CloudPro #51: AWS planning new region in Taiwan
Apple to Debut Passwords App in Challenge to 1Password, LastPass
Welcome to the 51st edition of CloudPro! Today, we’ll talk about:
⭐Masterclass:
Deploying Preview Environments on Kubernetes Using Github Actions
In-place version upgrades for applications on Amazon Managed Service for Apache Flink now supported
🔍Secret Knowledge:
Enhancing observability with a managed monitoring solution for Amazon EKS
My personal AWS account setup - IAM Identity Center, temporary credentials and sandbox account
Analyze control plane and CloudTrail logs for better detective controls
⚡Techwave:
Apple to Debut Passwords App in Challenge to 1Password, LastPass
Announcing Advanced Container Networking Services for your Azure Kubernetes Service clusters
Kali Linux 2024.2 Release (t64, GNOME 46 & Community Packages)
🛠️HackHub: Best Tools for the Cloud
Run Envoy in place of docker-proxy and get metrics, tracing for free
Contour is a Kubernetes ingress controller using Envoy proxy
Cheers,
Editor-in-Chief
Forwarded this Email? Signup Here
Shape the Future of Tech Learning
Got insights on the best tech learning resources? Join our survey and make a difference in the tech education landscape!
Your feedback will help develop better tools and resources for our community, offering a chance to reflect on your learning evolution.
Thank you for your invaluable input in shaping the future of tech education!
⭐MasterClass: Tutorials & Guides
This introduction to debugging Kubernetes covers the evolution from physical servers to containers and the role of Kubernetes as an orchestration tool. Initially, applications were deployed directly on physical servers, a manual and error-prone process that made scaling difficult. Virtualization improved this by allowing multiple operating systems on one host, but with some performance overhead. Containers, standardized by tools like Docker, provided a lightweight, efficient alternative, sharing the host system's kernel.
Kubernetes emerged to manage the complexities of large-scale container deployments, automating tasks like scheduling, scaling, service discovery, and updates. It consists of a master node that manages the cluster and worker nodes that run the pods, the smallest deployable units containing containers. Basic commands such as listing pods, describing a pod, and viewing pod logs are essential for managing a Kubernetes environment. This foundation sets the stage for deeper exploration into Kubernetes debugging and troubleshooting techniques.
⭐Getting Started with Valkey using Docker and Go
Valkey is an open-source, high-performance key/value data store derived from Redis, designed for uses like caching and message queues. To set up Valkey using Docker, you create a project structure with configuration and data folders and a Docker Compose file. This configuration launches a Valkey container, making the server accessible at `localhost:6379`. After starting the container, you can use the Valkey CLI to test the connection and perform basic operations.
To interact with Valkey using Go, you write a simple Go program that connects to the Valkey server, performs a SET operation to store a key-value pair, and retrieves it using a GET command. Alternatively, you can use TestContainers in Go to manage the Valkey container programmatically, which simplifies the setup and teardown process. This setup allows you to focus on developing your application without worrying about manually managing the Docker container.
⭐Deploying Preview Environments on Kubernetes Using Github Actions
In this article, the focus is on setting up preview environments for backend services and APIs using Kubernetes, Docker, and GitHub Actions. The setup is language agnostic and revolves around Kubernetes configuration. The main components discussed include Deployments, Ingress, and Services in Kubernetes, and how Docker images are used within these setups. The article also outlines how to use GitHub Actions to automate the creation of preview environments based on pull requests, allowing for dynamic updates and testing in a staging environment. This approach streamlines the development process and leads to faster, more reliable software releases.
⭐Managing Winglang Libraries with AWS CodeArtifact
Winglang's Winglibs project provides a straightforward solution for wrapping cloud resources, but creating the Endor middleware framework posed unique challenges. Since Endor and its supplementary tools like Exceptions and Logging are still in early stages and not ready for public release, managing multiple NPM packages internally became necessary. To achieve this, AWS CodeArtifact was used as an internal NPM registry, facilitating the development of Winglang libraries within a Multi-Account, Multi-Platform, Multi-User environment. The setup involved creating an AWS CodeArtifact Domain and Repository, connecting it to the public npmjs repository, and configuring a remote EC2 desktop to use this repository for package management.
The implementation utilized CloudFormation templates for setting up AWS resources, with a detailed Bash script to configure npm to use AWS CodeArtifact. This script automated authentication and registry setup, ensuring seamless integration with the development workflow. Additionally, a sophisticated script was developed for publishing custom libraries, focusing on version management and checksum validation to ensure package integrity. The project structure maintained modularity, enabling efficient updates and automated builds through Makefiles, addressing the evolving needs of the Endor framework and its associated libraries.
⭐In-place version upgrades for applications on Amazon Managed Service for Apache Flink now supported
Amazon Managed Service for Apache Flink now supports in-place version upgrades, allowing users to statefully migrate their existing Apache Flink applications to newer versions, including the latest Apache Flink 1.18. This feature facilitates upgrading your application’s runtime version without data loss or the need for additional orchestration.
Apache Flink is a powerful open-source distributed processing engine that excels in both stream and batch processing. It offers strong support for stateful processing and event-time semantics, supporting multiple programming languages like Java, Python, Scala, and SQL, and various APIs.
🔍Secret Knowledge: Learning Resources
🔍InstructLab: What if Contributing to Models Was Easy?
InstructLab is an initiative by Red Hat, announced at their annual summit, designed to simplify contributions to AI models. The project aims to lower the technical barriers to model updates, allowing even non-technical experts to contribute. Unlike traditional methods which often require significant technical expertise and resources, InstructLab proposes a simpler system using "skills" – essentially structured text files – to generate synthetic data for model training.
The broader implications of InstructLab are significant. If successful, it could democratize the process of model improvement, leading to rapid advancements in AI capabilities due to increased and diverse contributions. However, this also raises concerns about governance and intellectual property management. While open source software has a well-established framework for handling such issues, the AI domain lacks similar robust mechanisms. This initiative might push enterprises to adapt and develop new governance strategies, echoing the gradual acceptance and integration of open source software in the past.
🔍Enhancing observability with a managed monitoring solution for Amazon EKS
Enhancing observability for Amazon EKS can be significantly simplified by using AWS's managed monitoring solutions. Amazon CloudWatch Container Insights, alongside Amazon Managed Grafana and Amazon Managed Service for Prometheus, provides a comprehensive monitoring framework tailored specifically for EKS clusters. These tools enable real-time insights into the health and performance of Kubernetes environments, allowing users to monitor container-level metrics and visually analyze different cluster layers. With the fully-managed Prometheus backend for metrics collection and storage and Grafana for intuitive visualization, users can deploy an AWS-supported solution for robust monitoring.
This solution provides pre-configured dashboards that offer a holistic view of the cluster's health, performance, and resource utilization. It allows users to monitor the control and data planes, track resource usage, and identify bottlenecks before they become critical. By leveraging historical usage data, users can make intelligent scheduling decisions and plan for future resource demands. This AWS-managed solution not only helps in reducing the mean time to detection (MTTD) of issues but also ensures optimal performance and resource allocation within Kubernetes environments, enhancing the overall efficiency and reliability of Amazon EKS clusters.
🔍My personal AWS account setup - IAM Identity Center, temporary credentials and sandbox account
Your personal AWS account setup revolves around organizing and managing various AWS resources effectively. Using AWS Organizations, you've structured accounts for different purposes like development, testing, production, and a dedicated sandbox for experimentation. This ensures clear segregation of environments and enhances security and resource management.
AWS Identity Center (formerly IAM Identity Center) plays a central role in your setup, simplifying user management and authentication across all accounts within your organization. It offers improved features such as multi-factor authentication and streamlined access to roles, making it easier to manage permissions securely.
For testing and learning new AWS services, you utilize a sandbox account that you can reset using aws-nuke, a tool for automated resource deletion. This setup allows you to experiment freely without worrying about lingering costs or cluttered resources.
🔍Deep PostgreSQL Thoughts: Valuing Currency
Staying current with PostgreSQL minor releases is crucial for several reasons. First, each release addresses known bugs and security vulnerabilities, which can pose risks to your data and operations if left unpatched. These fixes are thoroughly tested to minimize the likelihood of introducing new issues, ensuring a stable environment for your database operations.
Secondly, compliance with industry standards and security best practices often requires timely updates. Regulations like CIS Benchmark and CISA directives specify deadlines for applying security patches, emphasizing the importance of maintaining an up-to-date PostgreSQL installation to meet these requirements and mitigate potential vulnerabilities.
While upgrading may require a brief service interruption due to the need to restart PostgreSQL, especially in clustered environments, the benefits typically outweigh this inconvenience. Delaying upgrades can leave your system vulnerable to known issues and may complicate future updates, potentially requiring more extensive changes down the line.
🔍Analyze control plane and CloudTrail logs for better detective controls
In this blog post, we dive into leveraging Amazon EKS control plane and AWS CloudTrail logs to bolster security monitoring and threat detection within your EKS clusters. The EKS control plane logs, routed to CloudWatch Logs, offer audit and diagnostic insights crucial for managing and securing your clusters. These logs encompass various types such as Kubernetes API server, audit records, and authentication events, which can be tailored to meet specific security needs.
Simultaneously, CloudTrail logs provide a comprehensive record of AWS API calls, including those originating from EKS pods utilizing IAM Roles for Service Accounts (IRSA). This visibility aids in auditing, compliance, and detecting anomalous activities that may indicate potential security risks or misconfigurations.
By harnessing these logs, teams can proactively monitor for suspicious behaviors, swiftly investigate incidents, and ensure compliance with security best practices. This integrated approach strengthens overall security posture by offering real-time visibility into EKS activities and AWS API interactions, thereby enabling timely responses to emerging threats.
⚡ TechWave: Cloud News & Analysis
AWS is planning to launch a new cloud computing region in Taiwan by early 2025. This region, named AWS Asia Pacific (Taipei), will include three separate Availability Zones. These zones will be physically independent yet closely located to minimize latency for applications needing quick response times. They will also be connected by high-speed, low-latency networks to ensure reliable data replication and availability.
⚡Apple to Debut Passwords App in Challenge to 1Password, LastPass
Apple is set to introduce a new Passwords app on June 10, alongside its latest AI initiative. This app will directly compete with services like 1Password and LastPass. The announcement coincides with updates to Apple's software for iPhone, iPad, and Mac devices.
⚡Announcing Advanced Container Networking Services for your Azure Kubernetes Service clusters
Microsoft Azure has introduced Advanced Container Networking Services, a suite designed to enhance the operational capabilities of Azure Kubernetes Service (AKS) clusters. It focuses on observability, security, and compliance for containerized applications. The first feature, Advanced Network Observability, provides deep insights into network traffic and performance, utilizing eBPF technology for real-time metrics and logs. It supports both Cilium and Non-Cilium environments, offering tools like Hubble CLI and UI for network flow visualization and troubleshooting.
⚡Kali Linux 2024.2 Release (t64, GNOME 46 & Community Packages)
Kali Linux 2024.2 has just been released, marking a significant update for the renowned penetration testing and security auditing platform. This release introduces the t64 transition, a crucial change aimed at future-proofing the operating system against the Year 2038 problem on 32-bit ARM architectures. By switching to a 64-bit time_t type, Kali ensures stability and continuity in timestamp handling, particularly important for devices like ARM-based platforms, including Raspberry Pi.
In terms of user interface and experience, Kali Linux 2024.2 brings updates to both GNOME and Xfce desktop environments. It includes GNOME 46 with refreshed themes and extensions, enhancing usability and visual appeal. The Xfce updates focus on stability improvements and better support for features like Kali-Undercover and HiDPI modes, catering to diverse user preferences and hardware configurations.
⚡Observability in Snowflake: Snowflake Trail
Snowflake Trail is a new set of tools within Snowflake that enhances observability for developers and data engineers. It allows monitoring and troubleshooting of applications and data pipelines through Snowsight or third-party tools. Snowflake Trail leverages built-in telemetry like Query History and Event Tables to provide deep visibility into data quality and pipeline performance without requiring agent installations or complex setups. It supports features such as Log Explorer and Distributed Tracing to help users quickly diagnose issues and optimize performance, making it easier to build and maintain high-quality data solutions in Snowflake.
🛠️HackHub: Best Tools for Cloud
🛠️yyyar/gobetween: :cloud: Modern & minimalistic load balancer for the Сloud era
🛠️Nitro/envoy-docker-shim: Run Envoy in place of docker-proxy and get metrics, tracing for free
🛠️projectcontour/contour: Contour is a Kubernetes ingress controller using Envoy proxy.
🛠️volcano-sh/volcano: A Cloud Native Batch System (Project under CNCF)
📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want to advertise with us.
If you have any comments or feedback, just reply back to this email.
Thanks for reading and have a great day!