Linux Grand Poobah Linus Torvalds once supposedly said that, in the end, every Linux problem was ultimately one of permissionsView in browser »
The New Stack Update

ISSUE 183: Permission to Scale

Talk Talk Talk

Imagine a world where every time you do a deployment, it’s correct. And if it’s not correct, then the deployment fails completely, so you can try again or make other intelligent decisions. … That is just an incredible cost-saver in operational overhead. Moving from an unsafe, semi-reliable system to one that is basically more robust.”

Weaveworks Alexis Richardson, on GitOps
Add It Up
Number of Software Delivery Tooclchains by Software Organizations

Measuring CI/CD adoption is difficult for many reasons, but one of them is the choice between all-in-one bundled software or best-of-breed tooling. How thousands of companies and individuals evaluate the trade-offs between these approaches will shape the future of DevOps tooling and what toolchains are used.

A 2019 Forrester study sponsored by GitLab found that more than three-quarters of organizations use at least two software delivery toolchains, with the average organization having six or more tools per toolchain. Based on a survey of 252 IT professionals with responsibility over toolchain management, the study also reported that ensuring security (45%) and visibility into maintenance (39%) are the top process challenges teams face with their toolchain.

What's Happening

What, exactly, is GitOps? On the surface, it is quite simple. GitOps is centered around using a version control system (such as Git) to house all information, documentation, and code for a Kubernetes deployment, and then use automated directors to deploy changes to the cluster. However, once you dig past the surface, you discover that it’s far more complex than that.

GitOps provides a way for developers to manage operational workflows, particularly for Kubernetes, using Git and their own version control system, Priyanka Sharma said. The same process they use to merge code using pull requests or merge requests can be used to deploy to Kubernetes.

For more about GitOps, listen to our podcast interview with Weaveworks' Alexis Richardson and Stefan Prodan, and Ravi Lachhman from Harness.

What is GitOps and Why It Might Be The Next Big Thing

Permission to Scale

Linux Grand Poobah Linus Torvalds once supposedly said that, in the end, every Linux problem was ultimately one of permissions. Now, permissions themselves can be very clearly defined on Linux and Windows systems, where every system resource can be defined by who can read, write or execute it, be it an individual user, a system administrator, or a member of a group (“sales”). And security settings built on these permissions are called role-based access control (RBAC). The problems come with not fully thinking out how these cascading sets of permissions interact in complex systems.

This was certainly true of the early days of Kubernetes. Like with any pilot project, K8s testers simply set all the permissions to admin “God” access so they wouldn’t get snared in the permission entanglements, which is fine for pilot projects, but is like painting a big target on your system should you push that mess into production. This is why we appreciated Fair engineer Catherine Cai’s contributed post on realistic approaches to RBAC on Kubernetes.

It offers plain descriptions and useful advice to help moves one from setting everything as open, to settling into sharply-defined permissions, and ultimately to the ultimate state, automation. 

“At this point, you’ve likely realized that implementing RBAC isn’t an exact science and is prone to shift over time, depending on the growth trajectory of your org. Hopefully, with a cocktail of off-the-shelf and open source solutions, you’ll be able to cobble together a solution that works for you and doesn’t paint you into a corner. The engineer’s dream,” she writes.

Bid Adieu to Python 2 and Get Ready for Python 3

The sunset date of Python 2 is fast approaching; as of January 1, 2020, Python 2 will no longer be supported. But since Python 3 is the best path forward, companies need to consider migrating to Python 3 sooner rather than later. How can developers successfully prepare for this transition? ActiveState CEO Bart Copeland explains all.

Containous Builds a Service Mesh on Its Traefik Proxy

Containous, the company behind the open source reverse proxy Traefik and Traefik Enterprise Edition, has entered the service mesh arena with the release of Maesh, a new open source service mesh, one designed to be easy to use by developers. Maesh is built using Traefik to provide proxy functionality, which Containous CEO Emile Vauge pointed to as a key distinction in an interview with The New Stack.

Party On

Now here’s a VMworld trio! Analysts who are enjoyable, all three (left to right): Glenn O’Donnell, Forrester Research; Corey Quinn, The Duckbill Group; and Rachel Stephens, RedMonk.

Who’s that at VMworld with VMware’s Sanjay Poonen? Why it’s the main man himself — Michael Dell!

On The Road



The time is right — FutureStack is coming to New York City for one full day of talks about what makes the modern software stack. Join us to explore how to navigate and answer the questions that face developers and operations pros everywhere. Register Now!

The New Stack Makers podcast is available on: — Pocket CastsStitcher — Apple PodcastsOvercastSpotifyTuneIn

Technologists building and managing new stack architectures join us for short conversations at conferences out on the tech conference circuit. These are the people defining how applications are developed and managed at scale.
Free Guide to Cloud Native DevOps Ebook

Cloud native technologies — containers, microservices and serverless functions that run in multicloud environments and are managed through automated CI/CD pipelines — are built on DevOps principles. You cannot have one without the other. However, the interdepencies between DevOps culture and practices and cloud native software architectures are not always clearly defined.

This ebook helps practitioners, architects and business managers identify these emerging patterns and implement them within an organization. It informs organizational thinking around cloud native architectures by providing original research, context and insight around the evolution of DevOps as a profession, as a culture, and as an ecosystem of supporting tools and services. 

Download The Ebook
We are grateful for the support of our ebook sponsors:

Copyright © 2019 The New Stack, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list