#158 — March 21, 2018

Read on the Web

Web Operations Weekly

NGINX Adds Native Support for gRPC — NGINX adds gRPC, a remote procedure call protocol transported over HTTP/2, to its long list of supported protocols. You can now terminate, inspect, route, and load balance gRPC method calls, much as you would HTTP.


Building Container Images Securely on Kubernetes — How to build container images without doing anything to compromise cluster security and why it was a hard problem to solve.

Jessie Frazelle

Automate Your Application Security — Get full visibility into your security, get alerted on critical issues and easily build automated responses against security threats.

Sqreen sponsor

Netlify Offers Lambda Functions on Its Static Platform — A new feature from the popular static site hosting platform to deploy AWS Lambda-powered functions simply by adding files to Git repositories.

Matt Billmann and Chris Bach

Windows Server 2019, Now Available in Preview — Focuses on hybrid cloud, security, Kubernetes, Linux, and ‘hyper-converged infrastructure’ (the idea of having virtualized compute, storage, and networking in a single system).

Microsoft Windows Server Team

IBM Announces Managed Kubernetes on Bare Metal — With this, IBM is the first major cloud provider to enable running Kubernetes containers as a managed service directly on bare metal cloud infrastructure.

Jason McGee (IBM Cloud)

RedisWannaMine: A New Cryptojacking Attack Powered by Redis & NSA Exploits — Web threats persist as a new generation of cryptojacking targets both DB and app servers.

Imperva sponsor

Java 10 Released; JDK 10 General Availability — Or, if you prefer, a more accessible post on how Java 10 is better.


Let's Encrypt Issued Over 10K Wildcart Certificates in First 48 Hours — Support for wildcard certificates went live last week.

Let's Encrypt on Twitter

💻 Jobs

Join Our Lean and Agile Dev Team at Microsoft San Francisco — Join our lean and agile engineering team that's building modern cloud-native technologies at Microsoft San Francisco.


WebOps Expert? Sign Up for Vettery — Create your profile and we’ll connect you with top companies looking for talented WebOps candidates.


📈 Articles, Tutorials and Case Studies

Securing Kubernetes for OpenFaaS and Beyond — Want to roll out your own serverless architecture on top of OpenFaaS and Kubernetes? Some pointers on security here.

Daniel Shapira

Running End-to-End Tests on Kubernetes

GoCD sponsor

Building a Highly Available MongoDB Webapp on DigitalOcean — A high-level look at a potential setup for a highly available app that depends on MongoDB and the ELK stack (Elasticsearch, Logstash, and Kibana) with a focus on DigitalOcean but the principles could work with most providers.

Kathleen Howard and Sebastian Canevari

Best Practices for Service Quality in Microservice Apps — Service discovery needs to be automatic and immediate, and AI can be used for faster incident response.

Mirko Novakovic

Resiliency in Distributed Systems

Rajeev Bharshetty

Migrating From Heroku to AWS with Kubernetes and Without Stopping Production


Why a Firewall Can’t Protect Against a Memcache DDoS Attack — Further thoughts on the memcached-manified DDoS problems of late.

Nitzan Niv

Improve Site Performance by Optimizing Queries

Percona sponsor

Protecting Against HSTS Abuse

WebKit Project

Bringing Tokusatsu to AWS using Python Flask, Zappa and Contentful — How to build and deploy a Python with AWS Lambda and a third-party CMS.


🔧 Code, Tools & Demos

Introducing Skaffold: Easy and Repeatable Kubernetes Development — We linked the tool itself last week but now Google have explained in more detail what it’s for.

Google Cloud Platform Blog

Komiser: An AWS Environment Inspector — Essentially a self-hosted dashboard for your AWS resources.

Mohamed Labouardy

Jenkins X: A CI/CD Solution for Modern Cloud Apps on Kubernetes

Jenkins CI

Varnish Cache 6.0.0 Released — Despite the version number change, not a huge change in terms of configuration but it now supports Unix Domain Sockets and HTTP/2 support has been improved.

Poul-Henning Kamp

SSH Permit A38: Central Management and Deployment for SSH Keys — Written in Rust. Binaries available for macOS and Linux.

Bernhard Janetzki

Jackal: An XMPP Server in a Container (and written in Go)

Miguel Ángel Ortuño