Suggested Reads

Suggested Reads

54802 bookmarks
Newest
DevEx in Action - ACM Queue
DevEx in Action - ACM Queue
Somewhere, right now, a software developer is pulling open a ticket from the project backlog, excited by the prospect of working on something new. As the developer begins reading through the description of the task, their laptop is suddenly flooded with alerts from the team's production error-tracking system, disrupting the developer's ability to focus. Eventually, returning to the task at hand, the developer studies the requirements described in the ticket. Unfortunately, the task lacks context and clarity, so the developer asks for help, which will take days to resolve. Meanwhile, the developer checks on a previous task, which has been stuck in the queue waiting for approval for several days. The tests and builds repeatedly flake out, halting the progress of reviewers each time they attempt to verify the changes. As the developer hops from task to task, hoping finally to immerse in some deep work, they realize that today's experience isn't as good as it should be to allow for their best work.
1_r/devopsish1_r/devopsish
·queue.acm.org·
DevEx in Action - ACM Queue
Engineering Productivity, GenAI, Metrics, Toil
Engineering Productivity, GenAI, Metrics, Toil
Boost software development productivity by 50x, so was the message on the expo floor at AWS re:Invent. Hundreds of vendors, from startup to enterprise, had booths at the expo marketing their developer tooling, platforms, and consulting services. GenAI has been in full swing for a couple of years now, and with the recent trends of organisational efficiency, the two have married up. Most booths touted how recent GenAI features they’ve added improves the productivity of software developers.
1_r/devopsish1_r/devopsish
·isthisit.nz·
Engineering Productivity, GenAI, Metrics, Toil
The tool that really runs your containers: deep dive into runc and OCI specifications
The tool that really runs your containers: deep dive into runc and OCI specifications
There are many ways to run containers, all with good use cases. But there is one tool that is at the core of most of them, be it Docker, Podman or Cri-o: runc. In this article, we will take a deep dive into what runc is, how to use and how it follows Open Container Initiative specifications.
1_r/devopsish1_r/devopsish
·mkdev.me·
The tool that really runs your containers: deep dive into runc and OCI specifications
Lessons Learned
Lessons Learned
A blog about software development and programming.
1_r/devopsish1_r/devopsish
·theprogrammersparadox.blogspot.com·
Lessons Learned
Week Ending February 04 2024
Week Ending February 04 2024

Week Ending February 04, 2024

http://lwkd.info/2024/20240206

Developer News

Just thought of a topic for the Contributor Summit but missed the CfP for planned sessions? Add your idea to the Unconference voting issue. Planned session confirmations will be sent out later this month.

Prow is moving out of it’s parents basement (i.e. k/test-infra) into its own repo.

Reminder: inactive org member cleanup

Release Schedule

Next Deadline: Enhancements Freeze, February 8th

Kubernetes v1.30.0-alpha.1 is live!

Enhancements freeze is now just a few days away. This is a final reminder is out! Prepare your KEPs for the Production Readiness Review. If you plan to implement any features, deprecations, or removals during the 1.30 release cycle, make sure to opt-in your KEP(s) before the Enhancements Freeze on February 8th.

Patch release cherry-pick deadline is February 9.

KEP of the Week

KEP-4192: Move Storage Version Migrator in-tree

Kubernetes heavily relies on consistently updating stored resource data for various maintenance tasks related to storage. This includes scenarios like transitioning from one storage schema version to another (for instance, moving from v1beta1 to v1) and updating encryption methods for data at rest. Currently, the common method for rewriting data involves issuing no-op update requests via kubectl get <resource> | kubectl replace -. However, this approach poses challenges, especially for resource-heavy entities like Kubernetes secrets, and requires automation due to the constantly growing number of resources needing migration.

During storage migration processes, conflicts during update requests can be safely ignored, and inconsistent continue tokens during paginated list operations are also deemed safe since the primary concern is rewriting data rather than how it’s rewritten. This proposal seeks to simplify storage migrations for users by abstracting away these complexities.

This KEP was first released in v1.29 and is currently tracked for beta in the upcoming v1.30 release.

Other Merges

--node-labels has been around for 28 releases, maybe it’s not alpha anymore

Code can traverse all waiting Pods in the scheduler, regardless of which profile they’re waiting in

Prevent race condition between kubelet and CSI external resizer

No more pods that can’t terminate because their volumes won’t unmap

Only try to reschedule failed storage pods if new PVs are available.

Clean up orphan subpaths, even if they’re not directories

nominalConcurrencyShares can be zero

Kubeadm: add more key encryption options, apply patches correctly to ConfigMap, check if node is control plane during upgrade

Relocated the ServiceAccount token audit annotation

Better CPU usage calculation on Windows

APIserver audit log records decode time

Make sure that ConfigMap and Secrets files get created despite a kubelet restart

Testing: NodeLogQuery for Windows

Promotions

CloudDualStackNodeIP is GA

LegacyServiceAccountTokenCleanUp is GA

Version Updates

Kernel Module Management to v2.0.1

Subprojects and Dependency Updates

containerd to v1.7.13 update runc to v1.1.12 addressing CVE-2024-21626

nerdctl to v1.7.3 update runc to v1.1.12 addressing CVE-2024-21626

etcd to v3.5.12 Add livez/readyz HTTP endpoints and v3.4.30

gRPC to v1.61.0fix aggregate cluster design and Add set min/max TLS version APIs to TLS credentials APIs for v1.59.4, v1.56.4, v1.49.4

kops to v1.28.4 update containerd to v1.7.13 & runc to v1.1.12 addressing CVE-2024-21626 and v1.27.3

kind to v0.21.0 patch CVE-2024-21626 and fix an issue with kind build node-image and docker 25.0.0+

kubebuilder to v3.14.0 Support k8s 1.29

via Last Week in Kubernetes Development http://lwkd.info/

February 06, 2024 at 05:00PM

1_r/devopsish1_r/devopsish
·lwkd.info·
Week Ending February 04 2024
New Linux glibc flaw lets attackers get root on major distros
New Linux glibc flaw lets attackers get root on major distros
​Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
1_r/devopsish1_r/devopsish
·bleepingcomputer.com·
New Linux glibc flaw lets attackers get root on major distros
True Story: I loathe HCL | A reasonable configuration language
True Story: I loathe HCL | A reasonable configuration language
I was fed up with the poor opportunities for abstraction in configuration formats. The many configuration languages that exist already were not invented here, so I wrote my own, at first just for fun. But then it became useful.
1_r/devopsish1_r/devopsish
·ruudvanasseldonk.com·
True Story: I loathe HCL | A reasonable configuration language