CatOps
5.08K subscribers
94 photos
5 videos
19 files
2.59K links
DevOps and other issues by Yurii Rochniak (@grem1in) - SRE @ Preply && Maksym Vlasov (@MaxymVlasov) - Engineer @ Star. Opinions on our own.

We do not post ads including event announcements. Please, do not bother us with such requests!
Download Telegram
For today's donations Monday, I'd like to share once again the standing Monobank jar for FPV equipment.

This jar is for the unit in which a guy from my wife's hometown serves.

https://send.monobank.ua/jar/4WLw91UqFe

#donations #Monday
Wanna become a true Terraform SLOPerator?

Here is a carefully vibecoded solution by Anton Babenko. I can confirm that he checks the docs at least once during his Claude conversations, so you can be confident in the quality :)

Jokes aside, this is a cool Skill for Claude Code, which currently works better than any other official or popular alternative out there.

#terraform #ai #claude
🔥14👍5😁2💩1👀1
Bring Back Ops Pride is a new article by Charity Majors on how it comes that the operational work is often seen as of lower importance, and why is it bad.

This is her answer to the comments under her another article “You Had One Job”: Why Twenty Years of DevOps Has Failed to Do it. This article has some interesting ideas, but it's a marketing material, so beware.

#ops #culture
👍52
Unfortunately, kubectl flame tool for profiling in Kubernetes wasn't updated in 4 years. It cannot even run on ARM-based machines.

But what if you need to profile something in your systems? You can use continuous profiling, if it's available in your observability stack.

Or you can use kubectl prof to do some ad-hoc profiles.

- Tool on GitHub
- Medium post

#kubernetes #performance
👍2
I know that the last thing you'd like to see on Wednesday is yet another remote code execution possibility in Kubernetes, but here you are.

Kubernetes Remote Code Execution Via Nodes/Proxy GETPermission

and here's a lab for that.

tl;dr: web sockets use GET to initiate a connection and then upgrade it, but the permissions are only checked for GET, regardless of what you send through that web socket later. Thus, read permissions are enough to run some code.

P.S. This news came from the chat. If you want to join our chat (in Ukrainian), you can use this link.

#kubernetes #security
👍4
Some time ago, I posted here an article from a well-known company on how they use Terraform.

When I was reading that article, I had a thought: “C’mon, I also can write crap like that!”.

So I did!

I hope you like it!

#terraform #oc
🤣13👍9🔥21
​​For today’s Donations Monday, let’s help our friends from DevOps 01 chat to buy an EcoFlow for 154s Separate Mechanized Brigade.

https://send.monobank.ua/jar/5fYjQVfvFA

There’s just a small push left!

#donations #Ukraine
2👎1🤬1
Hello Kubernetes Community,

Multiple issues are disclosed today in ingress-nginx, and assigned the following CVE IDs: CVE-2026-1580, CVE-2026-24512, CVE-2026-24513, CVE-2026-24514.

The most serious of these issues have been rated HIGH (CVSS calculator, score: 8.8).

https://groups.google.com/a/kubernetes.io/g/dev/c/9RYJrB8e8ts?pli=1
😁4👍1🔥1
A Friday read for y’all.

A collection of AI slop reports security reports to the curl project.

This eventually forced the curl team to halt their bug bounty program on Hackerone.

Here’s also a FOSDEM talk by Daniel Stenberg - the creator of curl - on how to survive the avalanche of AI generated code.

#ai #slides #fosdem
🔥5👍1
Some results of a fun testing of different LLMs to generate Terraform code.

This article is old, but they have updated the results in mid 2025. Anyways, keep in mind that since then, LLMs evolved. So, even those results are not quite correct anymore.

Still, it’s an interesting test that you can also do yourself. Another point is that LLMs are already quite usable to generate Terraform code.

#terraform #ai
🙉2
​​Support a friend of mine on the Frontline!

Last year, she chose the tough path: Combat Medic.
Now, she needs our help to secure critical medical supplies that can't wait for paperwork.

No donation is too small. Let’s help her save lives!

- Mono Jar: https://send.monobank.ua/jar/75jQXw6aYq
- Mono: 💳: 4874100025644306
- Privat: 💳: 5168745027810065

#donations #Ukraine
5
​​For those of you, who're into MySQL.

There's an open letter to Oracle to establish a foundation to take care of MySQL.

https://letter.3306-db.org/

You can subscribe to make your voice heard. I would say, it's an important thing to do, because, you know, community matters. Also, it doesn't require much work from your side at this point.

More information is available via that link above.

#databases #mysql
3
Collaboration sucks is a nice Friday evening read about the ways we work together.

I think, this article has interesting thoughts, but as usual, you need to use your own judgement to understand the environment you’re in.

For example:

You’re the driver” is a key value for us at PostHog. We aim to hire people who are great at their jobs and get out of their way. No deadlines, minimal coordination, and no managers telling you what to do.
In return, we ask for extraordinarily high ownership and the ability to get a lot done by _yourself._ Marketers ship code, salespeople answer technical questions without backup, and product engineers work across the stack


This works great until end up with the codebase that has a unique flavor of the same wheels at every corner. Sure, there are ways of dealing with that, but you have to have those constraints beforehand.

However, the idea of limiting your collaboration and inviting only the relevant people into the decision making process, makes total sense. If your company growths, at some point it will grow beyond the point a single person can understand every aspect of your system. When it happens, sharing proposals to everyone wouldn’t, indeed, improve your collaboration and the team spirit; it would just generate noise. And when there is too much noise, it’s easy to lose important signals.

#culture
👍3
Apparently, AWS had at least two recent outages due to AI. It was originally reported by Financial Times, but their article is behind a paywall. If you’re subscribed, you can read it here.

Me seeing these news surprisingly coincided with me seeing this post on Reddit: Vibe coders passing responsibility on code reviewers.

And this is kinda true, scary, and reassuring at the same time.

True because it’s indeed very easy these days to generate a lot of code in almost any language.

Scary, because the meme about 5000+ lines PRs with LGTM stands true. While AI code reviewers can quite effectively catch typos and style issues, that humans kinda suck in catching; overly complex logic is usually Ok for them. Thus, we will face more outages in the nearest future, in my opinion.

Reassuring, because it means that those of you who “keep the lights on” are not going anywhere because of AI. In fact, quite the opposite.

#ai
👍9🔥31😁1