Cloudland 2023

Cloudland this year was quite some time ago, but better late then never:

Michael Friedrich spoke about Observability for Efficient DevSecOps Pipelines. While there is (obviously) some GitLab promotion, some issues to me seem common with other pipelines:

• slow pipelines
  • unnecessary blocking/sequentiality
  • missing cache for common transferred static data
    • container registry, blobs, external artefacts
• observability principles need to be applied to CI/CD pipelines, too.
  • telemetry!
  • Don’t try to do everything in one step. Try to break into building blocks which can fail independent of each other.
  • word of warning: sometimes sensitive data ends up in CI/CD pipeline logs. Build your policies around this
  • a hint for transformations with OpenTelemetry, e.g. for long term analysis from cold storage
• eBPF might help again some supply chain attacks
• friendly reminder: Hashicorp Vault supports time based tokens