Cloud Native Weekly

Share this post

Cloud Native Weekly #10: Cloud Governance

anjulsahu.substack.com

Cloud Native Weekly #10: Cloud Governance

Let's look into Cloud Cost optimisation and Governance in this post.

Anjul Sahu
Jun 20, 2022
Share this post

Cloud Native Weekly #10: Cloud Governance

anjulsahu.substack.com
black Android smartphone
Photo by Kelly Sikkema on Unsplash

In this issue, we will look into the latest updates in the industry and some interesting articles and tools that can be helpful to you.

The market for the past few weeks are really been down and this has impacted various organizations in some way or other. Many of them have laid off folks :( and organizations are optimizing their spending. Those who are laid off — please reach out to your network and you could also get assistance from the Mentoring club.

🏛 Governance and 💰 Cost Optimization in Cloud Native Infrastructure

In every organization, this is typically a day 3 activity and it is required sooner or later, depending on the priorities. In my experience, I have seen small to medium size companies first trying to focus more on innovation cycles and speed using the Cloud and later realizing the unnecessary budget overruns or messy environments. Cloud governance is a niche area with less structured knowledge or tooling around it. Ideally, the cloud provider should have all these techniques built-in and should be provided as a service. Nevertheless, this has been picked up by some of them by providing recommendations. For example, in GCP, you can enable the recommender API to get insights on how you can bring down costs. These insights do not understand your organization’s requirement and thus, you need additional tooling to achieve it.

In context to this, I would like to focus on the governance tools and techniques built for Kubernetes and the cloud.

OpenCost Logo
  1. OpenCost — Kubecost and other industry-leading companies have open-sourced the cost model for multi-cloud and Kubernetes. This can give you granular details of your Kubernetes workload, and how you are spending, and then put necessary controls. This also integrates with public clouds and can be used in an on-premise environment. I found it quite useful to see which resources are overallocated and the bin packing of the workload on the cluster. Kubecost also introduced a controller which can apply the recommendations directly in your cluster. Please take it with a grain of salt because putting very less resources may introduce CPU throttling or OOM errors.

    Cloud Native Weekly is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

  2. Steampipe or Cloudquery or Resoto - These tools help in consolidating your infrastructure and allow you to query (Some use SQL interface and some have their own DSL) to search through the cloud inventory and allow you to take actions. These products are also used for security auditing, finding garbage in your infrastructure that can be cleaned, etc. In many cases, the plugins and ready-to-consume pre-built modules are available and also can be extended for your use case.

    Example of search in resoto and taking action to clean them.


    search is(aws_ec2_instance) and name =~ "^jenkins-worker-.*" and age > 24h | clean "instance older than 24h"

  3. Cloud Custodian — c7n in short, is a CNCF sandbox project to provide governance, management, and compliance for the cloud environment. It supports major cloud providers and comes with various tools to provide a complete package. You can automate the operations and govern them effectively using custodian policies.

    Example Policies in Custodian

  4. kube-downscaler — a nice utility by Henning Jacobs to downscale the Kubernetes resources during off-peak hours. This is immensely useful in bringing down costs in development environments. Read his experience in saving costs at Zalando.

    Kubernetes Cost Saving Techniques

View on eBPF and Sidecar Service Mesh future?

Earlier this year, Cilium introduced a sidecar-less model for service mesh using ebpf technology to reduce the number of proxies and improve the overall efficiency. William M from Linkerd has shared his view on why the sidecar-less model is not successful and what’s the limitations of eBPF in the service mesh. To some extent, I agree with the limitations but eBPF technology is going to improve over time and will provide more coverage.

Future of Service Mesh

Cloud-Native Security Whitepaper V2

CNCF has updated its security whitepaper that covers all the layers of cloud native security including the CI/CD. Look at the landscape in the CNCF security space to get further guidance.

5 Technologies to see for Platform Engineers

Twitter avatar for @danielbryantuk
Daniel Bryant @danielbryantuk
5 technologies that #PlatformEngineers should pay attention to for the next six months 🧰 📆 - devcontainers - Buildpacks (and SBOMs) - "Remocal" dev tools e.g. Skaffold, Telepresence - HTTP/3 - Service catalogs e.g. Backstage Read on to learn more! 🧵 👇
2:32 PM ∙ Jun 19, 2022
441Likes93Retweets

HTTP3

HTTP3 was standardized as RFC 9114, which is going to improve the performance of the overall Web that you use every day. Robin Marx — one of the core contributors has shared a detailed overview of HTTP3 in this multipart series.

Twitter avatar for @programmingart
Robin Marx @programmingart
Today, after over 5 years of work, HTTP/3 was finally standardized as RFC 9114! rfc-editor.org/rfc/rfc9114.ht… Together with RFC 9204 (QPACK header compression) and RFC 9218 (Extensible Priorities) it ushers in an important new chapter for the Web! Proud to have been part of this!
HTTP/3 logo
8:27 PM ∙ Jun 6, 2022
2,069Likes746Retweets

Mentoring

If you are looking for any help with career development or jobs in the cloud native industry, I am available to share my experience with you. Feel free to book a slot and let me try to help you.

Book a slot with me

Share this post

Cloud Native Weekly #10: Cloud Governance

anjulsahu.substack.com
Comments
TopNew

No posts

Ready for more?

© 2023 Anjul Sahu
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing