CloudPro

Github Copilot Autofix: Secure code 3x faster CloudPro #61: How Figma Migrated onto K8s in Less Than 12 months ⭐Masterclass: From Docker Compose to Kubernetes Manifests A hard look at GuardDuty shortcomings Streamlining Keycloak in Kubernetes The hater’s guide to Kubernetes A skeptic's first contact with Kubernetes 🔍Secret Knowledge: Enhancing Bitnami Helm Charts Security Cloudflare adopted OpenTelemetry for logging pipeline Josh Grose on LinkedIn: I spent the last 3 yrs outside of observability Did you know the CNCF has an actual cookbook? Not metaphorically! Unfashionably secure: why we use isolated VMs ⚡Techwave: How Figma Migrated onto K8s in Less Than 12 months Github Copilot Autofix: Secure code 3x faster New Kubernetes CPUManager Static Policy: Distribute CPUs Across Cores Announcing mandatory multi-factor authentication for Azure sign-in GitHub scales on demand with Azure Functions 🛠️HackHub: Best Tools for the Cloud Web tool for database management The devs are over here at devzat, chat over SSH! CloudFormation_To_Terraform Debugging tool for Kubernetes which tests and displays connectivity between nodes in the cluster. Kubernetes network solution Cheers, Shreyans Singh Editor-in-Chief Forward to a Friend ⭐MasterClass: Tutorials & Guides From Docker Compose to Kubernetes Manifests This blog post provides a beginner-friendly guide for developers transitioning from Docker Compose to Kubernetes manifests, using Minikube for local Kubernetes development. It walks through setting up Minikube, deploying a sample application using Docker Compose, converting Docker Compose files into Kubernetes manifests with Kompose, and finally deploying the application on Kubernetes. The guide emphasizes practical steps, like generating and applying Kubernetes manifests, and validating deployments using the Minikube dashboard. A hard look at GuardDuty shortcomings AWS GuardDuty, while a cornerstone in cloud threat detection, isn't without its flaws. It offers good coverage and deep integration with AWS services, but its limitations in service support, detection latency, and cost can leave gaps in your security posture. Adversarial simulations and benchmarks reveal that GuardDuty can miss critical threats, and its detection can be slow, especially for high-impact, low-volume attacks like S3 ransomware. Streamlining Keycloak in Kubernetes In this blog post, the author, a DevOps Engineer at Tikal, shares how they automated the deployment and management of Keycloak, an open-source identity and access management solution, within a Kubernetes environment. By leveraging Kubernetes’ native capabilities, Helm, and Python, they streamlined the complex configuration process, which typically requires extensive manual adjustments. This approach not only ensures consistency and reduces manual efforts but also enables scalable and repeatable deployments. The hater’s guide to Kubernetes Kubernetes often gets a bad rap for being overly complex, especially for startups with small teams. Critics argue it’s over-engineering for tasks that don't need such a heavyweight solution. The key to avoiding its complexity is to use only the necessary features and ignore the rest. While Kubernetes isn’t for everyone, especially for those needing quick, ephemeral workloads, it's a solid choice if you need the robustness it offers and are careful in its application. A skeptic's first contact with Kubernetes The author’s first real exploration of Kubernetes revealed its core concepts like control loops, services, and workload management, which actually simplify and automate many tasks traditionally done manually. Kubernetes uses controllers to ensure that workloads meet desired states, services to manage network traffic efficiently, and storage management to handle data persistence across pods. While the system has some quirks and limitations, its approach to automating and scaling workloads has proven to be a valuable evolution in managing modern infrastructure. Quick Start Kubernetes The course prepares you to leverage Kubernetes for continuous development and deployment. Whether you're scaling applications to meet demand or ensuring seamless updates with minimal downtime, you'll be equipped with the skills necessary for efficient and effective Kubernetes management. This course is your gateway to becoming proficient in one of the most essential tools in the DevOps toolkit. 🔍Secret Knowledge: Learning Resources Related Titles Enhancing Bitnami Helm Charts Security Bitnami enhanced the security of its Helm charts using Kubescape, an open-source Kubernetes security tool that identifies misconfigurations by comparing configurations to industry best practices. By integrating Kubescape into their build pipelines, Bitnami made significant improvements such as eliminating group root dependencies, configuring immutable filesystems, and reducing misconfigured resources. Cloudflare adopted OpenTelemetry for logging pipeline Cloudflare recently transitioned its logging pipeline from syslog-ng to OpenTelemetry Collector to enhance performance, maintainability, and telemetry insights. This move allowed the team to leverage Go, a language more familiar to their engineers, and integrate better observability through Prometheus metrics. Despite challenges like minimizing downtime during the switch and ensuring compatibility with existing infrastructure, the migration has opened up opportunities for further improvements, such as better log sampling and migration to the OpenTelemetry Protocol (OTLP). Josh Grose on LinkedIn: I spent the last 3 yrs outside of observability Josh Grose (ex-Principal PM, Splunk), after three years away from the observability space, was surprised to find that despite companies spending around 30% of their cloud budgets on monitoring, reliability hasn't improved significantly. He observed that even when Service Level Agreements (SLAs) are met, it often comes at the cost of developer productivity and experience. Engineering leaders are frustrated with the high costs and limited improvements in key metrics like Mean Time to Recovery (MTTR) and development speed, leading to the perception that observability has become an expensive and ineffective necessity. Did you know the CNCF has an actual cookbook? Not metaphorically! The "Cloud Native Community Cookbook" is a unique collection of recipes put together by the CNCF and Equinix Metal, born out of the increased time people spent at home during the COVID-19 pandemic. Instead of focusing on cloud technologies, this cookbook brings together food recipes shared by members of the Cloud Native community, originally exchanged in Equinix Metal's Slack channel. Unfashionably secure: why we use isolated VMs While modern cloud architectures often favor shared, multi-tenant environments for efficiency and scalability, Thinkst Canary opts for a less trendy but highly secure approach by using isolated virtual machines (VMs) for each customer. This choice prioritizes security by ensuring that each customer's data and services are completely separated, reducing the risk of cross-customer data breaches. Although this method comes with higher operational costs and complexity, it provides a stronger security boundary, making it easier to manage risks and sleep better at night. ⚡TechWave: Cloud News & Analysis How Figma Migrated onto K8s in Less Than 12 months Figma completed its migration to Kubernetes in under a year by meticulously planning and executing a well-scoped transition. Initially running services on AWS's ECS, Figma faced limitations such as complex stateful workloads and limited auto-scaling. The decision to move to Kubernetes (EKS) was driven by its broader functionality, including support for StatefulSets, Helm charts, and advanced scaling options from the CNCF ecosystem. By Q1 2024, Figma had migrated most core services with minimal impact on users, resulting in enhanced reliability, reduced costs, and a more flexible compute platform. Github Copilot Autofix: Secure code 3x faster Copilot Autofix, now available in GitHub Advanced Security, is an AI-powered tool designed to help developers fix code vulnerabilities more than three times faster than manual methods. It analyzes vulnerabilities, explains their significance, and offers code suggestions for quick remediation. This accelerates the fixing process for both new vulnerabilities and existing security debt, significantly reducing the time and effort required for secure coding. Copilot Autofix is included by default for GHAS customers and also available for open source projects starting in September. New Kubernetes CPUManager Static Policy: Distribute CPUs Across Cores Kubernetes v1.31 introduces a new alpha feature called "distribute-cpus-across-cores" for the CPUManager's static policy. This option aims to enhance performance by spreading CPUs more evenly across physical cores, rather than clustering them on fewer cores. This reduces contention and resource sharing between CPUs on the same core, which can boost performance for CPU-intensive applications. To use this feature, users need to adjust their Kubernetes configuration to enable it. Currently, it cannot be combined with other CPUManager options, but future updates will address this limitation. Announcing mandatory multi-factor authentication for Azure sign-in Microsoft is making multi-factor authentication (MFA) mandatory for all Azure sign-ins to enhance security and protect against cyberattacks. Starting in the latter half of 2024, Azure users will need to use MFA to access the Azure portal and admin centers, with broader enforcement for other Azure tools like CLI and PowerShell set for early 2025. MFA, which adds an extra layer of security by requiring more than just a password, is shown to block over 99% of account compromises. GitHub scales on demand with Azure Functions GitHub faced scalability issues with its internal data pipeline, which struggled to handle the massive amount of data it collects daily. To address this, GitHub partnered with Microsoft to use Azure Functions' new Flex Consumption plan, which allows serverless functions to scale dynamically based on demand. This solution has enabled GitHub to efficiently process up to 1.6 million events per second, addressing their growth challenges and improving performance with minimal overhead. 🛠️HackHub: Best Tools for Cloud commandprompt/pgmanage PgManage is a modern graphical database client for PostgreSQL, focusing on management features and built on the now-dormant OmniDB project. quackduck/devzat Devzat is a chat service accessible via SSH that replaces the traditional shell prompt with a chat interface, allowing you to connect from any device with SSH capabilities. aperswal/CloudFormation_To_Terraform The CloudFormation to Terraform Converter is a tool that automates the migration of AWS CloudFormation templates to Terraform configuration files. bloomberg/goldpinger Goldpinger monitors Kubernetes networking by making calls between its instances and providing Prometheus metrics for visualization and alerts. ZTE/Knitter Knitter is a Kubernetes CNI plugin that supports multiple network interfaces for pods, allowing custom network configurations across various cloud environments. Buy now at $16.99 $10.99 Buy now at $39.99 $27.98 Buy now at $24.99 $16.99 📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us. If you have any comments or feedback, just reply back to this email. Thanks for reading and have a great day! *{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{line-height:0;font-size:75%} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

European grocery store becomes cloud services providerCloudPro #65: IBM acquires Kubecost[Sponsored] Use AI to 10X your productivity & efficiency at work with AI (free bonus)Save your free spot here (seats are filling fast!) ⏰⭐MasterclassA Guide to Kubernetes Network PoliciesDockerfile Instructions - ADD vs. COPYHow to add new worker node to existing Kubernetes clusterHow I Reduced Docker Image Size from 588 MB to Only 47.7 MBAmbient mesh: Can sidecar-less Istio make your application faster?🔍Secret KnowledgeOops, I Deleted the AWS Auth RolesRising Incidents on Git PlatformsHow Postgres stores data on diskHow We Integrate a New Service in Under 1 Hour for 25 ClustersEleventeen ways to delete an AWS resource⚡TechwaveEuropean grocery store becomes cloud services providerIBM acquires KubecostIntroducing Pulumi Insights 2.0Linus Torvalds advises open-source developers to pursue meaningful projects, not hypeJFrog Extends GitHub Alliance to Provide Unified Dashboard🛠️HackhubApeman: AWS attack path management toolCyphernetes: A Kubernetes Query LanguageDesed:A command-line tool for complex sed scriptsKueue: Kubernetes-native Job QueueingAWS CloudFormation Starterkit💡Recommended Reading: Implementing GitOps with KubernetesCheers,Shreyans SinghEditor-in-ChiefJoin Roman Lavrik from Deloitte Snyk hosted DevSecCon 2024Snyk is thrilled to announce DevSecCon 2024, Developing AI Trust Oct 8-9, a FREE virtual summit designed for DevOps, developer and security pros of all levels.Join Roman Lavrik from Deloitte, among many others, and learn some presciptive DevSecOps methods for AI-powered development.Save your spot⭐MasterClass: Tutorials & GuidesA Guide to Kubernetes Network PoliciesIn Kubernetes, network policies control the traffic between pods, ensuring secure communication within the cluster. There are two main types: Layer 4 (L4) and Layer 7 (L7) policies. L4 policies manage traffic at the transport layer (e.g., TCP/UDP) based on IP addresses and ports, while L7 policies operate at the application layer (e.g., HTTP) with more fine-grained control over communication between services. L7 policies often require a service mesh like Linkerd, which adds features like mutual TLS (mTLS) for encrypted communication.Dockerfile Instructions - ADD vs. COPY`COPY` is simple and secure, only transferring files from the local build context to the image. In contrast, `ADD` offers extra functionality, such as downloading files from URLs or automatically extracting compressed archives. However, this added flexibility introduces complexity and potential security risks. Best practice recommends using `COPY` for most cases due to its straightforwardness, reserving `ADD` for situations where its unique features are necessary.How to add new worker node to existing Kubernetes clusterTo add a new worker node to an existing Kubernetes cluster, start by setting up a new Ubuntu 24.04 instance and configuring its hostname and `/etc/hosts` file. Disable swap memory, load necessary kernel modules, and install containerd as the container runtime. Add the Kubernetes APT repository, then install Kubernetes components like kubeadm, kubelet, and kubectl. On the control plane node, generate a kubeadm join command with a token. Run this command on the new worker node to join the cluster. Finally, verify the addition by checking the nodes from the control plane using `kubectl get nodes`.How I Reduced Docker Image Size from 588 MB to Only 47.7 MBTo significantly reduce a Docker image size, using multi-stage builds is key. In this case, a Flask app's image size was reduced from 588 MB to just 47.7 MB by switching to the lightweight Python 3.9-alpine image and using a multi-stage build approach. Multi-stage builds allow you to separate the build and runtime environments, keeping only essential runtime dependencies in the final image. Additionally, minimizing the number of layers by combining commands, using a `.dockerignore` file to exclude unnecessary files, and optimizing the Dockerfile structure contributed to this impressive 91.89% reduction.Ambient mesh: Can sidecar-less Istio make your application faster?Ambient mode in Istio, introduced in 2022, allows a sidecar-less architecture that can sometimes make applications faster. In traditional service meshes, adding latency is expected, but tests with ambient mode showed slightly improved performance in some cases, like the Bookinfo application's details service. This is partly because of more efficient connection handling and reduced syscalls in ambient mode, which offsets the overhead of extra hops via lightweight ztunnels.🔍Secret Knowledge: Learning ResourcesOops, I Deleted the AWS Auth RolesThe author, while managing an EKS (Elastic Kubernetes Service) cluster using Terraform, accidentally deleted the AWS authentication roles, which are crucial for accessing the cluster. This resulted in losing access to the EKS cluster. The fix involved manually restoring access by modifying the EKS API access configuration via the AWS Console, re-adding the necessary admin roles, and regenerating the `aws-auth` config map.Rising Incidents on Git PlatformsIn 2023, incidents affecting popular DevOps platforms like GitHub, Bitbucket, GitLab, and Jira increased, with issues such as RepoJacking, security vulnerabilities, and performance disruptions. GitHub saw a rise in attacks, with hackers exploiting vulnerabilities and hosting malware. Atlassian products like Bitbucket and Jira faced security flaws, with Jira experiencing a significant increase in incidents. GitLab suffered from performance issues and security breaches, including a major Proxyjacking attack.How Postgres stores data on diskPostgres stores data on disk in a well-organized, file-based structure within a directory, typically located at `/var/lib/postgresql/data`. Inside this directory, you'll find folders like `base/`, where actual database data for each database is stored, and `pg_wal/`, which holds the Write-Ahead Log (WAL) files that help recover data after crashes. Each table and database object is ultimately represented by files in these directories. PostgreSQL uses clever abstractions to manage data, such as snapshots for transactions, dynamic shared memory for handling multiple processes, and special mechanisms like tablespaces for physically separating certain data.How We Integrate a New Service in Under 1 Hour for 25 ClustersThe article describes how a team integrated a new service called Otterize across 25 clusters in under an hour, emphasizing that while the technical setup was quick, the lengthy licensing process took over four months. The integration involved automating several steps using GitOps and tools like Argo CD to avoid manual errors. Key tasks included creating an organization and environment, inviting users, integrating with Kubernetes, securely managing credentials, and deploying the setup through a script.Eleventeen ways to delete an AWS resourceOur goal is to reduce AWS costs, but the deletion methods vary widely, often leaving users frustrated. They categorize deletion patterns, from simple one-click deletes to more complex confirmations that require typing specific phrases or acknowledging consequences. Ultimately, AWS should standardize its deletion processes to improve user experience and security, and they call for more data on user behavior during these actions.⚡TechWave: Cloud News & AnalysisEuropean grocery store becomes cloud services providerLidl, through its parent company Schwarz Group, unintentionally entered the competitive world of cloud computing when it built its own cloud system in 2021 to meet internal needs. As other German businesses sought alternatives to U.S. and Chinese cloud providers, Schwarz Group recognized a demand for data services with a focus on European data privacy standards. This led to the creation of Schwarz Digits, which now provides cloud and cybersecurity services, attracting major clients like SAP and Bayern Munich. While competing with giants like Amazon and Google, Schwarz Digits differentiates itself with a focus on digital sovereignty and data protection.IBM acquires KubecostIBM has acquired Kubecost, a startup that helps companies optimize and monitor their Kubernetes clusters for cost efficiency. Kubecost, known for its widely adopted Kubernetes cost management tool and its open-source project OpenCost, will enhance IBM’s FinOps capabilities. Kubecost will likely be integrated into IBM's FinOps Suite and potentially its OpenShift platform.Introducing Pulumi Insights 2.0Pulumi Insights 2.0 expands beyond just Pulumi-managed infrastructure to provide visibility into all cloud resources, offering powerful tools for assessing security, efficiency, and management. It introduces new features like comprehensive infrastructure scanning, visual explorers, and dashboards to help organizations manage their cloud environments more effectively. Insights 2.0 integrates with Pulumi’s Infrastructure-as-Code (IaC) tools, making it easier to bring unmanaged infrastructure under IaC.Linus Torvalds advises open-source developers to pursue meaningful projects, not hypeAt the Open Source Summit Europe, Linus Torvalds encouraged open-source developers to focus on meaningful projects rather than chasing trends and hype. While discussing the latest Linux kernel updates, he emphasized that progress in Linux remains steady, even if not always exciting, with a focus on reliability. Torvalds also praised the ongoing evolution of Linux and the wider open-source ecosystem, noting its democratizing effect for new developers.JFrog Extends GitHub Alliance to Provide Unified DashboardJFrog and GitHub have expanded their partnership to provide developers with a unified platform for better security and productivity. This integration offers a consolidated view of project statuses and security through tools like GitHub's Copilot chat and JFrog’s Advanced Security features. Developers can now get insights on third-party packages, track vulnerabilities earlier, and navigate between code and the binaries it produces seamlessly.🛠️HackHub: Best Tools for CloudApeman: AWS attack path management toolProject Apeman is an AWS attack path management tool that helps analyze and manage AWS security data. To set it up, you need Docker, Python, and a virtual environment. Once the system is initialized, Apeman gathers AWS account data, including authorization details and ARNs, which are then ingested into a graph database for analysis.Cyphernetes: A Kubernetes Query LanguageCyphernetes is a Cypher-inspired query language for Kubernetes, simplifying complex Kubernetes operations with intuitive, SQL-like queries. It allows developers to easily manage Kubernetes resources by expressing relationships between them, such as connecting deployments to services and ingresses.Desed:A command-line tool for complex sed scriptsDesed is a command-line tool designed to help debug and understand complex `sed` scripts. It allows users to step through their scripts, both forwards and backwards, preview how substitute commands will affect the pattern space, and set breakpoints to examine the program's state. Desed also supports hot reloading, so changes to the source code can be instantly applied without restarting the debugger.Kueue: Kubernetes-native Job QueueingKueue is a Kubernetes-native job queueing system that manages when jobs start and stop based on a variety of factors, such as priorities and resource availability. It offers features like job management with FIFO strategies, resource fair sharing, dynamic resource reclaim, and integration with popular job types like BatchJob and Kubeflow training jobs.AWS CloudFormation StarterkitAn AWS CloudFormation starterkit including CI/CD and dev tools that allow you to securely and quickly deploy CloudFormation stacks on your AWS account.📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{line-height:0;font-size:75%} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

I created DevOps Interview Preparation Lab based on Interviews from Microsoft, Airbnb, AccentureCloudPro #69: AI agents invade observabilityJoinGenerativeAI InActionnow withaFull Event Pass for just $239.99—40% off the regular price—with codeFLASH40.BOOK TODAY AT $239.99 $399.99Three Reasons Why You Cannot Miss This Event:-Network with 25+ Leading AI Experts-Gain Insights from 30+ Dynamic Talks and Hands-On Sessions-Engage with Experts and Peers through 1:1 Networking, Roundtables, and AMAsAct fast—this FLASH SALE is only for a limited number of seats!CLAIM NOW- LIMITED SEATSToday we will talk about:⭐MasterclassAI agents invade observability: snake oil or the future of SRE?I created DevOps Interview Preparation Lab based on Interviews from Microsoft, Airbnb, Accenture, and othersQA's Dead: Where Do We Go From Here?Convert OpenTelemetry Traces to Metrics using SpanMetrics ConnectorReduce Network Traffic Costs in Your Kubernetes Cluster🔍Secret KnowledgeSQLite on RailsJust use PostgresWhy I still Self-Host my ServersEssays on programming I think about a lotA detailed guide to cron jobs⚡TechwaveHow Google fine-tuned Gemma model for FlipkartAWS has launched Console to Code: tool that generates codeBring your conversations to WhatsApp with AWS End User Messaging SocialIntroducing pipe syntax in BigQuery and Cloud LoggingGCloud Database Center: AI-powered, unified fleet management solution preview now open to all customers🛠️Hackhubagnost-gitops: Open source GitOps platform running on Kubernetes clusterskube-downscaler: Scale down Kubernetes deployments after work hoursAWS Mine: honey token system designed to generate AWS access keysTinyStatus:A simple, customizable status page generator that monitors and displays the status of services on a responsive web page.Litecli:A command-line client for SQLite databases, featuring auto-completion and syntax highlighting.Cheers,Shreyans SinghEditor-in-ChiefLooking to build, train, deploy, or implement Generative AI?Meet Innodata — offering high-quality solutions for developing and implementing industry-leading generative AI, including:With 5,000+ in-house SMEs and expansion and localization supported across 85+ languages, Innodata drives AI initiatives for enterprises globally.Learn More⭐MasterClass: Tutorials & GuidesAI agents invade observability: snake oil or the future of SRE?This article explores how AI, particularly agentic AI, is transforming the field of observability and monitoring. Traditional monitoring tools use dashboards, alerts, and data insights to help developers and operators manage system health, but new AI agents are designed to act more like team members. These agents, powered by large language models (LLMs), can analyze operational data and automate tasks like incident response and maintenance.I created DevOps Interview Preparation Lab based on Interviews from Microsoft, Airbnb, Accenture, and othersThis hands-on lab is designed to help you prepare for DevOps interviews by walking you through key tools like Python web apps, Docker, Kubernetes, Helm Charts, GitHub Actions for CI/CD, and Ingress Controllers. It's practical, not theory-based, and helps you build a project from scratch through containerization, deployment, and CI/CD setup.QA's Dead: Where Do We Go From Here?The concept of traditional QA (Quality Assurance) has evolved, shifting responsibility for software quality from a separate QA team to developers themselves. In the old model, QA was a distinct stage that came after development, causing delays, inefficiencies, and higher costs due to late bug detection. Now, with agile methodologies and advanced tooling, testing is integrated throughout the development process. Developers take ownership of quality, using tools like automated testing, CI/CD pipelines, and instant feedback mechanisms. QA isn't dead; instead, it has become an essential part of every developer's role, with QA professionals either moving into technical automation roles or higher-level strategic positions.Convert OpenTelemetry Traces to Metrics using SpanMetrics ConnectorThe SpanMetrics Connector in OpenTelemetry converts trace data into actionable metrics, which is useful when robust tracing is in place but metrics instrumentation is lacking. It works by extracting metrics from spans (units of trace data) and aggregating them into key performance indicators like request counts, errors, and durations. This unified approach simplifies observability by reducing the need for separate instrumentation for traces and metrics. By configuring the connector, developers can easily generate custom metrics, optimize system performance, and enhance monitoring without increasing overhead or complexity.Reduce Network Traffic Costs in Your Kubernetes ClusterTo reduce network traffic costs in a Kubernetes cluster, it's important to minimize cross-availability zone (AZ) traffic, which can increase latency and lead to higher data transfer costs. Strategies to reduce this include intelligent node placement, ensuring related pods are located in the same AZ to avoid unnecessary data transfer. Topology-aware routing ensures traffic is directed within the same AZ, while using local persistent volumes keeps data close to the pods accessing it. Pod topology spread constraints help evenly distribute pods across zones, further minimizing cross-AZ communication and improving both performance and cost-efficiency.🔍Secret Knowledge: Learning ResourcesSQLite on RailsRunning SQLite on Rails can provide good performance, but out-of-the-box it isn’t optimized for high-concurrency production environments. This is mainly due to SQLite’s single-write locking mechanism, which can cause errors and bottlenecks when multiple threads attempt to write at the same time. However, by fine-tuning configurations—like setting immediate transactions, adjusting busy timeouts, and managing connection pools—Rails apps can achieve resilient performance. Advanced techniques, such as using custom busy handlers and write-ahead logging (WAL), further enhance concurrency and minimize delays, making SQLite on Rails a viable production option.Just use PostgresWhen building a new application requiring persistent storage, Postgres should be your default choice. It highlights why other databases might not be ideal: SQLite is great for single-machine apps but limited for distributed systems, NoSQL databases like MongoDB require rigid access patterns, and newer databases like XTDB pose long-term risks. Postgres offers flexibility, scalability, and a rich ecosystem of tools, making it a reliable and efficient choice for most web applications without the trade-offs of other databases.Why I still Self-Host my ServersTwo reasons: independence and learning. Hosting own services lets the author stay free from corporate control and subscriptions while teaching valuable skills that benefit his career as a software engineer. From managing a Proxmox cluster and Pi-Hole DNS servers to troubleshooting outages and hardware issues, the experience forces him to dive deeper into the technical aspects of system administration. This continuous learning has proven useful in handling complex distributed systems at work. Despite the challenges, like hardware failures and occasional crashes, the lessons learned make it worthwhile.Essays on programming I think about a lotThis passage highlights several key programming essays that have deeply impacted the author's thinking and engineering approach. These essays cover various topics, from understanding complex systems, choosing stable technology, and managing abstractions, to hiring strong engineering teams and designing scalable distributed systems. The recurring theme is thoughtful, pragmatic decision-making in software engineering, advocating for simplicity, clear abstraction boundaries, and understanding the deeper layers of technology. Each essay provides timeless insights, shaping the author's work habits, and the list invites others to explore and reflect on these ideas for themselves.A detailed guide to cron jobsA cron job is a scheduled task or command in Unix-based systems, like Linux and macOS, that automates repetitive processes such as backups, email sending, or database updates. Cron jobs use a specific time-based syntax to determine when and how often the task should run. This guide explains how to set up, edit, and manage cron jobs, including the syntax, adding new jobs, and checking their logs. It also covers methods for monitoring cron jobs, such as using logs, monitoring tools, and email alerts to ensure tasks run as expected without system issues.⚡TechWave: Cloud News & AnalysisHow Google fine-tuned Gemma model for FlipkartThe blog describes the process of fine-tuning Gemma, an instruction-tuned AI model, for a conversational shopping assistant. It starts with data preparation using a subset of Flipkart’s product catalog, filtering for clothing items and generating Q&A pairs based on product details. Fine-tuning was achieved using LoRA, a parameter-efficient method, with multiple iterations on both pre-trained and instruction-tuned models. The fine-tuning was scaled using multi-GPU setups on Google Kubernetes Engine (GKE). Hyperparameter tuning was also crucial to optimize model performance, ensuring the chatbot provides accurate, contextual responses.AWS has launched Console to Code: tool that generates codeAWS has launched "Console to Code," a tool that simplifies the process of moving from prototyping in the AWS Management Console to writing production-ready code. This tool automatically captures actions taken in the console and generates code in formats like CLI, CloudFormation, and CDK, following AWS best practices. It helps users quickly create reusable, automation-friendly code without needing to manually write it, streamlining the transition from console use to Infrastructure-as-Code (IaC). This service is available for key AWS services like EC2, VPC, and RDS.Bring your conversations to WhatsApp with AWS End User Messaging SocialAWS has introduced "End User Messaging Social," allowing developers to send messages to their users on WhatsApp, the world’s most popular messaging app. With this tool, developers can create rich, interactive messaging experiences that include multimedia content. WhatsApp can now be used alongside SMS and Push notifications, giving businesses multiple ways to reach their audience. Setting up WhatsApp messaging is easy, with options to create a new WhatsApp Business Account or link an existing one, all within the AWS console.Introducing pipe syntax in BigQuery and Cloud LoggingGoogle Cloud has introduced a new "pipe syntax" in BigQuery and Cloud Logging, designed to simplify log data queries. This new syntax uses a pipe symbol (|>) to break down complex SQL queries into clear, easy-to-read steps, improving the readability and writability of log analysis tasks. With this innovation, users can quickly filter, aggregate, and explore log data, making it easier to extract insights. BigQuery’s enhanced performance features, like faster numeric search indexes and better handling of JSON data, further streamline log analysis. Pipe syntax is now available in preview.GCloud Database Center: AI-powered, unified fleet management solution preview now open to all customersGoogle Cloud has launched Database Center, an AI-powered solution that simplifies managing large, complex database fleets. It provides a unified interface for monitoring and optimizing databases like Cloud SQL, AlloyDB, and Spanner. Database Center helps businesses detect and address performance and security issues with proactive recommendations, ensuring smoother operations and better compliance with industry standards. It also includes AI-powered chat for quick troubleshooting and optimization insights, allowing users to improve performance, reduce costs, and strengthen security across their entire database landscape.🛠️HackHub: Best Tools for Cloudagnost-gitops: Open source GitOps platform running on Kubernetes clustersAgnost GitOps is an open-source platform for continuous deployment (CD) on Kubernetes clusters. It automates the process of building, deploying, and managing applications by connecting your GitHub, GitLab, or Bitbucket repository. When you push new code, Agnost builds a Docker image using Kaniko and deploys it to your Kubernetes cluster.kube-downscaler: Scale down Kubernetes deployments after work hoursKube-downscaler is a Kubernetes tool designed to automatically scale down or pause workloads (like Deployments, StatefulSets, and HorizontalPodAutoscalers) during non-work hours, helping organizations save on cloud costs. It operates based on a configurable schedule of uptime and downtime, using Kubernetes annotations or command-line options.AWS Mine: honey token system designed to generate AWS access keysThe "aws-mine" project is a honey token system designed to generate AWS access keys that can be strategically placed in various locations to lure and detect potential attackers. If someone attempts to use these keys, the system sends a notification within about four minutes, allowing you to investigate the source and assess whether the asset has been compromised.TinyStatus:A simple, customizable status page generator that monitors and displays the status of services on a responsive web page.It checks the status of HTTP endpoints, pings hosts, and monitors open ports, displaying results on a clean and responsive web page. The system is configured using YAML files, and it supports both light and dark themes, as well as incident history tracking.Litecli:A command-line client for SQLite databases, featuring auto-completion and syntax highlighting.Upon first use, LiteCLI generates a configuration file that can be customized for user preferences. It streamlines database interactions by predicting commands and formatting output, enhancing the command-line experience for SQLite users.📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{line-height:0;font-size:75%} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Chrome Vulnerability Reward Program (VRP) has updated its rewardsCloudPro #67: Supercharge Your Kubernetes Workflow with Essential Tools: Starship, Kubectx, Kubecolor, and K9sThis 3 hour power packed workshop that will teach you 25+ AI Tools, make you a master of prompting & talk about hacks, strategies & secrets that only the top 1% know of.Best thing? It's usually $399, but it's absolutely free for the first 100 readers.Save your seat now (Offer valid for 24 hours only)⭐Masterclass[Sponsored] Become an AI Powered Professional. Free 3-hour ChatGPT and AI workshop for ProfessionalsPreemptible pods: Optimizing Kubernetes node utilizationSupercharge Your Kubernetes Workflow with Essential Tools: Starship, Kubectx, Kubecolor, and K9sExploring Helm template dictionary objects: Syntax evolution and best practicesDockerizing a Golang API with MySQL and adding Docker Compose SupportKarmada: Deep dive into managing multiple AKS clusters🔍Secret KnowledgeZero Downtime Deployment in AWS with TofuCron Jobs on LinuxHow To Run Migrations Across 2,800 MicroservicesTransform AWS exam generator architecture to open sourceHow to Run WebAssembly on Amazon EKS⚡TechwaveChrome Vulnerability Reward Program (VRP) has updated its rewardsHow misconfigured AWS IAM roles using GitLab's OpenID Connect (OIDC) can allow unauthorized users to assume rolesPreview Release of the Migration Tool for the AWS SDK for Java 2.xAmazon’s Exabyte-Scale Migration from Apache Spark to Ray on Amazon EC2Unlock 1 Million RPS: Experience Triple the Speed with Valkey🛠️Hackhubkubeai: Private Open AI on Kubernetescyphernetes: A Kubernetes Query Languagechartdb: Free and open-source database diagrams editor, visualize and design your DB with a single query.stack-auth: Open-source Auth0/Clerk alternativemariadb-operator: Run and operate MariaDB in a cloud native way💡Get 30% off on CloudPro Book of the Week: AWS DevOps SimplifiedCheers,Shreyans SinghEditor-in-ChiefLast Chance! For the next 48 hours only, save $150 on your full event pass!Imagine being part of 10+ Power Talks, 12+ Hands-On Workshops, and 3 Interactive Roundtables—while networking with 30+ top industry leaders and hundreds of tech professionals from across the globe. This is your opportunity to dive into cutting-edge AI solutions at the Generative AI in Action 2024 Conference.It's all happening on November 11-13 (LIVE, Virtual) - prices increase permanently on Saturday!BOOK YOUR SEAT NOW before prices go up!Use code LASTCHANCE40 at checkoutBOOK NOW AT $399.99 $239.99⭐MasterClass: Tutorials & GuidesPreemptible pods: Optimizing Kubernetes node utilizationPreemptible Pods in Kubernetes enable efficient resource management by allowing you to assign priorities to different workloads through pod priority and preemption mechanisms. This means that critical applications are guaranteed the resources they need because higher-priority pods can preempt, or evict, lower-priority ones when resources are scarce. By implementing PriorityClasses and configuring pods accordingly, you ensure that essential services remain responsive and that your cluster optimizes node utilization.Supercharge Your Kubernetes Workflow with Essential Tools: Starship, Kubectx, Kubecolor, and K9sTo enhance your Kubernetes workflow, using tools like Starship, Kubectx, Kubecolor, and K9s can significantly improve efficiency. Starship provides a customizable, fast shell prompt that shows key info like cluster and namespace, while Kubectx and Kubens allow quick switching between clusters and namespaces. Kubecolor adds color to kubectl output for better readability, and K9s offers a terminal-based UI to manage and visualize Kubernetes resources easily.Exploring Helm template dictionary objects: Syntax evolution and best practicesHelm, the Kubernetes package manager, uses dictionary objects in its templating system to manage key-value pairs for application deployment. Initially, Helm syntax allowed for creating dictionaries in a single line, but this became cumbersome when handling many properties. Over time, a more efficient syntax evolved, using the `set` function to incrementally add properties to a dictionary without recreating it. Best practices for using Helm dictionaries include adding properties incrementally, avoiding reassignment to prevent data loss, maintaining consistent naming conventions, and thoroughly testing templates to ensure correct Kubernetes manifest generation.Dockerizing a Golang API with MySQL and adding Docker Compose SupportDockerizing a Golang API with MySQL simplifies the process of developing and testing APIs locally by containerizing both the API and database. First, you create a Dockerfile for the Go API using best practices like lightweight base images, multi-stage builds, creating a binary, and optimizing Docker layers. This ensures a smaller and more efficient container. Then, to streamline managing both the API and MySQL containers, Docker Compose is used. A `compose.yml` file sets up both services, ensuring the API only starts once the MySQL database is ready, avoiding connection issues. This setup makes local development smoother and easier to replicate.Karmada: Deep dive into managing multiple AKS clustersKarmada (Kubernetes Armada) is a tool that simplifies managing multiple AKS (Azure Kubernetes Service) clusters by treating them like a single entity. It helps deploy applications across clusters while handling tasks like scheduling, resource propagation, and ensuring consistency. Karmada’s components—such as the API Server, Controller Manager, Scheduler, and Agent—work together to automate the deployment process. It supports advanced strategies like multi-cluster deployments, disaster recovery, and canary releases.🔍Secret Knowledge: Learning ResourcesZero Downtime Deployment in AWS with TofuZero Downtime Deployment in AWS is a strategy to update applications without causing service interruptions. By leveraging tools like OpenTofu, Terraform, and AWS SAM, developers can ensure seamless updates. Techniques like instance refreshes in Auto Scaling Groups (using OpenTofu), immutable infrastructure (Terraform + Ansible), and advanced deployment strategies like Blue/Green and Canary deployments enable applications to be updated while keeping them available to users. These approaches allow for gradual testing, automated rollbacks, and maintaining reliability.Cron Jobs on LinuxCron jobs in Linux are scheduled tasks that automate running scripts or commands at specific times or intervals, managed by the cron daemon. Common use cases include backups, updates, and system health checks. Users can create, view, or edit cron jobs using the `crontab` command. Cron jobs are defined using a simple time-based syntax, where each job can run on a specific schedule (e.g., hourly, daily, or weekly). Cron jobs can be user-specific or system-wide, and their syntax supports flexible timing options like ranges, lists, and intervals.How To Run Migrations Across 2,800 MicroservicesTo handle migrations across 2,800 microservices, we use a centrally driven approach where a single team manages the entire process. This allows us to keep libraries up-to-date, maintain consistency, and automate the bulk of the changes, reducing coordination overhead and minimizing risks of failure. Our strategy relies on a monorepo structure, consistent technology (like Go), and powerful mass deployment tooling. We start by wrapping old libraries, automate common updates, handle edge cases manually, and control rollouts via config changes to ensure smooth transitions without downtime.Transform AWS exam generator architecture to open sourceIn this series, we aim to transform a serverless AWS architecture for an exam generator app into an open-source version. The original solution helps educators create curriculum-aligned assessments quickly, while students can take personalized quizzes with instant feedback. We'll replace key AWS services like Cognito, Lambda, DynamoDB, and Fargate with open-source alternatives and host everything on a Kubernetes cluster.How to Run WebAssembly on Amazon EKSThe article outlines the process of setting up a Wasm environment on Amazon EKS using tools like HashiCorp Packer and Terraform to create custom Amazon Machine Images (AMIs) and manage the infrastructure. It details how to build an EKS cluster, deploy example workloads using different Wasm runtimes (Spin and WasmEdge), and check if everything is working correctly. Finally, it offers instructions for cleaning up the resources after running the applications.⚡TechWave: Cloud News & AnalysisChrome Vulnerability Reward Program (VRP) has updated its rewardsGoogle's Chrome Vulnerability Reward Program (VRP) has updated its reward structure to encourage deeper research into Chrome's security vulnerabilities. As Chrome becomes more secure, finding impactful bugs has become harder. The new structure separates memory corruption bugs from other vulnerability types and offers higher rewards for more complex, well-documented reports, such as those demonstrating remote code execution (RCE) or memory corruption. The top reward for an RCE in a non-sandboxed process is now $250,000. These changes aim to incentivize thorough and high-quality bug reporting, ensuring Chrome remains secure.How misconfigured AWS IAM roles using GitLab's OpenID Connect (OIDC) can allow unauthorized users to assume rolesThe article by Nick Frichette explains how misconfigured AWS IAM roles using GitLab's OpenID Connect (OIDC) can allow unauthorized users to assume roles. This occurs when the trust policy lacks restrictions on which specific GitLab groups or projects can access the role. By default, the AWS Console creates a vulnerable trust policy, making it possible for any GitLab user to exploit the misconfiguration. The article walks through how to generate a GitLab OIDC token and use it to assume a misconfigured role, highlighting the risks of default settings in AWS.Preview Release of the Migration Tool for the AWS SDK for Java 2.xAWS has released a preview of a migration tool to help developers transition from AWS SDK for Java 1.x to 2.x, as 1.x is now in maintenance mode. This tool uses OpenRewrite, an open-source code refactoring tool, to automate much of the migration process. It currently supports most service SDK clients, except for AmazonS3Client, TransferManager, and DynamoDBMapper, and helps reduce the time and effort needed for the upgrade. Developers can use this tool with Maven or Gradle projects, choosing between preview (dryRun) or actual (run) modes to apply the changes.Amazon’s Exabyte-Scale Migration from Apache Spark to Ray on Amazon EC2Amazon’s Business Data Technologies (BDT) team is migrating from Apache Spark to Ray on Amazon EC2 to handle exabyte-scale data more efficiently. The switch is driven by the need to reduce data processing costs and time for their large business intelligence datasets. Apache Spark, though powerful, had started to show limitations with scalability and performance as their data grew. Ray, initially known for machine learning tasks, offered a more flexible and cost-effective solution with its distributed compute capabilities, reducing processing costs by 82% and improving data processing speeds significantly.Unlock 1 Million RPS: Experience Triple the Speed with ValkeyValkey 8.0, set for release in September 2024, introduces a new multi-threaded architecture that significantly boosts performance, increasing throughput by 230% to over 1 million requests per second and reducing latency by nearly 70%. This is achieved through an innovative I/O threading system, where dedicated worker threads handle tasks like reading commands and writing responses, freeing up the main thread to focus on executing commands. Valkey 8.0 also supports larger shards, improving performance for workloads that don't scale well horizontally, but comes with trade-offs like increased complexity in managing larger nodes.🛠️HackHub: Best Tools for Cloudkubeai: Private Open AI on KubernetesKubeAI is an open-source tool that allows users to run AI models like LLMs (Large Language Models), embeddings, and speech-to-text on Kubernetes. It provides an API compatible with OpenAI, letting users serve and scale models like Whisper and vLLM across CPU, GPU, and soon TPU infrastructure.cyphernetes: A Kubernetes Query LanguageCyphernetes is a query language for Kubernetes inspired by Cypher (from Neo4j) that simplifies managing Kubernetes resources. Instead of complex `kubectl` commands, Cyphernetes lets users perform operations like finding and modifying deployments, services, and ingresses with clear, SQL-like syntax.chartdb: Free and open-source database diagrams editor, visualize and design your DB with a single query.ChartDB is an open-source, web-based tool for creating and editing database diagrams. With a single "Smart Query," users can instantly visualize their database schema, making it easy to understand and document database structures. It supports multiple databases like PostgreSQL, MySQL, and SQLite.stack-auth: Open-source Auth0/Clerk alternativeChartDB is a free, open-source tool for creating and editing database diagrams. It allows users to instantly visualize their database schema with a single query and supports databases like PostgreSQL, MySQL, and SQLite. Users can interactively edit schemas, export SQL scripts, and even use AI to generate migration scripts for switching between databases.mariadb-operator: Run and operate MariaDB in a cloud native wayThe MariaDB Operator allows users to manage MariaDB databases in a cloud-native environment using Kubernetes. It simplifies tasks like deploying and operating MariaDB instances through Custom Resource Definitions (CRDs), enabling features like high availability, automated backups, and flexible storage options.📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{line-height:0;font-size:75%} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Elasticsearch is Open Source, AgainCloudPro #64: Introducing OpenAI o1Hack the Cybersecurity InterviewPrepare for cybersecurity job interviews across various roles, from entry-level to expert positions.It covers topics like answering technical and behavioral questions, understanding different cybersecurity roles and developing important soft skills.It includes information on salaries, career paths, and how to find jobs in tough markets.Get It for $35.99 $24.99⭐MasterclassDeploying Databases in K8s with PostgreSQL, CloudNative-PG, and Ceph Rook on Amazon EKSKubernetes and Access Management API, the new authentication in EKSHow Netflix solved the issue with Java 21 virtual threadsDoes Talos Kubernetes and Omni live up to the hype?Understand your Kubernetes cost drivers and the best ways to rein in spending🔍Secret KnowledgeHack the Cybersecurity InterviewTroubleshooting: Terminal LagMonitor these Kubernetes signals to help rightsize your fleetGetting Started with Cilium Service Mesh on Amazon EKSHow AppsFlyer migrated from Kafka to Kubernetes using Karpenter⚡TechwaveIntroducing OpenAI o1Elasticsearch is Open Source, AgainOracle to offer 131,072 Nvidia Blackwell GPUs via its cloudWhy eBPF is critical and how it’s getting betterJuniper adds AI cloud services to its Apstra data center software🛠️HackhubHigh-performance server for NATS.ioA collection of Bash One-Liners and terminal tricksdistributed key value NoSQL database that uses RocksDB as storage engineBuild, Share and Run Both Your Kubernetes Cluster and Distributed ApplicationsRun your deep learning workloads on Kubernetes more easily and efficientlyCheers,Shreyans SinghEditor-in-ChiefForward to a Friend⭐MasterClass: Tutorials & GuidesDeploying Databases in K8s with PostgreSQL, CloudNative-PG, and Ceph Rook on Amazon EKSThis article explains how to deploy and manage a PostgreSQL database on Kubernetes using Amazon EKS. It combines CloudNativePG, a PostgreSQL operator, with Ceph Rook, a storage orchestrator, to ensure data persistence and high availability in a Kubernetes environment. A step-by-step guide is provided for deploying and configuring these tools, including using Helm charts, setting up storage with Ceph, and monitoring the database cluster.Kubernetes and Access Management API, the new authentication in EKSIn AWS EKS (Elastic Kubernetes Service), the new authentication and access management system simplifies how users and worker nodes access Kubernetes clusters. Previously, access was managed using an "aws-auth" ConfigMap, which could be complex and prone to errors. Now, AWS introduces the EKS Access Management API, allowing users to authenticate through AWS IAM directly and authorize Kubernetes actions via Kubernetes RBAC. This approach removes the need for managing ConfigMaps manually, offers predefined EKS Access Policies, and enhances security by eliminating hidden root users. Additionally, integration with Terraform makes access control easier to implement and manage.How Netflix solved the issue with Java 21 virtual threadsIn Java 21, Netflix encountered an issue with virtual threads, which are lightweight threads designed to improve concurrency by suspending and resuming automatically. The problem involved some Netflix services using Java 21, Spring Boot 3, and Tomcat, where servers stopped processing requests due to sockets stuck in a `CLOSE_WAIT` state. Virtual threads were getting "pinned" to operating system threads while waiting to acquire locks. Since all OS threads became blocked, Tomcat couldn't process incoming requests, causing the system to hang. The underlying issue was traced to locking mechanisms in virtual threads, leading to thread contention and blocked OS threads.Does Talos Kubernetes and Omni live up to the hype?Talos Kubernetes and Sidero Omni live up to the hype by providing an intuitive and efficient way to set up and manage Kubernetes clusters. With Omni, you can easily create a Talos cluster without needing to access your virtual machines directly, making the process more streamlined. Setting up clusters, scaling nodes, and even upgrading Kubernetes versions are straightforward, with minimal manual intervention required. While there are some areas for improvement, like simplifying static IP configuration, the overall experience is highly positive.Understand your Kubernetes cost drivers and the best ways to rein in spendingTo reduce Kubernetes-related costs, it's important to monitor key cost drivers such as CPU, memory, storage, and networking. Costs are driven by resource usage and the rate at which they are consumed, so reducing unnecessary usage and optimizing resource allocation is key. Over-provisioning, idle resources, and inefficient scaling are common cost culprits. Regularly adjusting resource requests, leveraging auto-scaling tools like Horizontal Pod Autoscaler, and monitoring metrics with tools like Grafana and Prometheus can help optimize usage.🔍Secret Knowledge: Learning ResourcesHack the Cybersecurity Interview"Hack the Cybersecurity Interview, Second Edition" is a comprehensive guide designed to help individuals prepare for interviews across a wide range of cybersecurity roles. The book covers technical and behavioral interview questions for positions like cybersecurity engineer, penetration tester, and CISO, while also offering tips on personal branding, stress management, and negotiation. It provides real-world advice and industry insights, making it an essential resource for anyone looking to succeed in the competitive field of cybersecurity.Troubleshooting: Terminal LagIn this troubleshooting session, Tavis Ormandy investigates why launching the xterm terminal on his Windows machine is significantly slower compared to Fedora. He identifies that Windows applies an animation effect that delays interaction with the terminal. Through a series of tests and debugging, he discovers that the X server software (X410) adds unnecessary animation effects, which can’t be disabled directly. He uses a debugger to bypass the issue, improving the performance slightly. After further optimizations with features and caching processes, he brings the Windows terminal's performance closer to Fedora’s, significantly reducing the lag.Monitor these Kubernetes signals to help rightsize your fleetTo ensure your Kubernetes environment is both cost-efficient and sustainable, it's crucial to monitor signals like CPU, memory, disk I/O, and network utilization. Over-provisioning leads to wasted resources and high costs, while under-provisioning can degrade performance. Watch for indicators such as high resource usage, slow application performance, or low utilization to fine-tune your setup. Tools like Prometheus and Grafana, along with autoscaling, can help you dynamically adjust resources, ensuring optimal balance, reduced costs, and improved sustainability.Getting Started with Cilium Service Mesh on Amazon EKSThe blog post explains how Cilium, an open-source networking and security solution powered by eBPF, enhances network connectivity between workloads in Amazon EKS (Elastic Kubernetes Service). Cilium provides advanced networking, load balancing, encryption, and observability without the need for sidecar proxies. It integrates seamlessly with Amazon EKS to improve microservice communication, multi-cluster networking, and network policy enforcement. Cilium Service Mesh, built into Cilium, leverages eBPF and Envoy to offer high performance and low overhead for traffic management, security, and monitoring.How AppsFlyer migrated from Kafka to Kubernetes using KarpenterAppsFlyer, a global leader in mobile attribution, migrated their Kafka infrastructure to Kubernetes using Amazon EKS, simplifying management and improving performance. By switching from EC2 instances to Graviton-powered nodes, they achieved a 75% increase in throughput, 58% better write I/O, and reduced costs by 30%. AWS solutions like Strimzi Kafka Operator, Rancher’s Local Path Provisioner, and Karpenter autoscaler helped optimize local storage management and scaling. This transition cut CPU core usage in half and enhanced AppsFlyer's Kafka cluster’s scalability, efficiency, and resilience.⚡TechWave: Cloud News & AnalysisIntroducing OpenAI o1OpenAI has introduced the "OpenAI o1" series, a new set of AI models designed to focus more on reasoning through complex problems, such as those in science, coding, and math. These models think more carefully before responding and perform significantly better than previous models in areas like math, coding competitions, and complex scientific tasks. Alongside the main "o1-preview" model, there is also a smaller, cheaper "o1-mini" model aimed at developers.Elasticsearch is Open Source, AgainElasticsearch is officially open source again as Elastic has added the AGPL license alongside its existing licenses (ELv2 and SSPL). This move allows Elasticsearch to be called open source under an OSI-approved license, clearing up any confusion caused when Elastic changed its licensing three years ago due to conflicts with AWS. While the license change led to a fork by Amazon, Elastic's partnership with AWS has strengthened, and now users have more licensing options without any impact on current usage.Oracle to offer 131,072 Nvidia Blackwell GPUs via its cloudOracle has announced it will offer 131,072 Nvidia Blackwell GPUs via its Oracle Cloud Infrastructure (OCI) Supercluster, starting in 2025, to support large language model (LLM) training and other AI use cases. This offering aims to meet the growing demand for GPUs, which are essential for generative AI development but in short supply due to limited availability of high-bandwidth memory (HBM). .Why eBPF is critical and how it’s getting bettereBPF (extended Berkeley Packet Filter) is a crucial open-source technology for Linux, providing powerful capabilities for networking, monitoring, and security by allowing safe execution of code in the kernel. It enhances network visibility, reduces patching cycles, and improves performance monitoring. Netflix, for example, uses eBPF for efficient traffic management and security.Juniper adds AI cloud services to its Apstra data center softwareJuniper Networks has updated its Apstra data center software with new AI-powered features, including a cloud-based suite called Apstra Cloud Services and the new 5.0 version of the software. Apstra uses AI to manage network configurations, ensure security policies, and monitor performance across both physical and virtual infrastructures. It now includes App/Service Awareness and Impact Analysis to help data center operators monitor application performance and quickly address issues.🛠️HackHub: Best Tools for Cloudnats-io/nats-serverNATS is a high-performance, cloud-native messaging system designed for modern distributed systems, offering secure and efficient communication between digital services, devices, and systems. It supports over 40 client languages.onceupon/Bash-Oneliner"Bash-Oneliner" is a blog focusing on simple and effective bash commands for tasks like data parsing and Linux system maintenance. The commands are compatible with systems like Ubuntu, Amazon Linux, RedHat, Linux Mint, Mac, and CentOS. The blog covers topics such as variable manipulation, system management, math operations, and networking.apache/kvrocksApache Kvrocks is a distributed key-value NoSQL database that uses RocksDB as its storage engine and is compatible with the Redis protocol. It aims to reduce memory costs and increase capacity compared to Redis. Kvrocks supports key features like asynchronous replication, high availability with Redis Sentinel, and a centralized cluster management system that works with any Redis cluster client.sealerio/sealerSealer is a tool that simplifies the delivery of distributed applications by packaging a Kubernetes cluster and all application dependencies into a "ClusterImage." A ClusterImage functions similarly to a Docker image, containing everything needed to run the application, such as container images, YAML files, and Helm charts. Users can write a "Kubefile" to build this image and a "Clusterfile" to describe how to run it.kubedl-io/kubedlKubeDL is a CNCF sandbox project that simplifies running deep learning workloads on Kubernetes. It offers features like unified scheduling for training and inference, advanced optimization, and native model tracking using Kubernetes Custom Resource Definitions (CRDs).📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{line-height:0;font-size:75%} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Guest authored by Alexandra McCoyCloudPro #87: Special IssuePRE ORDER NOWToday’s CloudPro is a little different. You won’t hear from me. I’m stepping aside to hand the mic to someone very special: Alexandra McCoy.She’s been deep in the trenches of SRE and reliability engineering for over a decade, and now she’s turned all that hard-won experience into a hands-on, workshop-style book that helps teams define and implement SLIs and SLOs.She has just finished writing it and I think its going to help a lot of engineers. It’s called SLIs and SLOs Demystified, and it’s out for pre-order this week.I’m thrilled to have her guest-author today’s CloudPro. It’s honest, practical, and personal, just like the book. Over to you, Alexandra!Cheers,Shreyans SinghEditor-in-ChiefHey there! I’m Alexandra McCoy.I’m so excited to be joining you for this special edition of CloudPro. Over the last few months, I’ve been working closely with the team at Packt to bring a project to life that I’ve had on my heart for a long time. It’s called SLIs and SLOs Demystified, and it’s finally ready.This book is for anyone who’s ever sat in a postmortem wondering, “How did we miss this?”Or been asked for an SLO and thought, “Okay, but where do I even start?”It’s the book I wish I’d had years ago, when I first got pulled into reliability work and was piecing it all together from docs, Slack threads, and trial by fire.The Book Is Up for Pre-Order (With a Little Bonus for You)We’ve also put together a little bonus for CloudPro readers:30% off the book (for the next 72 hours only)+ A free cheatsheet I made with the Packt team - A quick reference to use on the job.The offer’s only live for the next 72 hours, so if it sounds helpful, don’t wait.Just use the code CLOUDPRO at checkout.PRE ORDER NOWA Bit About MeI’ve been working in tech for a little over 13 years now, with more than a decade spent working on container orchestrators and cloud platforms.For four of those years, I was a SRE at VMware, where I led incident response across global teams, helped product engineering teams build better dashboards, and ran SLI/SLO workshops.Before that, I worked on Kubernetes platforms at IBM and Diamanti, and now I run my own consulting practice where I work with companies on their cloud-native architecture and operational strategy.That’s the formal bit. But really, I’ve just spent a lot of time trying to make complex systems less painful for the people responsible for keeping them up.Why I Wrote This BookI’ve always been a visual and hands-on learner. Early in my SRE journey, I read the Google SRE books and had the chance to work with a former Google SRE. The theory was excellent, but I often found myself wanting something more grounded. I wanted practical examples, clear steps, and a way to start working through the lower-level details without getting stuck in the abstract.I also saw a pattern: in a lot of orgs, SRE became synonymous with just being on-call. The deeper parts of the practice: design thinking, meaningful measurement, aligning systems with business context, got lost. That’s really what motivated me to write this book.SLIs and SLOs Demystified is designed to be clear and visual. It’s a practical guide with just enough structure to help you start. Because in the end, your metrics and calculations will always depend on your system’s architecture, so the best thing you can have is a confident, repeatable process that helps you figure it out.I can tell you the book is practical and honest, but I’d rather show you:Inside the Book: Exclusive PreviewFrom Chapter 7:SLIs and their respective SLOs should be prioritized based on business impact and feasibility. Business impact refers to how directly an SLI contributes to customer experience, revenue, and customer satisfaction. Feasibility includes technical complexity, cost, and resource availability, as well as how easily the team can monitor and respond to the metric. For instance, prioritizing authentication success rate over payment processing latency may have a greater business impact if authentication issues are causing users to abandon the workflow. When considering the business impact, we want to ask ourselves the following questions:What is the level of impact this change brings to the following?👉Our customer bases👉Our team👉Our organizationDoes the impact affect the business from a monetary standpoint?👉If so, how?👉Is this a SaaS offering?👉Is this a licensed offering?Have we assessed industry competition?👉If so, does our solution offer something that everyone else’s does not?Regarding feasibility, consider the following:👉On a scale of 1 to 5, how easy is the technical implementation?👉What does feasibility mean to the technical team members?👉Are there other solutions available to achieve the desired outcome?This also includes weighing the number of engineers and other staff the implementation might require.The ranking system is based on internal dialogue between the individuals leading the initiative and the technical staff responsible for the respective technical components or designs. In our instance, we might consider the following:There is no prioritization focused on which trait is of importance. That should be determined by the team based on the business and technical requirements of each SLI and SLO. In this example, we focused on building out three SLI and SLO metrics. However, it is also possible to work through this same flow, add items to the prioritization chart, and then loop through the process again, increasing the number of items the team will manage before implementation.In a Nutshell: What You’ll Learn👉How to define SLIs and SLOs that actually work in practice👉How to use observability and monitoring to catch problems earlier👉How to make error budgets useful (instead of confusing)👉How to align reliability with what your team and users really needWhether you’re an SRE, a developer who got handed reliability work, or a PM trying to understand what “reliable” even means, I hope this book helps you feel a little more confident and a lot more equipped.One Last Thing...If you decide to pick up the book, thank you. That means a lot.If not, and something in this issue helped you think differently about reliability, that’s good enough for me too.Thanks for reading,AlexandraPRE ORDER NOWForward to a FriendBuild, secure, and automate networks to master and future-proof your skills- while supporting charity.CHECK OUT THE BUNDLE📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Amazon Inspector Expands to Lightweight Containers and MoreCloudPro #84: WAF Just Got Smarter: Now It Sees the “#” in Your URLsMulti-cloud compliance in a multi-jurisdictional worldThe cloud has become more like a fog, obscuring lurking compliance risks.Read full article🔐 Cloud SecurityHow Red Canary Detects Cloud Threats at ScaleRed Canary processes over 6 billion telemetry records a day to find threats in cloud control planes like unauthorized access, API abuse, and data exfiltration. They break detection into six key steps: Ingest, Standardize, Combine, Detect, Suppress, Respond.WAF Just Got Smarter: Now It Sees the “#” in Your URLsAWS WAF can now match against URI fragments (the part after # in a URL), allowing more granular security rules to block unauthorized access or detect bots.Scanning S3 for Malware? Now Available in GovCloud TooGuardDuty Malware Protection is now live in AWS GovCloud regions, letting teams scan S3 uploads for threats and automatically isolate suspicious files.IAM Access Analyzer Now Speaks IPv6AWS IAM Access Analyzer now supports IPv6 through new dual-stack endpoints—helping teams monitor and secure resource access in IPv6-enabled environments.Amazon Inspector Expands to Lightweight Containers and MoreAmazon Inspector now supports scanning scratch, distroless, and Chainguard containers, plus detects vulnerabilities in widely used ecosystems like Go, JDK, WordPress, and more.It also flags discontinued OSes to help prioritize security fixes.Sponsored: DevSecOps is dead… or is it? Discover why your security strategy might be failing—and what to do about it.⚙️ Infrastructure & DevOpsFrom Serverless to CDK: One Dev’s Full Migration PlaybookDavid Behroozi shares his complete journey migrating a live API from the Serverless Framework to AWS CDK, including how to safely import existing resources like DynamoDB and CloudWatch LogGroups.9+ Terraform Tools That Make Your Code Cleaner, Safer, and Production-ReadyEssential tools for managing Terraform code: from linters like TFLint and documentation generators like terraform-docs to security scanners like Checkov and cost estimators like Infracost.A Terraform Toolbox for Real-World IaC TeamsThis post breaks down the best tools to supercharge your Terraform pipeline—static analysis, automated docs, pre-commit hooks, and more.Terraform Just Made Importing Resources Easier: Here's HowWith Terraform 1.5+, the new import block lets you declaratively bring existing resources (like S3, EC2, or Azure RGs) into your config, no CLI hackery required.10 Terraform Config Structures That Scale With Your Team and InfraRyan Cartwright breaks down 10 Terraform setup patterns—from single env to multi-tenant SaaS, microservices, and multi-cloud. Clear examples, pros/cons, and use cases make this a go-to resource for scaling Terraform cleanly.Sponsored: M365 Protection: Guided Lab Experience. See how Rubrik's M365 backup functionality saves time📦 Kubernetes & Cloud NativeZero-Downtime Kubernetes deployments on AWS with EKSGlasskube’s engineers dissect the nuances of AWS Load Balancer Controller behavior and explain why rolling updates often trigger 502/504 errors. Their fix? A trio of battle-tested solutions: inject Pod Readiness Gates to sync with ALB health checks, implement graceful shutdown in Go, and bake in termination delays to handle load balancer lag.Amazon EKS auto mode with TerraformMarcin Cuber walks through provisioning a fully-managed EKS Auto Mode cluster using Terraform—no node groups, minimal networking hassle, and serverless-like scaling. Includes full Terraform config for VPC, IAM, and EKS, plus a clean demo deploying a 2048 game app with ALB via Ingress.Kubernetes CPU limits: Best practices for Kubernetes CPU managementDevtron’s Rupin Solanki lays out why CPU limits can sabotage performance: unnecessary throttling, wasted resources, and misleading stability. TL;DR: stop setting CPU limits unless you absolutely need them. Use requests instead.Provisioning Kubernetes on Bare Metal using AWS EKS-AnywhereYou’ll learn how PXE booting, DHCP/TFTP, and YAML-driven workflows come together to spin up nodes with Bottlerocket OS. Includes multi-yaml config samples, hardware CSV explanations, and notes on local testing with VirtualBox.My Kubernetes pods keep crashing with “CrashLoopBackOff” but I can’t find any log10-step guide to diagnosing CrashLoopBackOff issues—when logs are missing and clues are scarce. Covers probes, exit codes, resource limits, and debugging techniques like kubectl exec with sleep overrides. Also includes lesser-known tricks like using ephemeral debug containers.🔍 Observability, Monitoring & SREOpenTelemetry collector deployment modes in KubernetesThe ultimate guide to OpenTelemetry visualizationObserving Lambdas using the OpenTelemetry Collector Extension Layer | OpenTelemetryGrafana Loki 3.4: Standardized storage config, sizing guidance, and Promtail merging into AlloyScaling Prometheus from single node to enterprise-grade observability🌐 Industry, Tools, AI & OtherHow GitLab lost 300GB of production dataSQLite or PostgreSQL? It isn't very easy!Admineris a full-featured database management tool written in PHP. It consists of a single file ready to deploy to the target server.xlskubectlis a spreadsheet to control your Kubernetes cluster.Beginner’s guide to software architecture with design patternsCheers,Shreyans SinghEditor-in-ChiefM365 Protection: Guided Lab Experience. See how Rubrik's M365 backup functionality saves timeCheck it out NowForward to a Friend📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

New Microsoft tool to help security teams protect containersCloudPro #88: Every pod eviction in Kubernetes, explained[Rubrik Guided Lab] AWS Cloud Native ProtectionAccording to an IBM report, 82% of breaches involved data stored in the cloud. What's your data recovery plan?Join us on Wednesday, April 23rd @ 10:00 AM PST for Virtual Camp Rubrik: AWS Cloud Protection to --Protect AWS workloads, Amazon EC2, Amazon RDS, and Amazon EBS-Recover and restore your AWS data and workloads-Discuss the current state of the cloud threat landscapeSave Your SpotIn this issue: a plain-English breakdown of every way Kubernetes can evict your pods (even the sneaky ones), a simple fix for bloated Terraform state files, and a practical guide to replacing Docker Compose with Quadlet on your servers. Plus, new observability features from AWS, and how to use Postgres as a graph engine.There’s also a hands-on Rubrik lab this week on how to protect and recover AWS workloads.I’ve also picked out two books I think you’ll find genuinely useful: The Self-Taught Cloud Computing Engineer and Solutions Architect's Handbook. Both are 30% off for the next 72 hours!One quick favor: if you caught last week’s special issue by Alexandra McCoy, I’d love your feedback. Just click here and tell me what worked (or didn’t). It will take less than 60 seconds.Cheers,Shreyans SinghEditor-in-Chief🔐 Cloud SecurityAWS Amplify Hosting Adds Easy Web App Firewall Protection to Block Common AttacksAWS Amplify Hosting now lets you add a Web Application Firewall (WAF) to your web apps with just one click, making it easier to protect them from threats like SQL injection, XSS, DDoS attacks, and unwanted traffic from certain countries.AWS will automatically alert teams about internal certificate expiryInstead of manually checking if certificates are about to expire, this new setup uses Lambda functions, EventBridge, and other AWS tools to generate daily reports and send alerts when action is needed.How to automatically remove private data from AWS Lambda logs before it’s savedSometimes developers accidentally log private info like phone numbers into AWS logs, which can be seen by people who shouldn’t have access. This post shows a way to automatically erase sensitive data from logs in AWS Lambda using a custom Python logger.New Microsoft tool to help security teams protect containersAs more companies run apps in containers like Kubernetes, protecting them during runtime is getting harder. Hackers often strike when apps are live. Microsoft is offering a new tool that gives security teams a clear view of all threats in one place.DevSecOps Isn’t Working Because Security Isn’t Built In from the StartMany companies say they’re doing DevSecOps but just add security tools on top of their old processes, which doesn’t really make things safer. This overloads developers with alerts while real security issues still slip into production. Instead, teams should bake security directly into how software is built and deployed.New developer products provide a glimpse into the future of app building on HubSpot, including deeper extensibility, flexible UI, modern development tools, and moreHubSpot’s AI-powered ecosystem presents a global opportunity projected to reach $10.2 billion by 2028.To capitalize on that growth potential, we are opening our platform more, starting with expanded APIs, customizable app UI, and tools that better support a unified data strategy.Learn More⚙️ Infrastructure & DevOpsAWS Step Functions Now Supports More File Types and Better Output ControlAWS Step Functions just made it easier to handle large batches of data by supporting more input file types like JSONL and tab-delimited files, not just JSON and CSV.Amazon Cuts S3 Express One Zone Prices by Up to 85%Amazon just slashed prices for its high-speed S3 Express One Zone storage by up to 85 percent, making it much cheaper to store and access frequently used data.How to avoid large OpenTofu/Terraform state filesWhen using OpenTofu or Terraform to manage cloud infrastructure, the system keeps a detailed file (called a state file) to track everything. As your setup grows, this file can get huge, causing slowdowns. This article explains different ways to split that big file into smaller parts.How to move from CloudFormation to OpenTofu without losing resources or leaving clutter behindIf you're moving from AWS CloudFormation to OpenTofu, the real challenge is cleaning up old CloudFormation stacks without deleting the actual resources. This article explains a clever trick: by intentionally failing the stack deletion using a restricted IAM role, you can then safely force-delete the stack while keeping the resources intact.Replace Docker Compose with Quadlet for easier and cleaner container management on Linux serversIf you're using Docker Compose to run apps on servers but want something lighter and more stable than Kubernetes, Quadlet is a great alternative. It's part of Podman and lets you manage containers using simple systemd files, which most Linux servers already use. It avoids Docker’s bloat and quirks, while being more reliable than podman-compose for production.Titles Curated for You: 30% OFF for the next 72 hours.BUY PRINT $49.99 $34.98BUY PRINT $59.99 $41.98BUY eBOOK $39.99 $27.98BUY eBOOK $47.99 $32.99📦 Kubernetes & Cloud NativeGoogle Cloud adds tools to run AI models faster and cheaper on KubernetesGoogle Cloud just added tools to help you pick the best hardware, like TPUs, and manage traffic more efficiently when AI requests come in. These updates can cut your costs by 30 percent, reduce slowdowns by 60 percent, and boost performance by 40 percent.New Google Cloud tool to simplify running Kubernetes apps across regionsGoogle Cloud just launched a new tool called Multi-Cluster Orchestrator that helps companies run their Kubernetes apps more smoothly across different locations. Instead of manually juggling workloads across clusters, this tool automatically picks the best place to run each job based on available resources.Azure Kubernetes Service: A friendly guide for StartupsIf you're a startup looking to grow fast without being bogged down by infrastructure, Azure Kubernetes Service (AKS) can help. It takes care of managing your container setup so your small team can focus on building and scaling your product.Set up a Tailscale VPN router in Kubernetes to securely access your home network remotelyIf you want to securely access your home network from anywhere, you can use Tailscale, a simple VPN that doesn’t require opening ports. This article explains how to set up a Tailscale subnet router inside a Kubernetes cluster using the Tailscale Operator and ArgoCD.Every pod eviction in Kubernetes, explainedSometimes your running apps in Kubernetes can suddenly shut down or move, and it’s not always clear why. This article explains all the hidden ways Kubernetes can kick out your apps. Some methods don’t even follow your safety rules, meaning your apps can go down unexpectedly if you’re not careful.🔍 Observability & SRENew AWS tool to quickly spot and fix database lock issues in Aurora PostgreSQLIf your Aurora PostgreSQL database slows down because different queries are blocking each other, it can be hard to figure out why. Now, Amazon CloudWatch can show you exactly which queries are causing the problem and who’s waiting on what, using clear visual diagrams.AWS adds real-time flow visibility and control to Network FirewallAWS Network Firewall now lets you see all active network connections and shut down specific ones instantly. This helps you monitor traffic in real time, catch suspicious behavior, and make sure new firewall rules apply right away, even to existing connections.How to use Postgres and pgRouting for graph problems like scheduling and recommendationsYou can use Postgres as a simple graph database by adding the pgRouting extension. Even though it's meant for mapping routes, pgRouting can also help solve general problems like task scheduling or resource allocation, by treating your data as a network of connected points and paths.Sigma makes threat detection easier by writing one rule for all your security toolsSigma is a simple rule language that helps cybersecurity teams detect threats in logs without rewriting the same logic for every different security tool or query language. Instead of creating new detection rules for each system, you can write one Sigma rule and automatically convert it to formats like Splunk or Sentinel.There’s no best observability tool because the best depends on your needsNot every observability tool is the best for every situation. What works well for one company might be too complex, too expensive, or just unnecessary for another. The right tool is the one that fits your goals, data, budget, and team—not the one with the most features.Forward to a Friend📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Infamous DevOps roadmapCloudPro #83: Kubernetes Spotlight on SIG AppsAddressing AI-generated misinformationHow to minimize the risks and consequences of flawed inference from AI models.Read full article⭐MasterclassInfamous DevOps roadmapKubernetes Open Source Limits & Requests Configuration OptimizationA guide to modern Kubernetes network policiesUsing Python Virtual Environments in DockerHow to terminate Go programs elegantly – a guide to graceful shutdowns🔍Secret KnowledgeHow Meta Enforces Purpose Limitation at ScaleWhy I Use Nim Instead of Python for Data ProcessingConvert OpenTelemetry Traces to Metrics using SpanMetrics ConnectorWhat happens when bucket.grantRead() in AWS CDKPreventing the Risk of Request Collapsing in Web Caching⚡TechwaveKubernetes Spotlight on SIG AppsAWS Pi Day 2025: Data foundation for analytics and AISecuring Datadog’s Cloud Infrastructure: Our Playbook and MethodologyScale Unstructured Text Analytics with Batch LLM InferenceAmazon EKS now envelope encrypts all Kubernetes API data by default🛠️HackhubKardinal: lightest-weight way to spin up dev and test environments in KubernetesKubeblocks: control plane software that runs and manages databases, message queues on K8s.Flipt: Enterprise-ready, GitOps enabled, CloudNative feature management solutionKubecolor: Colorize your kubectl outputAWS-mine: AWS honey token managerCheers,Shreyans SinghEditor-in-ChiefYour Salesforce Data, Your Responsibility: Best Practices for Data ProtectionLearn MoreForward to a Friend📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Critical Kubernetes Vulnerability: Ingress-nginx CVE-2025-1974CloudPro #85: Kubernetes v1.33 sneak peekMulti-cloud compliance in a multi-jurisdictional worldThe cloud has become more like a fog, obscuring lurking compliance risks.Read full article🔐 Cloud SecurityIngress-nginx CVE-2025-1974: Critical Kubernetes VulnerabilityRecently patched vulnerabilities in ingress-nginx (used by over 40% of Kubernetes clusters) could allow attackers to extract Secrets or take over your entire cluster — even without admin access. Update immediately to avoid exposure.How Red Canary Detects Cloud Threats at Scale: A 6-Phase PipelineRed Canary shares its cloud detection pipeline built to sift through billions of telemetry events. Six phases: streamline enrichment, correlation, and surfacing of real threats, useful for anyone building or evaluating cloud threat detection systems.4 Patterns for Fine-Grained Access Control in Kubernetes with Amazon Verified PermissionsThis article shows how to use AVP for Kubernetes RBAC across 4 real-world patterns—multi-tenant clusters, namespace-level control, team-based access, and dynamic policy enforcement.Critical 0-Days in Fluent Bit: Are Your Logs a Threat Vector?Two high-impact vulnerabilities in Fluent Bit (a widely used log forwarder) allow memory corruption and DoS. If you use Fluent Bit in production, especially exposed endpoints, patch ASAP.Compliance as Code with CheckovThis article walks through building a custom compliance policy for AWS security groups using Python and Checkov. It shows how to codify tagging rules, test them using HCL and unit tests, and integrate them into CI/CD pipelines—ideal for teams enforcing org-specific IaC standards.[Sponsored] Join cybersecurity thought leader David Linthicum for a special fireside chat to learn how to use AI and ML to unify your data strategies, uncover hidden cloud costs, and overcome the limitations of your traditional data protection in public cloud environments.⚙️ Infrastructure & DevOpsGrafana 11.6 Released: Dashboards, Cron-based Annotations, Better SecurityGrafana 11.6 adds one-click data links in visualizations, Cron-based annotations, improved geomap performance using WebGL, and experimental LBAC for metrics data.Master Multi-State Terraform Projects with AtmosAtmos is a powerful Terraform wrapper built by CloudPosse to manage complex, multi-state deployments with ease. It walks through how Atmos organizes components and stacks using YAML, automates state handling, and integrates workflows to bring up entire environments with just a couple of commands.How to refactor code with GitHub CopilotThis article shows how GitHub Copilot can help you clean up and refactor your code more easily—by suggesting improvements, creating reusable modules, and simplifying large, messy functions. With smart prompts and planning, Copilot can do a lot of the heavy lifting for you.How to Use Terraform Import Block for Importing ResourcesThis article explains how Terraform’s import block (introduced in v1.5) lets you declaratively import existing resources, like S3 buckets, EC2 instances, and Azure resource groups, directly into your Terraform config. No more separate CLI commands or manual state juggling.Use Testkube + Keptn to block bad deploys in K8s PipelinesIntegrate Testkube with Keptn to enforce automated testing before each deployment stage. You’ll learn how to set up a quality gate that halts deployments if tests fail—using pre-deployment tasks and Testkube workflows to validate your app in Kubernetes. It’s a practical way to catch issues early and keep broken code out of production.📦 Kubernetes & Cloud NativeKubernetes v1.33 sneak peekKubernetes v1.33 introduces support for user namespaces, in-place resource resizing for Pods, and major API deprecations. If you're managing clusters, this is a must-read before the April release.[Sponsored] Google Workspace isn't built to stop modern threats—Material is. See the difference.How to Manage Existing Helm Charts with Terraform (Without Breaking Everything)This article explains how to integrate existing Helm charts—like Metrics Server—into Terraform without causing conflicts or duplicate deployments. It walks through setting up the Helm provider, importing the chart, and handling common issues (like resource drift) that show up when migrating from other tools like ArgoCD.Live Migrate KubeVirt VMs Without Dropping a PacketKubeVirt just got live migration support via container-native virtualization. You can now migrate running VMs across Kubernetes nodes without network disruptions or packet drops. A huge win for stateful workloads in K8s.The Hidden Gaps in Kubernetes Audit Logs and How They Can Break Your DetectionsThere are real-world problems with relying solely on Kubernetes audit logs for security, like missing events, inconsistent log formats across providers (like GKE vs. EKS), and limited control over audit policies, all of which can lead to missed attacks and broken detections. It also offers practical strategies to fill these gaps with additional logging and monitoring sources.Why a Giant K8s Cluster (with vCluster) Might Be Your Best BetConsolidating everything into a single large Kubernetes cluster boosts efficiency, reduces overhead, and simplifies operations. It also tackles the downsides like blast radius and multi-tenancy by introducing vCluster, a tool that creates fully isolated virtual clusters within a host cluster. The result? You get the best of both worlds: centralized control with team-level autonomy.🔍 Observability & SRENew Cloud Trace features to troubleshoot latency and errors | Google Cloud BlogGoogle Cloud’s new Trace Explorer makes debugging services easier with span heatmaps, percentile duration charts, and filters — all powered by BigQuery. Essential for SREs handling production latency issues.Grafana Loki 3.4: Unified Storage, Smarter Sizing, and the Promtail-to-Alloy ShiftThis article covers the major updates in Grafana Loki 3.4—from adopting Thanos as the standard storage client to new cluster sizing guidance based on real-world usage. It also highlights better support for out-of-order log ingestion and the official merging of Promtail into Grafana Alloy, giving teams a unified telemetry collector with OTLP support.Rethinking SLOs: Slice by Team, Defend by Design, Align on OutcomesThis article explores how to make service-level objectives (SLOs) more effective by splitting them across teams and designing for failure. Instead of alerting everyone for every issue, teams can define what they own, set their own performance budgets, and use strategies like caching or retries to absorb downstream failures. The result? Less noise, clearer accountability, and a better user experience.A Practical Guide to Using OpenTelemetry and the OTel Collector for Full-Stack ObservabilityThis article explains how to use OpenTelemetry and the OTel Collector to collect logs, metrics, and traces from your apps and infrastructure. It shows how to configure receivers for Redis, MySQL, and NGINX, and how to export data to backends like Prometheus or Jaeger. The goal is to help you build a flexible, scalable observability pipeline using open standards.How a Concurrency Bug Caused 3200% CPU UtilizationThe author debugged a Java program using 3,200% CPU and traced it to multiple threads writing to an unguarded TreeMap, causing data corruption and an infinite loop inside the red-black tree structure. The bug wasn’t immediately visible because exceptions were swallowed silently by thread pools. Through experiments, they confirmed how concurrent modification can break TreeMap, not by crashing it, but by corrupting its internal structure into cycles.🌐 Industry, Tools, AI & OtherGemini Code Assist: A Framework for AI Dev Tools AdoptionGoogle Cloud proposes a four-phase model (Adoption → Trust → Acceleration → Impact) to roll out AI code tools like Gemini. It offers clear metrics to measure ROI from day one.A step-by-step guide to writing a System Design documentSQL Noiris a game where you solve crimes with SQL queries and uncover evidence through data.Stelviois a Python library that simplifies cloud infrastructure management and deployment.OpenSSF announces initial release of the open source project security baselineCheers,Shreyans SinghEditor-in-ChiefM365 Protection: Guided Lab Experience. See how Rubrik's M365 backup functionality saves timeCheck it out NowForward to a Friend📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Multiple Vulnerabilities Found in Kubernetes Ingress-NGINXCloudPro #86: Kubernetes launches kube-scheduler-simulatorAccelerating AI Innovation—One Insight at a Time.Subscribe now🔐 Cloud SecurityMultiple Vulnerabilities Found in Kubernetes Ingress-NGINXSeveral security flaws (CVEs) were found in the Kubernetes ingress-nginx controller. These issues do not affect Amazon EKS directly because EKS doesn’t include this controller by default. However, if customers manually installed it, they should update to the latest version. AWS has already alerted affected users.How a Leaked GitHub Token Sparked a Widespread Supply Chain Attack Targeting Coinbase and 100,000+ ReposAttackers pulled off a stealthy supply chain attack by leaking a GitHub token from a SpotBugs project, then using it to compromise other GitHub actions like reviewdog and tj-actions. They injected malicious code that silently spread through CI/CD workflows, eventually targeting Coinbase’s open-source project.GitHub Finds Critical ruby-saml Flaws Letting Attackers Bypass SSO and Hijack AccountsGitHub found two serious bugs in the ruby-saml library that let attackers bypass SAML authentication and potentially log in as any user. The problem came from how different XML parsers (REXML and Nokogiri) interpret the same data differently, letting attackers sneak in fake but valid-looking login info.Git Tools Exposed: Bugs in GitHub Desktop, LFS, and CLI Let Attackers Steal User CredentialsA security researcher found that several Git-related tools, including GitHub Desktop, Git Credential Manager, Git LFS, and GitHub CLI, had flaws that let attackers trick them into leaking stored credentials (like tokens or passwords) to malicious servers. Most issues stemmed from how these tools handled special characters like carriage returns or newlines in URLs, causing credentials meant for GitHub to be sent elsewhere.Microsoft Expands Security Copilot with AI Agents to Tackle Phishing, Insider Risks, and Shadow AI ThreatsMicrosoft has upgraded Security Copilot with AI agents that can now handle tasks like phishing detection, insider risk alerts, and vulnerability patching: automatically. These agents help security teams work faster and smarter, especially as cyberattacks become too complex and frequent for humans alone.⚙️ Infrastructure & DevOpsAWS Launches Amazon Q Scenarios in QuickSight to Bring Forecasting and What-If Analysis to EveryoneAWS has launched the new "scenarios" feature in Amazon Q for QuickSight, letting users analyze data trends, forecast outcomes, and run what-if simulations, all through simple natural language. You don’t need to be a data expert or use spreadsheets anymore. This tool helps teams make smarter decisions faster.How AWS Lambda Handles Billions of Async Requests Without Breaking a SweatWhen functions are called asynchronously, Lambda queues them, processes them later, and manages retries. For small apps, a single queue may be enough, but for massive scale, AWS uses smart techniques like consistent hashing and shuffle-sharding to separate workloads and reduce the risk of “noisy neighbors” affecting others.AWS CodeBuild Adds Parallel Test Execution to Drastically Speed Up CI PipelinesAWS just made it possible to run tests in parallel using CodeBuild, which means instead of testing code one piece at a time, you can test many pieces at once. This massively cuts down the time it takes for developers to know if their code works, making software updates much faster and less frustrating.How I reduced $10000 monthly AWS Glue bill to $400 using AirflowAkash and his team were spending $10,000/month running data pipelines on AWS Glue, but much of that cost came from paying for idle time. To fix it, they moved all those jobs to Apache Airflow running on EC2 and ECS, using Terraform to manage everything. It was tough—especially setting up workers, Redis, and autoscaling—but they pulled it off and slashed their bill to just $400/month.How to run Firecracker without KVM on cloud VMsNormally, to run lightweight virtual machines (like Firecracker microVMs), you need special hardware features (KVM) or expensive bare-metal cloud servers. But a new method called PVM (Pagetable Virtual Machine)—developed by Ant Group and Alibaba—lets you run Firecracker without KVM, even on cheaper cloud VMs that don’t support nested virtualization.📦 Kubernetes & Cloud NativeKubernetes launches kube-scheduler-simulatorWhen Kubernetes decides where to run an app (called a Pod), it uses a complex component called the scheduler. But understanding why the scheduler makes certain decisions has always been hard. It’s like a black box. This new tool, kube-scheduler-simulator, opens up that black box. It lets you simulate a real cluster and see exactly how the scheduler makes its choices.Kubernetes Launches JobSet to Simplify Large-Scale AI and HPC WorkloadsAs AI models get bigger, training them requires splitting the work across thousands of GPUs or TPUs spread over many servers. Kubernetes can help manage this, but its current tools aren't built to easily handle these complex, multi-part jobs. So, the Kubernetes team introduced JobSet, a new tool that makes it easier to run these distributed training jobs.Kubernetes 1.32 Unlocks Smarter, Safer Linux Swap SupportEarlier, Kubernetes completely disabled swap because it couldn't track memory usage well when swap was involved. But now, after years of progress, Kubernetes 1.32 is finally adding proper support for Linux swap memory, which lets systems use disk space as extra RAM to avoid crashes during memory spikes.How One Home Kubernetes User Beat ISP IP Changes with an Auto-Healing Python BotThe author runs a home Kubernetes setup and relies on a dynamic IP address from their internet provider, which can unexpectedly change. Since IP changes can break things like firewall rules or service configurations, they built a Python program that constantly monitors their IPs. If the IP changes, it automatically updates firewall settings and Kubernetes resources to keep everything running smoothly.Devtron + Argo CD: Enhancing GitOps without disruptionTeams are shipping code faster thanks to AI tools like GitHub Copilot, but their deployment systems, especially Argo CD, can’t keep up. Instead of replacing Argo CD, Devtron now integrates directly with it. This gives users more powerful deployment features like multi-cluster control, better security, and advanced rollout strategies, without breaking or migrating their existing setup.🔍 Observability & SREBuilding a Searchable, Structured Logging System for Real-World DebuggingThe author built a better logging system to help debug issues in a complex app. Instead of messy, inconsistent logs, they used structured logs that are easy to search, and even “canonical” logs that summarize everything about a request in one line. They sent these logs to tools like Loki and Clickhouse, so they could ask smart questions and actually learn from the data.How Netflix stores 140 million hours of viewing data per dayNetflix collects an enormous amount of viewing data every day: from what you watch to when you pause. As this data exploded, their original system started to slow down. So they redesigned it: recent data is stored fast and uncompressed, older data is compressed and moved to long-term storage, and less important data (like short previews) is filtered out.How to build the ultimate March Madness dashboard in GrafanaA techie March Madness fan built a real-time basketball tracking dashboard in Grafana that pulls live NCAA data, like scores and player stats, directly from public APIs. Using Grafana’s Infinity and Canvas plugins, they turned raw JSON into a jumbotron-style scoreboard that updates without refreshes.🌐 Industry, Tools, AI & OtherNew capabilities in Azure AI Foundry to build advanced agentic applications | Microsoft Azure BlogMicrosoft just upgraded Azure AI Foundry, to make it easier to create smart AI “agents” that work like digital teammates. Developers can now orchestrate multi-agent systems with less code, monitor and improve agent behavior in real time, and test them for safety using built-in risk analysis tools.Vibe coding with GitHub Copilot: Agent mode and MCP support rolling out to all VS Code usersGitHub Copilot just got a big upgrade. Everyone using VS Code can now access "agent mode", a smarter AI assistant that not only suggests code, but can understand your full project, fix errors, and take actions across files. It also connects to your tools so it can, for example, update your GitHub profile or check databases.How to connect agents to Google Cloud databasesGoogle Cloud introduced new tools to help developers build advanced AI agents that can access and reason over real-time data stored in databases. The Gen AI Toolbox for Databases simplifies connecting these agents to databases like AlloyDB, Spanner, and PostgreSQL, while supporting secure, natural language queries and complex data models.The missing piece in platform engineering: Recognizing producersMost internal developer platforms focus only on the developers who use them, not the experts who contribute to them, like security or database teams. This article argues that ignoring these "producers" turns platform teams into bottlenecks. The key insight is that successful platforms work like marketplaces: they must support both consumers and contributors to grow and scale effectively.How to Make Java Apps Start Faster and Run Leaner in KubernetesJava works great for backend systems, but it wasn’t originally designed for modern, fast-moving cloud environments like Kubernetes. That can make Java apps slow to start and resource-hungry, especially when using older frameworks. This article explains how to tune Java’s memory, garbage collection, container images, and Kubernetes settings to make Java apps run more efficiently in containers.Cheers,Shreyans SinghEditor-in-ChiefForward to a Friend📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Datadog Acquires QuickwitCloudPro #78: Kubernetes health checks: Best practices for configuringCloud Conversations: A Fireside Chat with Forrest Brazeal and RubrikJoin us on Jan. 28th @ 10 AM PST for a captivating fireside chat where storytelling meets cloud innovation. Forrest Brazeal—acclaimed cloud architect, author, and the creative mind behind cloud computing's most beloved cartoons—teams up with Rubrik’s Chief Business Officer, Mike Tornincasa to explore the evolving challenges of data protection in a multi-cloud world.Save Your Spot⭐MasterclassKubernetes health checks: Best practices for configuringHow to manage secrets with Azure Key Vault in Kubernetes?Self-Hosting a Container RegistryHow I tuned my CI/CD pipeline to be done in 60 secondsWhat Karpenter v1.0.0 means for Kubernetes autoscaling🔍Secret KnowledgeFive Lessons from a Minor Production IncidentMaking a Postgres Compound Index 50x FasterSQLite Index VisualizationNetworking Costs CalculatorWriting secure Go code⚡TechwaveDatadog Acquires QuickwitAzure Storage—A look back and a look forwardOpenTelemetry and Grafana Labs: what’s new and what’s next in 2025Introducing Amazon Nova foundation models: Frontier intelligence and industry leading price performanceIntroducing the next generation of Amazon SageMaker: The center for all your data, analytics, and AI🛠️HackhubGoliat Dashboard: Manage, visualize, and optimize Terraform deploymentspv-migrate:CLI tool to easily migrate Kubernetes persistent volumesGit-remote-s3:Library that enables using Amazon S3 as a git remote and LFS serverToolGit:Git Productivity ToolkitDatabend: Modern alternative to SnowflakeCheers,Shreyans SinghEditor-in-ChiefWorld’s first 16 Hour LIVE Training to become an AI-Powered human in 2025 🤖The world of AI is evolving at lightning speed, and the only way to stay relevant is to MASTER AI before it masters you.Join the World’s first 2-Day Mastermind Challenge to learn the Tools, Tactics, and Strategies to Automate Your Work Like Never Before!Best part? It is usually for $395, but the first 100 of you get in for free.Claim your FREE spot now!⭐MasterClass: Tutorials & GuidesKubernetes health checks: Best practices for configuringKubernetes health checks are essential for maintaining the reliability, performance, and availability of applications. They use probes to monitor container health and take corrective actions when necessary. The three main types of probes—Liveness, Readiness, and Startup—serve distinct purposes. Liveness probes ensure the application is running and can restart containers in case of failure. Readiness probes determine if a container is ready to handle traffic, temporarily removing it from service if it fails. Startup probes focus on verifying successful initialization for slow-starting applications. Probes can use methods like HTTP, TCP, commands, or gRPC to perform health checks.How to manage secrets with Azure Key Vault in Kubernetes?To manage secrets with Azure Key Vault in Kubernetes, you can use tools like the External Secrets Operator (ESO) and a service principal for authentication. Start by creating an Azure Key Vault, adding your sensitive data (e.g., API tokens) as secrets, and assigning the required permissions to a service principal. Install ESO on your Kubernetes cluster to synchronize secrets from Azure Key Vault to Kubernetes secrets. Then, configure a SecretStore resource in Kubernetes to connect to the Key Vault, using the service principal credentials for authentication. With this setup, applications running in Kubernetes can securely access secrets from Azure Key Vault without exposing sensitive data.Self-Hosting a Container RegistryA self-hosted container registry allows you to store and manage container images on your own infrastructure, giving you full control and independence from third-party services. It involves setting up a server with Docker, configuring a container to run the registry, securing it with user authentication (e.g., via htpasswd), and enabling HTTPS using Nginx and SSL certificates. Once configured, you can push and pull images securely from your registry. While self-hosting ensures privacy and compliance with strict regulations, it requires maintaining and securing the system yourself, making it ideal for enterprises needing tight control over their containerized workflows.How I tuned my CI/CD pipeline to be done in 60 secondsThe process of optimizing my CI/CD pipeline to run in under 60 seconds involved strategic improvements in parallelization, caching, and job refinement. Initially, my pipeline was a simple setup that took over five minutes to execute, which hampered my productivity. I split the pipeline into multiple parallel jobs, grouped similar tasks to save cost and debug time, and leveraged GitHub's caching for dependencies, linting tools, and test data to drastically reduce redundant downloads and processing. By using a Makefile for local testing, I accelerated iterations and ensured the GitHub YAML was simple and reliable. Further tuning, like combining related jobs and adding task-specific cache keys, helped balance speed and cost. These optimizations allowed me to reduce the runtime for building, testing, linting, and deploying my Golang app to under a minute, making the pipeline more efficient and developer-friendly.What Karpenter v1.0.0 means for Kubernetes autoscalingKarpenter v1.0.0 marks a significant milestone for Kubernetes autoscaling, offering a mature and stable solution for dynamic node lifecycle management. As an open-source tool designed to optimize workload placement and reduce costs, Karpenter automatically provisions and deprovisions nodes based on application demands and Kubernetes scheduling constraints. With its vendor-neutral design and integration with cloud-specific APIs like AWS, Azure, and GCP, Karpenter enhances scalability, cost-efficiency, and ease of management across diverse cloud environments. The 1.0 release ensures API stability, supports features like workload consolidation and rolling updates for node images, and enables seamless integration with other CNCF tools, empowering organizations to build intelligent and scalable cloud-native infrastructure.🔍Secret Knowledge: Learning ResourcesFive Lessons from a Minor Production IncidentA minor production incident in the AWS News platform highlighted five key lessons about software operations. First, investing in observability early paid off, as comprehensive dashboards allowed for quick identification and resolution of the issue within an hour. Second, a robust software architecture and testing regime enabled safe and confident adjustments to the system during a crisis. Third, the YAGNI principle (You Aren't Gonna Need It) has trade-offs; while simpler designs work initially, anticipating growth with safeguards like alarms could prevent issues. Fourth, bugs often travel in pairs, as one problem often uncovers or triggers another, underscoring the need for thorough debugging processes. Lastly, data lineage simplifies troubleshooting, as stored intermediate data made it easy to pinpoint and fix the root causes. These lessons underscore the importance of building resilient systems even for small-scale projects.Making a Postgres Compound Index 50x FasterOptimizing a compound index reduced query latency by 50x, showcasing the importance of index field order in PostgreSQL. Initially, a query filtering by status and event_type, and sorting by occurred_at, was slow due to an index ordered by occurred_at first. This structure forced PostgreSQL to scan millions of rows inefficiently. By reordering the index to prioritize filter fields (status, event_type) before the sort field (occurred_at), the search space narrowed significantly, enabling PostgreSQL to process only relevant subsets. This simple yet impactful adjustment improved endpoint latency from ~500ms to under 10ms, highlighting how understanding index design can drastically enhance database performance.SQLite Index VisualizationSQLite uses a B-Tree structure to organize indexes, ensuring efficient data storage and quick searches. A B-Tree consists of nodes, with each node storing cells that contain the indexed data, a row ID, and links to child nodes. The data is saved on pages, which have fixed sizes, and every index is structured hierarchically for balance and fast lookups. Using tools like sqlite3_analyzer, we can inspect indexes and visualize their layout, which includes pages, cells, and relationships. For better understanding, visualizations can be created from index data dumps, showcasing how SQLite handles different types of indexes (e.g., ASC/DESC, multi-column, and unique indexes) and optimizations through commands like VACUUM or REINDEX. This approach makes it possible to compare index designs, analyze efficiency, and explore SQLite’s inner workings.Networking Costs CalculatorThe Networking Costs Calculator is a self-hosted tool designed to estimate AWS networking costs. It includes a serverless backend that fetches updated prices for networking services using AWS Price List Query APIs, storing them in a DynamoDB table, and a ReactJS frontend hosted on S3 and CloudFront for user interaction. Users can select an AWS region, specify services, and input data transfer details to view estimated monthly costs. Deployment requires a Linux OS, NodeJS, AWS CLI, and AWS CDK, with setup guided by a provided script. The tool helps users calculate costs for features like Data Transfer, NAT Gateways, and Transit Gateway Attachments.Writing secure Go codeWriting secure Go code involves following best practices to ensure that your code is robust, secure, and performs well. Key steps include staying informed about security updates by subscribing to the Go mailing list, keeping Go versions up to date for security patches, and regularly checking for vulnerabilities using tools like go vet, staticcheck, and golangci-lint. It's also important to test code for race conditions using Go’s built-in race detector and scan for known vulnerabilities with tools like govulncheck and gosec. Regular fuzz testing and keeping dependencies updated can help prevent security issues and improve the overall quality of your code.⚡TechWave: Cloud News & AnalysisDatadog Acquires QuickwitDatadog has acquired Quickwit, an open-source, cloud-native search engine designed for fast, scalable, and cost-effective log management. This acquisition will help Datadog address the needs of organizations in regulated industries, such as finance and healthcare, that must meet strict data residency, privacy, and regulatory requirements. By integrating Quickwit, Datadog aims to provide seamless observability and real-time insights without compromising data ownership or requiring multiple logging tools. Quickwit will continue to support its open-source community with a major update under the Apache License 2.Azure Storage—A look back and a look forwardAzure Storage has played a critical role in supporting AI advancements and cloud adoption in 2024, with innovations like Azure Blob Storage enabling large-scale AI model training and Azure Elastic SAN providing cloud-native SAN capabilities. Key highlights include rapid growth in Premium SSD v2 adoption, enhanced Kubernetes support through Azure Container Storage, and improved security measures like Microsoft Defender for Storage. Looking ahead to 2025, Azure Storage aims to empower businesses with smarter data solutions, including seamless integration of unstructured data with AI services, advanced disaster recovery options, and optimized storage for mission-critical workloads, all while collaborating with key partners to drive innovation.OpenTelemetry and Grafana Labs: what’s new and what’s next in 2025OpenTelemetry, a rapidly growing open-source observability project, achieved major milestones in 2024, including support for profiling, stability for the Spring Boot starter, and updates to Semantic Conventions for databases, AI, and more. Grafana Labs actively contributed to OpenTelemetry advancements, integrating it with Prometheus and introducing tools like Grafana Alloy and Beyla for enhanced compatibility and eBPF-based auto-instrumentation. Looking ahead to 2025, the OpenTelemetry Collector is expected to reach stability with its v1 release, signaling long-term support, while new innovations like expanded eBPF capabilities and enhanced protocol support aim to simplify trace-to-profile correlation and drive broader adoption across the observability ecosystem.Introducing Amazon Nova foundation models: Frontier intelligence and industry leading price performanceAmazon Nova is Amazon's latest suite of advanced foundation models available on Amazon Bedrock, designed for both text and multimodal (text, image, and video) tasks. With models tailored for understanding (like text analysis, document processing, and multimodal reasoning) and creative content generation (producing images and videos), Nova combines top-tier intelligence with cost efficiency. Models like Nova Micro, Lite, and Pro cater to diverse business needs, from fast, low-cost tasks to complex, high-accuracy workflows, and all support extensive customization for specific industries.Introducing the next generation of Amazon SageMaker: The center for all your data, analytics, and AIAmazon SageMaker has launched its next-generation platform, integrating tools for data exploration, analytics, machine learning (ML), and generative AI into a unified environment. The revamped platform features the SageMaker Unified Studio (preview), which consolidates data and AI workflows, enabling users to process data, develop ML models, and create generative AI applications seamlessly. It introduces key capabilities like the SageMaker Lakehouse for unified data access, a visual ETL tool for data transformation, and the Amazon Bedrock IDE for building advanced generative AI solutions.🛠️HackHub: Best Tools for CloudGoliat Dashboard:The Goliat Dashboard is an open-source project built with Astro that provides an interactive interface for managing Terraform Cloud resources. It integrates seamlessly with the Terraform Cloud API to display real-time metrics and organize projects and workspaces for better resource visibility. The dashboard also supports the DigitalOcean API and plans to add Azure, AWS, and OpenAI integrations for enhanced insights. With dynamic routes and automatic updates, no additional configuration is needed after API connections.pv-migrate:pv-migrate is a command-line tool and kubectl plugin designed to simplify the migration of Kubernetes PersistentVolumeClaim (PVC) data. It addresses challenges in renaming, resizing, or moving PVCs between namespaces, clusters, or cloud providers by securely transferring data using rsync over SSH. With support for in-cluster and cross-cluster migrations, customizable manifests, and multiple migration strategies, pv-migrate enables efficient and flexible volume data handling. It supports various architectures, including arm64 and amd64, and offers shell completions for popular terminals like bash and zsh.Git-remote-s3:git-remote-s3 is a Python-based tool that enables using Amazon S3 as a Git remote and Git LFS (Large File Storage) server. It provides a seamless way to manage Git repositories and LFS files directly on S3 buckets. Users can push, pull, and manage branches in their repositories stored on S3 while ensuring encryption for security. The tool also integrates with AWS services like CodePipeline by allowing zipped repository archives for pipeline source actions. It supports concurrent users, IAM-based access control, and debug logging, making it versatile for managing versioned code or assets on AWS.ToolGit:ToolGit is a productivity toolkit for Git that extends its functionality with various custom commands and aliases to simplify and automate common Git tasks. It includes utilities for cleaning up branches, force-pulling remote changes, restoring file modes, managing branch history, and more. Easy to install, ToolGit integrates seamlessly into your workflow by adding its scripts to your PATH environment variable, enabling them as Git sub-commands. Each command comes with detailed help text for user-friendly operation, making it a practical enhancement for developers seeking efficiency in version control.Databend:Databend is an open-source cloud data warehouse built in Rust, designed as a cost-effective alternative to Snowflake. It focuses on high-speed query execution and data ingestion, supporting complex analysis of large datasets. Databend offers features such as full ACID compliance, schema flexibility, advanced indexing, and real-time data updates. It can be deployed on both cloud and on-prem environments, providing enterprise-level performance with reduced costs.📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Some dead-simple practices that saved me hours in KubernetesCloudPro #89: Kubernetes v1.33: the release notes you’ll actually want to readHow to stop identity threats without drowning in toolsWhiteswan Identity security is a comprehensive Zero-trust PAM purpose built to secure the massive risk arising from stolen & over-permissioned human and non-human identities. Whiteswan provides Identity security for your entire IT infrastructure and secures on-prem and Cloud environments in a single console.Know Whiteswan better: Demo walk-through🔐 Cloud Security[Sponsored] Dealing with stolen credentials? This helped more than I expectedHow to help prevent hotlinking using referer checking, AWS WAF, and Amazon CloudFrontAWS Security Incident Response now supports integration with AWS PrivateLinkKYE: Know Your Enemies - Check external access on your AWS accountBulletproof your FinOps pipelinesAutomating cost optimization governance with AWS Config⚙️ Infrastructure & DevOpsAnnouncing upcoming changes to the AWS Security Token Service global endpointAnnouncing the GPT-4.1 model series for Azure AI Foundry and GitHub developersHow to store Terraform state in AzureDeployment circle with CloudFront and TerraformTerragrunt & OpenTofu are better together📦 Kubernetes & Cloud NativeKubernetes v1.33: the release notes you’ll actually want to readModernizing Snowflake Corporate’s Kubernetes Infrastructure with Bottlerocket and KarpenterExploring multi-cluster fault tolerance with k8gbBare Metal Kubernetes: Deploying without virtualizationFive learnings from seven years of building Gloo and kgateway🔍 Observability & SREApplication Performance Monitoring of AWS Lambda apps with Amazon CloudWatch Application SignalsContinuing the transition from Endpoints to EndpointSlicesSome dead-simple practices that saved me hours in KubernetesPG Captureis a lightweight and modular CDC (Change Data Capture) utility for PostgreSQL.OpenTelemetry: A guide to observability with goCheers,Shreyans SinghEditor-in-ChiefBonus: Cheat sheet on Amazon S3 Ransomware Attacks below👇New developer products provide a glimpse into the future of app building on HubSpot, including deeper extensibility, flexible UI, modern development tools, and moreHubSpot’s AI-powered ecosystem presents a global opportunity projected to reach $10.2 billion by 2028.To capitalize on that growth potential, we are opening our platform more, starting with expanded APIs, customizable app UI, and tools that better support a unified data strategy.Learn MoreCheat sheet on Amazon S3 Ransomware AttacksStart Building TodaySUBSCRIBE NOWForward to a Friend📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Understand your Kubernetes cost drivers and the best ways to rein in spendingCloudPro #74: How Netflix solved the issue with Java 21 virtual threadsScale your scrapers with Apify’s Black Friday Boost planGet a 30% prepaid usage bonus on Apify this Black Friday.Scrape data for LLMs, machine learning, competitive intelligence, product mapping, or any AI use cases.Use ready-made scrapers or build your own.The Boost plan ends December 5 - grab it before it’s gone!Claim your bonus now⭐MasterclassDeploying Databases in K8s with PostgreSQL, CloudNative-PG, and Ceph Rook on Amazon EKSKubernetes and Access Management API, the new authentication in EKSHow Netflix solved the issue with Java 21 virtual threadsDoes Talos Kubernetes and Omni live up to the hype?Understand your Kubernetes cost drivers and the best ways to rein in spending🔍Secret KnowledgeHack the Cybersecurity InterviewTroubleshooting: Terminal LagMonitor these Kubernetes signals to help rightsize your fleetGetting Started with Cilium Service Mesh on Amazon EKSHow AppsFlyer migrated from Kafka to Kubernetes using Karpenter🛠️HackhubHigh-performance server for NATS.ioA collection of Bash One-Liners and terminal tricksdistributed key value NoSQL database that uses RocksDB as storage engineBuild, Share and Run Both Your Kubernetes Cluster and Distributed ApplicationsRun your deep learning workloads on Kubernetes more easily and efficientlyCheers,Shreyans SinghEditor-in-ChiefForward to a Friend⭐MasterClass: Tutorials & GuidesDeploying Databases in K8s with PostgreSQL, CloudNative-PG, and Ceph Rook on Amazon EKSThis article explains how to deploy and manage a PostgreSQL database on Kubernetes using Amazon EKS. It combines CloudNativePG, a PostgreSQL operator, with Ceph Rook, a storage orchestrator, to ensure data persistence and high availability in a Kubernetes environment. A step-by-step guide is provided for deploying and configuring these tools, including using Helm charts, setting up storage with Ceph, and monitoring the database cluster.Kubernetes and Access Management API, the new authentication in EKSIn AWS EKS (Elastic Kubernetes Service), the new authentication and access management system simplifies how users and worker nodes access Kubernetes clusters. Previously, access was managed using an "aws-auth" ConfigMap, which could be complex and prone to errors. Now, AWS introduces the EKS Access Management API, allowing users to authenticate through AWS IAM directly and authorize Kubernetes actions via Kubernetes RBAC. This approach removes the need for managing ConfigMaps manually, offers predefined EKS Access Policies, and enhances security by eliminating hidden root users. Additionally, integration with Terraform makes access control easier to implement and manage.How Netflix solved the issue with Java 21 virtual threadsIn Java 21, Netflix encountered an issue with virtual threads, which are lightweight threads designed to improve concurrency by suspending and resuming automatically. The problem involved some Netflix services using Java 21, Spring Boot 3, and Tomcat, where servers stopped processing requests due to sockets stuck in a `CLOSE_WAIT` state. Virtual threads were getting "pinned" to operating system threads while waiting to acquire locks. Since all OS threads became blocked, Tomcat couldn't process incoming requests, causing the system to hang. The underlying issue was traced to locking mechanisms in virtual threads, leading to thread contention and blocked OS threads.Does Talos Kubernetes and Omni live up to the hype?Talos Kubernetes and Sidero Omni live up to the hype by providing an intuitive and efficient way to set up and manage Kubernetes clusters. With Omni, you can easily create a Talos cluster without needing to access your virtual machines directly, making the process more streamlined. Setting up clusters, scaling nodes, and even upgrading Kubernetes versions are straightforward, with minimal manual intervention required. While there are some areas for improvement, like simplifying static IP configuration, the overall experience is highly positive.Understand your Kubernetes cost drivers and the best ways to rein in spendingTo reduce Kubernetes-related costs, it's important to monitor key cost drivers such as CPU, memory, storage, and networking. Costs are driven by resource usage and the rate at which they are consumed, so reducing unnecessary usage and optimizing resource allocation is key. Over-provisioning, idle resources, and inefficient scaling are common cost culprits. Regularly adjusting resource requests, leveraging auto-scaling tools like Horizontal Pod Autoscaler, and monitoring metrics with tools like Grafana and Prometheus can help optimize usage.🔍Secret Knowledge: Learning ResourcesHack the Cybersecurity Interview"Hack the Cybersecurity Interview, Second Edition" is a comprehensive guide designed to help individuals prepare for interviews across a wide range of cybersecurity roles. The book covers technical and behavioral interview questions for positions like cybersecurity engineer, penetration tester, and CISO, while also offering tips on personal branding, stress management, and negotiation. It provides real-world advice and industry insights, making it an essential resource for anyone looking to succeed in the competitive field of cybersecurity.Troubleshooting: Terminal LagIn this troubleshooting session, Tavis Ormandy investigates why launching the xterm terminal on his Windows machine is significantly slower compared to Fedora. He identifies that Windows applies an animation effect that delays interaction with the terminal. Through a series of tests and debugging, he discovers that the X server software (X410) adds unnecessary animation effects, which can’t be disabled directly. He uses a debugger to bypass the issue, improving the performance slightly. After further optimizations with features and caching processes, he brings the Windows terminal's performance closer to Fedora’s, significantly reducing the lag.Monitor these Kubernetes signals to help rightsize your fleetTo ensure your Kubernetes environment is both cost-efficient and sustainable, it's crucial to monitor signals like CPU, memory, disk I/O, and network utilization. Over-provisioning leads to wasted resources and high costs, while under-provisioning can degrade performance. Watch for indicators such as high resource usage, slow application performance, or low utilization to fine-tune your setup. Tools like Prometheus and Grafana, along with autoscaling, can help you dynamically adjust resources, ensuring optimal balance, reduced costs, and improved sustainability.Getting Started with Cilium Service Mesh on Amazon EKSThe blog post explains how Cilium, an open-source networking and security solution powered by eBPF, enhances network connectivity between workloads in Amazon EKS (Elastic Kubernetes Service). Cilium provides advanced networking, load balancing, encryption, and observability without the need for sidecar proxies. It integrates seamlessly with Amazon EKS to improve microservice communication, multi-cluster networking, and network policy enforcement. Cilium Service Mesh, built into Cilium, leverages eBPF and Envoy to offer high performance and low overhead for traffic management, security, and monitoring.How AppsFlyer migrated from Kafka to Kubernetes using KarpenterAppsFlyer, a global leader in mobile attribution, migrated their Kafka infrastructure to Kubernetes using Amazon EKS, simplifying management and improving performance. By switching from EC2 instances to Graviton-powered nodes, they achieved a 75% increase in throughput, 58% better write I/O, and reduced costs by 30%. AWS solutions like Strimzi Kafka Operator, Rancher’s Local Path Provisioner, and Karpenter autoscaler helped optimize local storage management and scaling. This transition cut CPU core usage in half and enhanced AppsFlyer's Kafka cluster’s scalability, efficiency, and resilience.🛠️HackHub: Best Tools for Cloudnats-io/nats-serverNATS is a high-performance, cloud-native messaging system designed for modern distributed systems, offering secure and efficient communication between digital services, devices, and systems. It supports over 40 client languages.onceupon/Bash-Oneliner"Bash-Oneliner" is a blog focusing on simple and effective bash commands for tasks like data parsing and Linux system maintenance. The commands are compatible with systems like Ubuntu, Amazon Linux, RedHat, Linux Mint, Mac, and CentOS. The blog covers topics such as variable manipulation, system management, math operations, and networking.apache/kvrocksApache Kvrocks is a distributed key-value NoSQL database that uses RocksDB as its storage engine and is compatible with the Redis protocol. It aims to reduce memory costs and increase capacity compared to Redis. Kvrocks supports key features like asynchronous replication, high availability with Redis Sentinel, and a centralized cluster management system that works with any Redis cluster client.sealerio/sealerSealer is a tool that simplifies the delivery of distributed applications by packaging a Kubernetes cluster and all application dependencies into a "ClusterImage." A ClusterImage functions similarly to a Docker image, containing everything needed to run the application, such as container images, YAML files, and Helm charts. Users can write a "Kubefile" to build this image and a "Clusterfile" to describe how to run it.kubedl-io/kubedlKubeDL is a CNCF sandbox project that simplifies running deep learning workloads on Kubernetes. It offers features like unified scheduling for training and inference, advanced optimization, and native model tracking using Kubernetes Custom Resource Definitions (CRDs).📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Bestselling Cloud Titles specially curated for you Are you ready to enhance your expertise and stay ahead of the curve in the latest tech trends? Dive into cutting-edge resources designed to elevate your skills. Whether you're exploring cloud computing, refining your techniques, or mastering devops, we have the perfect reads for you. BESTSELLERS OF THE WEEK Linux Kernel Programming By Kaiwan N. Billimoria Discover how to write Linux kernel and module code for real-world products Implement industry-grade techniques in real-world scenarios for fast, efficient memory allocation and data synchronization Understand and exploit kernel architecture, CPU scheduling, and kernel synchronization techniques eBook: $39.99 $27.98 Print: $49.99 Mastering PowerShell Scripting By Chris Dent Key benefits: Explores PowerShell as a programming language Take advantage of the features built into the PowerShell language in day-to-day automation Automation of complex tasks, data manipulation, and environment security eBook: $35.99 $17.99 Print: $44.99 $30.99 Mastering Active Directory, Third Edition By Dishan Francis Key benefits Design and update your identity infrastructure by utilizing the latest Active Directory features and core capabilities Overcome migration challenges as you update to Active Directory Domain Services 2022 Establish a strong identity foundation in the cloud by consolidating secure access eBook: $43.99 $29.99 Print: $54.99 Automating DevOps with GitLab CI/CD Pipelines By Christopher Cowell, Nicholas Lotz, Chris Timberlake Key benefits Reap the power of GitLab CI/CD pipelines at every stage of your software development lifecycle Learn how GitLab makes Git easier to use and more powerful when committing and reviewing code Cement your understanding using hands-on tutorials and extensive self-assessment exercises eBook: $35.99$24.99 Print: $44.99 PowerShell Automation and Scripting for Cybersecurity By Miriam C. Wiesner Key benefits Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses Research and develop methods to bypass security features and use stealthy tradecraft Explore essential security features in PowerShell and protect your environment against exploits and bypasses eBook: $39.99 $27.98 Print: $49.99 Want even more resources? Start a free trial and explore our entire library! From cloud solutions to system programming, gain unlimited access to the latest in tech. Start your free trial today. DISCOVER TRENDING TITLES Thanks, Packt Copyright (C) 2024 Packt Publishing. All rights reserved. Our mailing address is: Packt Publishing, Grosvenor House, 11 St Paul's Square, Birmingham, West Midlands, B3 1RB, United Kingdom Want to change how you receive these emails? You can update your preferences or unsubscribe *{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{line-height:0;font-size:75%}#converted-body .list_block ol,#converted-body .list_block ul,.body [class~=x_list_block] ol,.body [class~=x_list_block] ul,u+.body .list_block ol,u+.body .list_block ul{padding-left:20px} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}