Happy New Year and welcome to the first DevOps Bulletin of 2025! 🎉

We’re kicking off the year with big stories and insights, starting with Canva’s outage—what caused it and how they fixed it—along with a closer look at Kubernetes RBAC flaws that could expose entire clusters. Learn how one team slashed Kubernetes costs by 60% with a simpler Node.js architecture, uncover the story behind 4.5 million fake GitHub stars, and see how Google’s approach to SRE continues to evolve. We’re also looking at the road to Terragrunt Stacks 1.0 and key takeaways from AWS re:Invent 2024 on DevOps and developer productivity.

Our tutorials this week will help you sharpen your skills for the year ahead. You will learn to build Kubernetes clusters from scratch, test Terraform workflows with the new Test Framework, and manage etcd performance with limited resources. You will also learn to secure secrets in Terraform, prevent Kubernetes OOM kills, share AWS Verified Access Groups across accounts, scale GitHub Actions with self-hosted runners, and upgrade Go with confidence.

In the open-source spotlight, check out Karmada for managing multi-cluster Kubernetes workloads, Gitleaks for detecting secrets in code, and OWASP dependency-check for scanning vulnerabilities in dependencies. We’re also featuring Gource for visualizing source control activity, Authentik for flexible identity management, and Ghostty, a high-performance terminal emulator.

All this and more in this week’s DevOps Bulletin—don’t miss out!

Newsworthy Stories

• Canva's Outage: What Went Wrong and How They Fixed It

• Kubernetes RBAC Flaws Could Expose Entire Clusters

• Slashing Kubernetes Costs by 60% with a Simpler Node.js Architecture

• 4.5 Million Fake Stars in GitHub

• The Evolution of SRE at Google

• The Road to 1.0: Terragrunt Stacks

• re:Invent 2024 DevOps and Developer Productivity Playlist

2024 Year-End Review and 2025 Predictions

Tutorials of the week

• Building a Kubernetes Cluster The Hard Way

• Terraform CI/CD and testing on AWS with the new Terraform Test Framework

• Managing etcd Performance with Limited Resources

• Secure Secrets Management in Terraform

• Preventing Out-of-Memory (OOM) Kills in Kubernetes

• Sharing AWS Verified Access Groups Across AWS Accounts

• Scaling GitHub Actions with Self-Hosted Runners

• Go Upgrade Checklist

Projects of the week

Highlighting cool DevOps projects to keep an eye on:

• Karmada is a Kubernetes management system that enables you to run your cloud-native applications across multiple Kubernetes clusters and clouds, with no changes to your applications.

• Gitleaks is a tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and whatever else you wanna throw at it via stdin.

• OWASP dependency-check is a composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

• Gource is a visualization tool for source control repositories.

• Authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols.

• Ghostty is a fast, feature-rich, and cross-platform terminal emulator that uses platform-native UI and GPU acceleration.

Meme of the week