Summer is here and we are ready with our May DevOps digest! Our team carefully collects the latest DevOps news and the most useful tips on cloud Israel to share with everyone who can’t imagine their lives without DevOps. If you’ve missed any of the recent DevOps news and updates, here’s our latest digest for the DevOps & CloudOps community. Make a cup of coffee or whatever you prefer and get ready to read our next episode of DevOps info. We’re sure you’ll find something interesting here today.
1. Introducing Tetragon
May brought some new products onto the open-source scene — Tetragon was announced! Tetragon is a cool eBPF-based security observability and runtime enforcement platform that has been part of Isovalent Cilium Enterprise for a few years. What makes Tetragon so special? The solution combines eBPF-based transparent security observability with real-time runtime enforcement to bring a broad array of strengths while also eliminating common observability system weaknesses. Tetragon offers visibility into all kinds of kernel subsystems to cover namespace escapes, capability and privilege escalations, file system and data access, networking activity of protocols such as HTTP, DNS, TLS, and TCP, as well as the system call layer to assess system call invocation and follow process execution. Tetragon is also able to set up security policies across the operating system in a preventive rather than reactive manner. If you are interested in learning more about Tetragon, check the Isovalent blog post.
2. Istio By Example
Being quite a popular solution for managing the different microservices that make up a cloud-native application, Istio has a lot of fans. However, for a very long time, it has been criticized as complex and hard to use. We found the solution to ease your life — сheck out Istio By Example where you’ll find the cases in most common use and examples to make your experience with Istio more productive and pleasant. Among the examples are Database Traffic, Traffic Mirroring, Canary Deployments, gRPC, Load balancing, and others.
3. Introducing Amazon EKS Observability Accelerator
AWS announced EKS Observability Accelerator, which is leveraged to configure and deploy purpose-built observability solutions on Amazon EKS clusters for specific workloads using Terraform modules.
The Terraform modules are built to enable observability on Amazon EKS clusters for the following workloads:
AWS will continue to add examples for more workloads in the future. For greater detail on how it works in practice, check the AWS blog post.
4. GitLab 15 is announced
GitLab, the well-known open-source DevOps service, announced the next step in the development of its platform, starting with release of its first version, 15.0. The company states that it will concentrate on observability, continuous security and compliance, enterprise agile planning (EAP) tools, and workflow automation. The upcoming features are planned to improve speed to delivery, provide built-in security scanning and compliance auditing and enrich the platform with machine learning (ML) capabilities. For more detail, read the GitLab blog.
5. Introducing Ratchet
“Quality at Speed” is the new motto in software development. Organizations are making their moves toward DevOps and Agile principles to increase delivery speed and assure product quality. In DevOps, a continuous and automated delivery cycle is the foundation for fast and reliable delivery that would be impossible without proper CI/CD tools. This is where Ratchet enters the game. Ratchet is a powerful tool for securing CI/CD workflows with version pinning. It’s like Bundler, Cargo, Go modules, NPM, Pip, or Yarn, but for CI/CD workflows. Ratchet supports Circle CI, GitHub Actions and Google Cloud Build. To learn more about Ratchet, visit its GitHub directory.
6. Introducing HashiCorp Nomad 1.3
HashiCorp announced that its Nomad 1.3 is now generally available. Nomad is an easy but flexible orchestrator used to deploy and manage containers and non-containerized applications. The tool can be used in both on-premises and cloud environments. What’s new in Nomad 1.3?
- You can do simple service discovery using only Nomad.
- Nomad 1.3 presents a new optional configuration attribute max_client_disconnect that allows operators to more easily start up rescheduled allocations for nodes that have experienced network latency issues or temporary connectivity loss.
- With Nomad 1.3, support for CSI is now generally available.
- Nomad 1.3 introduces a new user interface for viewing evaluation information.
For more information about HashiCorp Nomad 1.3 and its benefits, click here.
7. How to survive an on-call rotation
Incidents have a real financial impact — they cost enterprises $700 billion a year in North America alone — and they also damage the reputation of your company, your product, and your team. This is why well-organized on-call is so essential. On-call is a critical responsibility inside many IT, developer, support, and operations teams that run services offering 24/7 availability. But what do you need to know before participating in an on-call rotation yourself? Here is a short yet helpful article with some practical recommendations. It will be useful not only for those taking their first steps as a Site Reliability Engineer (SRE) but also for everyone who is going to participate in on-call rotations.
8. Introducing KEDA v2.7.1
KEDA v2.7.1 is here. KEDA is a Kubernetes-based Event Driven Autoscaler. With this tool, you can drive the scaling of any container in Kubernetes based on the number of events in need of processing.
The improvements in KEDA v2.7.1 include:
- Fix autoscaling behavior while paused
- Don’t hardcode UIDs in securityContext
9. How to security harden Kubernetes in 2022
Here is a helpful piece for all Kubernetes users. Kubernetes is currently one of the most popular container orchestration platforms, but what about security? According to a report by Red Hat about the state of Kubernetes security, 94% of respondents experienced a security incident in the last 12 months. So how can you improve security in Kubernetes? The technical report “Kubernetes Hardening Guide” initially published on August 3, 2021, and then updated on March 15, 2022, by the NSA and CISA can be really helpful here. But if you don’t have time right now to read 66 pages, check this guide where you’ll find summarized takeaway messages from the tech report and some additional insights.
10. Introducing Calico v3.23
Calico v3.23 is here. While there are many improvements in this release, here are some of the larger features to be aware of:
- IPv6 VXLAN support
- VPP data plane beta
- Calico networking support in AKS
- Container Storage Interface (CSI) support
- Windows HostProcess Containers support (Tech Preview)
For more information about Calico v3.23 and its benefits, click here.
11. New features in Terraform 1.2
The release of HashiCorp Terraform 1.2 is now immediately available for download as well as for use in HashiCorp Terraform Cloud. The new release introduces exception handling with pre- and post-conditions, support for non-interactive Terraform Cloud operations in a CI/CD pipeline, and CLI support for Run Tasks.
If you’re using older Terraform versions, these cool features might inspire you to upgrade. Read the upgrade notes to be sure you don’t miss anything important and use the latest release (v1.2.2 at this moment).
12. Amazon EKS console supports all standard Kubernetes resources
Amazon Elastic Kubernetes Service (Amazon EKS) now allows users to see all standard Kubernetes API resource types running on your Amazon EKS cluster through the AWS Management Console. This improvement makes it easy to visualize and troubleshoot the Kubernetes applications leveraging Amazon EKS. The updated Amazon EKS console currently covers all standard Kubernetes API resource types such as service resources, configuration and storage resources, authorization resources, policy resources, and more. For more detail, check the AWS blog.
Do DevOps with Profisea
The Profisea team is constantly on the lookout for the latest DevOps and Cloud news to share with you. Don’t hesitate to contact us and tell us what you’d like to see in our next digests and which topics we need to feature. Our experts are always busy preparing new useful info for you.
And, of course, if your business requires any DevOps services, we are here to lend you a helping hand as we always have the best DevOps and CloudOps practices at our fingertips.