TLDR DevOps 2024-09-27

Run your DevOps workflows with Notebooks (Sponsor)

Runme consolidates docs and scripts into interactive Notebooks (think Jupyter) and TUIs. Interact with cloud-native tools and cloud providers/infra inside your workflows. Test your Notebooks in CI/CD using the Runme CLI & GH Action.

▶️ Install the extension, open a .md file, click to run, edit and push to Git.

✅ Free and open source
✅ Built with Markdown
✅ GitOps compatible

Check out runme.dev to install and find step-by-step examples for bash, terraform, k8s, DevContainers, cloud providers and many other DevOps tools.

📱

News & Trends

GitHub Enterprise Cloud with data residency: How we built the next evolution of GitHub Enterprise using GitHub (4 minute read)

GitHub Enterprise Cloud will introduce a data residency feature in the EU on October 29, allowing enterprises to store their code in their preferred region, starting with the EU and expanding to other regions like Australia, Asia, and Latin America. This feature, combined with AI-powered tools like GitHub Copilot and Microsoft Azure's secure infrastructure, gives organizations more control over their data while supporting global security and compliance needs.

PostgreSQL 17 Released! (4 minute read)

PostgreSQL 17 introduces performance improvements, enhanced memory management, and better query execution. New features include SQL/JSON commands for developers and enhancements to logical replication for easier upgrades.

🚀

Observability as code for AI apps with New Relic and Pulumi (11 minute read)

Combining New Relic's observability platform with Pulumi's infrastructure-as-code enables an "observability as code" approach for AI applications, streamlining monitoring and secret management. This approach ensures consistent monitoring, version-controlled configuration, and deeper insights into AI performance and resource usage across environments.

Keycloak with istio and Oauth2-Proxy (7 minute read)

Learn how to integrate Istio with Keycloak and OAuth2 Proxy to enhance authentication and authorization for your microservices architecture, ensuring secure, flexible, and scalable access controls.

How we improved availability through iterative simplification (6 minute read)

Scaling GitHub's system involved navigating complex challenges. Its team employed tools like Datadog, Splunk, and Scientist for real-time monitoring and performance testing. They used strategies such as incremental rollouts with Flipper to ensure stability and efficiency.

🧑‍💻

OpenTelemetry Best Practices (Sponsor)

Confused by OpenTelemetry? Honeycomb has got you covered with two detailed technical blog posts. Part 1 covers Naming - semantic conventions, namespaces, and shared constants. Part 2 goes into agents, sidecars, collectors, and coded instrumentation. Both are available ungated, so add them to your bookmarks for when you need them!

doggo (GitHub Repo)

Doggo is a modern, user-friendly command-line DNS client written in Golang that offers support for multiple protocols like DoH, DoT, DoQ, and DNSCrypt. It provides a simple interface for quick and advanced DNS queries.

FlareSolverr (GitHub Repo)

FlareSolverr is a proxy server designed to bypass Cloudflare and DDoS-GUARD protection. It uses Selenium with undetected-chromedriver to handle challenges and return cookies and HTML code for user requests.

🎁

Miscellaneous

How to prevent account takeovers with new certificate-based access (5 minute read)

Google Cloud has introduced certificate-based access (CBA) to strengthen account security by using mutual TLS (mTLS) and X.509 certificates, ensuring that even if credentials are stolen, unauthorized access is blocked without the corresponding certificate. CBA allows for granular access policies, protects key storage, and enforces security across various Google Cloud services.

Sandcastle: data/AI apps for everyone (8 minute read)

Airbnb's Sandcastle platform empowers data scientists, engineers, and product managers to prototype and share AI-powered web applications quickly, fostering rapid iteration and innovation within the company.

⚡

SLO: Elastic vs Datadog vs Grafana (12 minute read)

This post reviews the SLO implementations of Elastic, Datadog, and Grafana, noting differences in UX, alerting, and setup processes.

Datadog delivers smarter vulnerability remediation (6 minute read)

Security teams face challenges in vulnerability remediation due to increasing vulnerabilities, rapid software updates, and complex modern architectures with evolving dependency trees.

How to use Vault namespaces (8 minute read)

As your HashiCorp Vault cluster expands in usage and complexity, understanding and strategically implementing namespaces can greatly enhance multi-tenant deployments, enabling efficient, secure, and scalable management of your organization's secrets lifecycle.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!

Want to advertise in TLDR? 📰

If your company is interested in reaching an audience of devops professionals and decision makers, you may want to advertise with us.

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Kunal Desai & Martin Hauskrecht