Digest #175: Zero Secrets on GCP, AI Malware in npm, Kubernetes Tips, GitHub Actions with Claude
GCP scan reveals no exposed secrets, Netflix shares a 60-second Linux performance guide, AI-generated npm malware targets Solana wallets, plus tutorials on Docker Compose, and five tools worth trying!
Welcome to this week’s edition of the DevOps Bulletin!
Truffle Security scanned over 8,000 public GCP images and found zero secrets—thanks to GCP’s stricter marketplace rules. Netflix shared a 60-second Linux performance checklist using tools like uptime and vmstat. Meanwhile, an AI-generated npm package was caught draining Solana wallets. Also worth checking out: a slick rack-mounted GUI for Raspberry Pi, a roundup of top log monitoring tools, and a free Kubernetes DevOps book from O'reilly.
On the tutorial front, this week’s how-tos included 700+ Docker Compose templates, using Claude to auto-update GitHub Actions runners, and avoiding MySQL/Postgres ID bugs. Devtron shared 21 Kubernetes deployment tips—from Helm to observability. Other highlights: building a Kafka+Flink multi-agent orchestrator and ditching cron jobs for a cleaner, centralized scheduler.
Our open-source spotlight: KubeForge helps you visually build Kubernetes manifests. CheckCle monitors full-stack systems in real time. KCP offers a shared Kubernetes control plane. Typesense is a fast, typo-tolerant search engine. And ForgeMT runs secure GitHub Actions runners in multi-tenant setups.
All this and more in this week’s DevOps Bulletin, don’t miss out!
Newsworthy stories
A Step-by-Step Guide to Cloud Native DevOps
Whether you’re deploying your first container or scaling dozens of clusters, this book gives you the tools and clarity you need to succeed in the cloud-native era. Trusted by 25,000+ DevOps engineers to boost Kubernetes skills.
You’ll learn how to:
Understand the cloud-native landscape and why Kubernetes is at its center
Build containerized applications from scratch using Docker and Kubernetes
Set up and manage clusters in the cloud or on-prem
Design resilient infrastructure with scalability and automation in mind
Optimize workloads for cost, performance, and lifecycle management
Build secure, observable, and production-ready pipelines (CI/CD, secrets, disaster recovery)
Tutorials of the week
Video of the week
📘 New Book: Practical FinOps (Now in Early Access)
The material comes straight from years of building a FinOps platform for Fortune-500 engineering teams, thousands of AWS, Azure, and GCP accounts, petabytes of data, and enough untagged resources to make a CFO cry.
Along the way, I kept a lab notebook of what actually worked and, more importantly, what didn’t. That notebook turned into this book.
📚 Grab Practical FinOps with 50% off (early access): here
Projects of the week
KubeForge is a visual-first toolkit that simplifies the process of building, validating, and managing Kubernetes deployment configurations.
CheckCle is a self-hosted, open-source monitoring platform for seamless, real-time full-stack systems, applications, and infrastructure.
KCP is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads.
Typesense is a fast, typo-tolerant search engine for building delightful search experiences.
ForgeMT is a secure, scalable GitHub Actions runner platform for ephemeral workloads. Designed for multi-tenant environments.
Meme of the week
If you have feedback to share or are interested in sponsoring this newsletter, feel free to reach out via LinkedIn, or simply reply to this email.