[Sponsored] Use AI to 10X your productivity & efficiency at work with AI (free bonus)

⭐Masterclass

A Guide to Kubernetes Network Policies

Dockerfile Instructions - ADD vs. COPY

How to add new worker node to existing Kubernetes cluster

How I Reduced Docker Image Size from 588 MB to Only 47.7 MB

Ambient mesh: Can sidecar-less Istio make your application faster?

🔍Secret Knowledge

Oops, I Deleted the AWS Auth Roles

Rising Incidents on Git Platforms

How Postgres stores data on disk

How We Integrate a New Service in Under 1 Hour for 25 Clusters

Eleventeen ways to delete an AWS resource

⚡Techwave

European grocery store becomes cloud services provider

IBM acquires Kubecost

Introducing Pulumi Insights 2.0

Linus Torvalds advises open-source developers to pursue meaningful projects, not hype

JFrog Extends GitHub Alliance to Provide Unified Dashboard

🛠️Hackhub

Apeman: AWS attack path management tool

Cyphernetes: A Kubernetes Query Language

Desed:A command-line tool for complex sed scripts

Kueue: Kubernetes-native Job Queueing

AWS CloudFormation Starterkit

💡Recommended Reading: Implementing GitOps with Kubernetes

Cheers,

Shreyans Singh

Editor-in-Chief

Join Roman Lavrik from Deloitte Snyk hosted DevSecCon 2024

Snyk is thrilled to announce DevSecCon 2024, Developing AI Trust Oct 8-9, a FREE virtual summit designed for DevOps, developer and security pros of all levels.

Join Roman Lavrik from Deloitte, among many others, and learn some presciptive DevSecOps methods for AI-powered development.

A Guide to Kubernetes Network Policies

In Kubernetes, network policies control the traffic between pods, ensuring secure communication within the cluster. There are two main types: Layer 4 (L4) and Layer 7 (L7) policies. L4 policies manage traffic at the transport layer (e.g., TCP/UDP) based on IP addresses and ports, while L7 policies operate at the application layer (e.g., HTTP) with more fine-grained control over communication between services. L7 policies often require a service mesh like Linkerd, which adds features like mutual TLS (mTLS) for encrypted communication.

Dockerfile Instructions - ADD vs. COPY

`COPY` is simple and secure, only transferring files from the local build context to the image. In contrast, `ADD` offers extra functionality, such as downloading files from URLs or automatically extracting compressed archives. However, this added flexibility introduces complexity and potential security risks. Best practice recommends using `COPY` for most cases due to its straightforwardness, reserving `ADD` for situations where its unique features are necessary.

How to add new worker node to existing Kubernetes cluster

To add a new worker node to an existing Kubernetes cluster, start by setting up a new Ubuntu 24.04 instance and configuring its hostname and `/etc/hosts` file. Disable swap memory, load necessary kernel modules, and install containerd as the container runtime. Add the Kubernetes APT repository, then install Kubernetes components like kubeadm, kubelet, and kubectl. On the control plane node, generate a kubeadm join command with a token. Run this command on the new worker node to join the cluster. Finally, verify the addition by checking the nodes from the control plane using `kubectl get nodes`.

How I Reduced Docker Image Size from 588 MB to Only 47.7 MB

To significantly reduce a Docker image size, using multi-stage builds is key. In this case, a Flask app's image size was reduced from 588 MB to just 47.7 MB by switching to the lightweight Python 3.9-alpine image and using a multi-stage build approach. Multi-stage builds allow you to separate the build and runtime environments, keeping only essential runtime dependencies in the final image. Additionally, minimizing the number of layers by combining commands, using a `.dockerignore` file to exclude unnecessary files, and optimizing the Dockerfile structure contributed to this impressive 91.89% reduction.

Ambient mesh: Can sidecar-less Istio make your application faster?

Ambient mode in Istio, introduced in 2022, allows a sidecar-less architecture that can sometimes make applications faster. In traditional service meshes, adding latency is expected, but tests with ambient mode showed slightly improved performance in some cases, like the Bookinfo application's details service. This is partly because of more efficient connection handling and reduced syscalls in ambient mode, which offsets the overhead of extra hops via lightweight ztunnels.

Oops, I Deleted the AWS Auth Roles

The author, while managing an EKS (Elastic Kubernetes Service) cluster using Terraform, accidentally deleted the AWS authentication roles, which are crucial for accessing the cluster. This resulted in losing access to the EKS cluster. The fix involved manually restoring access by modifying the EKS API access configuration via the AWS Console, re-adding the necessary admin roles, and regenerating the `aws-auth` config map.

Rising Incidents on Git Platforms

In 2023, incidents affecting popular DevOps platforms like GitHub, Bitbucket, GitLab, and Jira increased, with issues such as RepoJacking, security vulnerabilities, and performance disruptions. GitHub saw a rise in attacks, with hackers exploiting vulnerabilities and hosting malware. Atlassian products like Bitbucket and Jira faced security flaws, with Jira experiencing a significant increase in incidents. GitLab suffered from performance issues and security breaches, including a major Proxyjacking attack.

How Postgres stores data on disk

Postgres stores data on disk in a well-organized, file-based structure within a directory, typically located at `/var/lib/postgresql/data`. Inside this directory, you'll find folders like `base/`, where actual database data for each database is stored, and `pg_wal/`, which holds the Write-Ahead Log (WAL) files that help recover data after crashes. Each table and database object is ultimately represented by files in these directories. PostgreSQL uses clever abstractions to manage data, such as snapshots for transactions, dynamic shared memory for handling multiple processes, and special mechanisms like tablespaces for physically separating certain data.

How We Integrate a New Service in Under 1 Hour for 25 Clusters

The article describes how a team integrated a new service called Otterize across 25 clusters in under an hour, emphasizing that while the technical setup was quick, the lengthy licensing process took over four months. The integration involved automating several steps using GitOps and tools like Argo CD to avoid manual errors. Key tasks included creating an organization and environment, inviting users, integrating with Kubernetes, securely managing credentials, and deploying the setup through a script.

Eleventeen ways to delete an AWS resource

Our goal is to reduce AWS costs, but the deletion methods vary widely, often leaving users frustrated. They categorize deletion patterns, from simple one-click deletes to more complex confirmations that require typing specific phrases or acknowledging consequences. Ultimately, AWS should standardize its deletion processes to improve user experience and security, and they call for more data on user behavior during these actions.

European grocery store becomes cloud services provider

Lidl, through its parent company Schwarz Group, unintentionally entered the competitive world of cloud computing when it built its own cloud system in 2021 to meet internal needs. As other German businesses sought alternatives to U.S. and Chinese cloud providers, Schwarz Group recognized a demand for data services with a focus on European data privacy standards. This led to the creation of Schwarz Digits, which now provides cloud and cybersecurity services, attracting major clients like SAP and Bayern Munich. While competing with giants like Amazon and Google, Schwarz Digits differentiates itself with a focus on digital sovereignty and data protection.

IBM acquires Kubecost

IBM has acquired Kubecost, a startup that helps companies optimize and monitor their Kubernetes clusters for cost efficiency. Kubecost, known for its widely adopted Kubernetes cost management tool and its open-source project OpenCost, will enhance IBM’s FinOps capabilities. Kubecost will likely be integrated into IBM's FinOps Suite and potentially its OpenShift platform.

Introducing Pulumi Insights 2.0

Pulumi Insights 2.0 expands beyond just Pulumi-managed infrastructure to provide visibility into all cloud resources, offering powerful tools for assessing security, efficiency, and management. It introduces new features like comprehensive infrastructure scanning, visual explorers, and dashboards to help organizations manage their cloud environments more effectively. Insights 2.0 integrates with Pulumi’s Infrastructure-as-Code (IaC) tools, making it easier to bring unmanaged infrastructure under IaC.

Linus Torvalds advises open-source developers to pursue meaningful projects, not hype

At the Open Source Summit Europe, Linus Torvalds encouraged open-source developers to focus on meaningful projects rather than chasing trends and hype. While discussing the latest Linux kernel updates, he emphasized that progress in Linux remains steady, even if not always exciting, with a focus on reliability. Torvalds also praised the ongoing evolution of Linux and the wider open-source ecosystem, noting its democratizing effect for new developers.

JFrog Extends GitHub Alliance to Provide Unified Dashboard

JFrog and GitHub have expanded their partnership to provide developers with a unified platform for better security and productivity. This integration offers a consolidated view of project statuses and security through tools like GitHub's Copilot chat and JFrog’s Advanced Security features. Developers can now get insights on third-party packages, track vulnerabilities earlier, and navigate between code and the binaries it produces seamlessly.

Apeman: AWS attack path management tool

Project Apeman is an AWS attack path management tool that helps analyze and manage AWS security data. To set it up, you need Docker, Python, and a virtual environment. Once the system is initialized, Apeman gathers AWS account data, including authorization details and ARNs, which are then ingested into a graph database for analysis.

Cyphernetes: A Kubernetes Query Language

Cyphernetes is a Cypher-inspired query language for Kubernetes, simplifying complex Kubernetes operations with intuitive, SQL-like queries. It allows developers to easily manage Kubernetes resources by expressing relationships between them, such as connecting deployments to services and ingresses.

Desed:A command-line tool for complex sed scripts

Desed is a command-line tool designed to help debug and understand complex `sed` scripts. It allows users to step through their scripts, both forwards and backwards, preview how substitute commands will affect the pattern space, and set breakpoints to examine the program's state. Desed also supports hot reloading, so changes to the source code can be instantly applied without restarting the debugger.

Kueue: Kubernetes-native Job Queueing

Kueue is a Kubernetes-native job queueing system that manages when jobs start and stop based on a variety of factors, such as priorities and resource availability. It offers features like job management with FIFO strategies, resource fair sharing, dynamic resource reclaim, and integration with popular job types like BatchJob and Kubeflow training jobs.

AWS CloudFormation Starterkit

An AWS CloudFormation starterkit including CI/CD and dev tools that allow you to securely and quickly deploy CloudFormation stacks on your AWS account.

📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.

If you have any comments or feedback, just reply back to this email.

Thanks for reading and have a great day!