. Our experts are busy preparing a new portion of valuable stuff for you. And if you want to build your winning DevOps strategy, need DevOps as a service, or have any DevOps-related or Cloud-related issues, feel free to contact us for consultation.