Ken G.

FSI customers will be pleased to see this feature being supported in Amazon API Gateway now. No more workarounds with NLBs, ALBs, or VPCE ENIs as target groups. George Mao 🙌 penned the workaround almost 5 years ago in his blog https://lnkd.in/gunKN9Pn Heeki Park 👏 must be happy to write this new feature blog that deprecates his own workaround (built based on George's blog). This pattern can now be archived in the pages of history at Serverlessland.com 😀 https://lnkd.in/gkcWJ2Si

32

More AWS Identity Launches! Yesterday, we launched support for the AWS CLI to get credentials from Identity Center using OAuth2 Authorization Code Grant + PKCE. If you're a real OAuth standards nerd, it's also using dynamic client registration. That's certainly a mouthful, but what this means is that now you can sign into the AWS CLI without using device code, which is faster and more secure(much more phishing resistant). https://lnkd.in/gfTtEqVH Happy pre:invent!

146

8 Comments

The KodeKloud course "𝐈𝐧𝐭𝐫𝐨𝐝𝐮𝐜𝐭𝐢𝐨𝐧 𝐭𝐨 𝐊8𝐬𝐆𝐏𝐓 𝐚𝐧𝐝 𝐀𝐈-𝐃𝐫𝐢𝐯𝐞𝐧 𝐊𝐮𝐛𝐞𝐫𝐧𝐞𝐭𝐞𝐬 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠" concerns how AI can improve Kubernetes management. It introduces K8sGPT, an agent that diagnoses and troubleshoots clusters by scanning for issues and providing plain-language insights. The course examines how AI automates Kubernetes workflows, improves decision-making, and boosts productivity while emphasizing the evolving role of engineers from hands-on tasks to oversight in policy and planning within an AI-driven DevOps environment. #kubernetes #ai #k8sgpt #agent #sre #devops #agenticDevops #kodekloud

5

1 Comment

🔐 Building a Secure Software Development Practice with SAMM Governance | Strategy and Metrics As software architects, DevSecOps practitioners, and leaders in IT companies, we’re always seeking ways to make security a foundational pillar of our software development lifecycle. One such guiding framework is OWASP’s Software Assurance Maturity Model (SAMM), which provides a comprehensive approach to integrating secure practices across the software lifecycle. Today, I want to highlight the Governance domain—particularly focusing on Strategy and Metrics. 🧭 Strategy & Metrics: Every successful security initiative begins with a clear strategy backed by measurable goals. SAMM’s Strategy & Metrics practice helps organizations define their security strategy and ensure alignment with business objectives, allowing us to quantify the impact of security initiatives. Key takeaways: • Align security with business goals: Security should drive business value, not hinder it. • Create a security roadmap: Establish clear goals for evolving your software security practices over time. • Monitor & measure progress: Use KPIs and metrics to track the impact and success of your security initiatives. • Continuous improvement: Use insights to adjust strategy and tactics to address evolving risks. 🔑 Why is this important? The Governance domain emphasizes that security must be part of the organization’s DNA. With an actionable strategy and solid metrics, teams can not only comply with security standards but also foster a culture where security is proactive and integral. 💡 If you’re looking to mature your security posture, OWASP SAMM is an excellent framework to start with. Remember: What gets measured, gets improved! https://lnkd.in/dgVAGy2i #DevSecOps #OWASPSAMM #Governance #SoftwareSecurity #Strategy #Metrics

15

1 Comment

Both orchestrated containers and serverless functions are extremely flexible and powerful tools to build modern applications on top of – but which is best for your project? AIM Consulting Group breaks down the differences between the two methodologies and shares how to evaluate when to apply one over the other. #Serverless #Kubernetes #K8s #ApplicationDevelopment https://lnkd.in/gBrKqQ7e

3

This week's issue explores the role of DevOps in AI/ML, future trends in distributed systems, and secure multi-cloud authentication. Also covered are Kubernetes security with AppArmor and a new Google data center. Featured tools include RunCVM for secure container isolation in VMs, Tools for automated structured logging for applications, and tooling out of grafana labs for load testing.

1

𝐀𝐮𝐭𝐨𝐬𝐜𝐚𝐥𝐢𝐧𝐠 𝐰𝐨𝐫𝐤𝐥𝐨𝐚𝐝𝐬 𝐰𝐢𝐭𝐡 𝐊𝐮𝐛𝐞𝐫𝐧𝐞𝐭𝐞𝐬 𝐏𝐚𝐫𝐭 𝐈 𝐎𝐯𝐞𝐫𝐯𝐢𝐞𝐰 --- Scaling is the process of adjusting computing resources to meet demand. It ensures an application or service can handle increased loads or economize resources with low demand. There are two primary types of scaling: 1. 𝐇𝐨𝐫𝐢𝐳𝐨𝐧𝐭𝐚𝐥 𝐬𝐜𝐚𝐥𝐢𝐧𝐠. It involves adding or removing instances of resources (like servers or pods) to match demand.  2. 𝐕𝐞𝐫𝐭𝐢𝐜𝐚𝐥 𝐬𝐜𝐚𝐥𝐢𝐧𝐠. It involves increasing or decreasing the capacity of existing resources (like upgrading a server with more RAM or CPU). Kubernetes scaling is flexible and can modify pod numbers manually or automatically based on requirements, optimizing workload efficiency. 𝐌𝐚𝐧𝐮𝐚𝐥 𝐬𝐜𝐚𝐥𝐢𝐧𝐠 Kubernetes supports horizontal and vertical scaling at the infrastructure and application levels through various objects like Deployments, ReplicaSets, and StatefulSets. 𝐇𝐨𝐫𝐢𝐳𝐨𝐧𝐭𝐚𝐥 𝐬𝐜𝐚𝐥𝐢𝐧𝐠. Changing the number of replicas via kubectl allows it to manually horizontal scale Deployment, ReplicaSet, or StatefulSet. 𝐕𝐞𝐫𝐭𝐢𝐜𝐚𝐥 𝐬𝐜𝐚𝐥𝐢𝐧𝐠. It involves adjusting the CPU and memory allocations in the Pod specifications of a Deployment or other controllers via kubectl. 𝐀𝐮𝐭𝐨𝐬𝐜𝐚𝐥𝐢𝐧𝐠 1. Horizontal Pod Autoscaler (𝐇𝐏𝐀). HPA automates horizontal application scaling by modifying the number of pod replicas based on CPU utilization or other metrics. It optimizes resource utilization by scaling out during load spikes and scaling in when demand lowers. 2. Vertical Pod Autoscaler (𝐕𝐏𝐀). VPA automates vertical scaling by adjusting pods' CPU and memory reservations. It analyzes resource consumption trends and automatically adjusts resource limits and requests to optimize efficiency and performance. 𝐀𝐝𝐯𝐚𝐧𝐜𝐞𝐝 𝐬𝐜𝐚𝐥𝐢𝐧𝐠 1. 𝐊𝐄𝐃𝐀 (Kubernetes Event-Driven Autoscaling). KEDA enables event-driven autoscaling for Kubernetes, allowing applications to scale based on event processing rates rather than traditional metrics. It helps handle fluctuating event loads, such as message processing from a queue. 2. 𝐊𝐚𝐫𝐩𝐞𝐧𝐭𝐞𝐫. AWS developed an open-source autoscaler for Kubernetes named Karpenter. It optimizes node provisioning and scaling and is faster and more efficient than traditional autoscalers. It makes decisions based on application requirements and cluster states to provide resources at the right time. Kubernetes scaling can be manual or automated to ensure applications are responsive and resource-efficient. While manual scaling provides direct control, automated scaling through HPA and VPA adjusts demand-based resources. Advanced tools like KEDA and Karpenter enhance Kubernetes' scaling capabilities, providing sophisticated mechanisms for handling various workload patterns and operational scenarios. #kubernetes #autoscaling #podlevelscaling #horizontalscaling #verticalscaling #hpa #vpa #keda #karpenter

3

This week's issue covers cold start mitigation strategies, virtual Kubernetes clusters, backpressure management in distributed systems, and changes to the CKA exam. Featured tools include distroless containers, Laminar for LLM observability, and Apache SkyWalking for cloud-native monitoring.

5

2 Comments

Chatgpt is becoming more of a great everyday tool in an IT person's toolbox. The more you understand it and understand how to extract the information you need out of it, its easy to skip pass the fluff or things that dont make sense. Needing to import hundreds of existing subnets into terraform using terraforms import block, i knew i did not want to import all of that per subnet and that i also needed to import these into modules. Essentially I have a code block that does a for_each through all of the subnets that come into the variable. import {  for_each = { for key, value in var.subnet : key => value if value.import }  id = each.value.import_resource_id  to = module.subnet.azurerm_subnet.main[each.key] } Only problem was i needed all of those subnets in a specific format in my tfvars file before i could do that. In comes chatgpt and a very much needed python script. As somebody who didnt have the need or time to spend a ton of time writing that script out, i was able to ask it a very small subset of questions piecing this script together found here in my github https://lnkd.in/gWSarEpH. I of course used powershell to export out the subnets in a specific format also that was needed. All in i was able to take a task that could have taken me days to complete by not having to manually import all those subnets in one by one and also generating a script using chatgpt vs having to search forums and ask around and get a bunch of methods for the same outcome. What are some IT use cases you have used chatgpt to improve daily task? #chatgpt #ai #automation #scripting

5

1 Comment

AI in DevOps is no longer an option. Key areas that it will revolutionize: ☑️ Automated Code Review ☑️ Predictive Analytics ☑️ Continuous Integration and Deployment (CI/CD) ☑️ Automated Testing ☑️Security ☑️Infrastructure Management ☑️Workflow Optimization #DevOps #AI

5

Cloud Resilience and Reliability means business. If your company wants to stay in business and provide an Always On customer experience then your resilience strategy is a must do. Come to Aws #reinvent to learn more about it. Happy to chat about how we are doing it at #capitalone with your exec leaders. Let’s do it. Boom!

19

2 Comments

Join your Atlanta Red Hat User Group (RHUG) community to see how to manage Microsoft SQL clusters with Red Hat Ansible

1

1 Comment

This week's issue covers Kubernetes CRD validation, new GCP workflow connectors, AI hype critique, and sys admin books. Also, tools for better K8s Job orchestration, package management, and local/remote (Remocal?) development.

8

2 Comments

 DevOps & Infrastructure as Code Manage Kafka clusters with Terraform, Ansible, or Helm charts. This ensures consistent deployments, especially for ephemeral or scaled environments. Question: Are you applying GitOps or infrastructure as code for your Kafka ecosystem?

2

🎯What does a typical microservice architecture look like? The diagram below shows a typical microservice architecture. 🔹Load Balancer: This distributes incoming traffic across multiple backend services. 🔹CDN (Content Delivery Network): CDN is a group of geographically distributed servers that hold static content for faster delivery. The clients look for content in CDN first, then progress to backend services. 🔹API Gateway: This handles incoming requests and routes them to the relevant services. It talks to the identity provider and service discovery. 🔹Identity Provider: This handles authentication and authorization for users. 🔹Service Registry & Discovery: Microservice registration and discovery happen in this component, and the API gateway looks for relevant services in this component to talk to. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations 

1