Welcome to this week’s edition of the DevOps Bulletin!

Kubernetes 1.34 dropped with built-in tracing and smarter scheduling. Meanwhile, Dan Abramov explained the real steps to fix any bug, and Netflix revealed how it manages incidents at scale. Plus: why devs love port 3000, and how API keys got hijacked post-outage.

On the practical side: Terraform module tips, DIY databases, and a deep dive into HTTP caching. You’ll also learn to diagram your infra with Amazon Q and lock down state files the right way. Bonus: a FinOps tip and free AWS cost checklist.

Tools of the week: SierraDB (Redis-compatible event store), K7 (secure VM sandboxes), Yams (IAM policy simulator), Sealed Secrets (Git-safe K8s secrets), Distroless (minimal Docker images), and a CLI to track your S3 costs.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Newsworthy stories

• Why does everyone use localhost:3000

• Our AWS account got compromised after their outage

• How to fix any bug

• Kubernetes 1.34 released

• Empowering Netflix engineers with incident management

Modern Self-Hosted Auth, No Migration Required

Your authentication already works. Don’t rebuild it, use PropelAuth BYO. PropelAuth BYO is a self-hostable sidecar that makes it simple to add advanced auth features like Enterprise SSO/SCIM, session management, and user impersonation to your product.

Try for Free.

Tutorials of the week

• How to write and rightsize Terraform modules

• Build your own database

• Terraform state locking explained

• Generate AWS architectural diagrams with Amazon Q and MCP

• Upgrading our Infrastructure with OpenTofu

• Build Docker images in a Git repo

• Sample cloud-first application with 10 microservices showcasing Kubernetes, Istio, and gRPC

• A complete guide to HTTP caching

Videos of the week

📘 FinOps Tip of the Week

This week’s tip comes with a free AWS Cost Optimization Checklist PDF, built on principles from my latest book, Practical FinOps.

Projects of the week

• SierraDB is a distributed, Redis-compatible event store built in Rust for scalable event-sourcing workloads.

• K7 is a self-hosted platform for running secure, lightweight VM sandboxes at scale; built on Kata, Firecracker, and Kubernetes.

• Yams is a Go library, server, and CLI that provides foundational capabilities for simulating access to AWS IAM policies.

• A Kubernetes controller and CLI tool that encrypts secrets into “SealedSecrets,” allowing them to be safely stored in Git or public repositories.

• A simple CLI tool to retrieve S3 storage costs and storage tiers for buckets in your AWS account.

• A language-focused Docker image, minus the operating system.

Meme of the week