My TL;DR style notes from articles I read today.
9 Kubernetes security best practices everyone must follow
- Always use the latest stable version.
- Enable role-based access control (RBAC). Avoid granting cluster-wide permissions.
- Make sure to create non-default namespaces with security boundaries customized by their workload.
- Run especially sensitive workloads on a dedicated set of machines to limit fallout from any breaches.
- Carefully secure access to cloud metadata.
- Create and define cluster network policies.
- Define a cluster-wide Pod Security Policy for how workloads may run in each cluster.
- Harden node security by ensuring your host is secure & controlling network access to sensitive ports.
- Enable audit logs. Actively monitor them to identify access attempts.
Full post here, 5 mins read
How Sqreen handles 50,000 requests every minute in a write-heavy environment
Three principles used by Sqreen to build this scalable architecture:
- Caching to handle large volumes of requests.
- Using queues to reduce the number of write operations demanded within a given time frame to guard against overload.
- Designing applications in a way that scalability is achieved by using more or fewer iterations of the same module to scale up and down, rather than requiring a single unit to work faster or harder.
Full post here, 9 mins read
Site reliability engineering best practices for data pipelines
- Define and measure service-level objectives (SLOs) to ensure data freshness, data correctness, and superior data isolation.
- Plan for dependency failures by checking for overdependence on products that don’t meet their own SLOs.
- Create and maintain system diagrams, process documentation and playbook entries that outline recovery from alert conditions.
- Reduce hot-spotting by balancing out the workload across resources.
- Utilize autoscaling.
- Adhere to strict access control for privacy, security and data integrity.
- Use idempotent and two-phase mutations to avoid duplication or storage of incorrect data in case of pipeline failure in the middle of a process.
- Use checkpointing to store partially implemented processes.
Full post here, 5 mins read
I share these TL;DR versions of articles on software engineering that I read every weekday through my newsletter - in.snippets(). Sign up here if you liked what you just read.
Top comments (0)