DevOps Daily Newsletter - Week 21, 2026
Big week in DevOps - cooling failures, an 18-year-old NGINX bug, a supply-chain worm, and a couple of critical CVEs all landed on the same calendar.
Blog Posts
When One Data Center Room Got Hot: AWS US-EAST-1, Coinbase, and the DR Drill That Was Not
One hot room in US-EAST-1 took down chunks of Coinbase and FanDuel on May 7. Read what actually failed and why the DR runbooks did not save anyone.
NGINX Rift (CVE-2026-42945): The 18-Year-Old Rewrite Bug That Hands an Attacker Your Worker Process
An autonomous code-audit tool dug up an 18-year-old heap overflow in NGINX's rewrite module. If you run NGINX anywhere, you want to know what CVE-2026-42945 lets an attacker do to your worker process.
Ingress-NGINX Is Retired: A Real Migration to Gateway API With ingress2gateway 1.0
Ingress-NGINX is officially retired and there is no drop-in replacement waiting for you. Here is a real migration to Gateway API using ingress2gateway 1.0, with the gotchas we hit along the way.
Argo CD CVE-2026-42880: When Read-Only Means Read-Everything-Including-Secrets
Argo CD CVE-2026-42880 turns any authenticated read-only user into someone who can pull plaintext Kubernetes secrets. CVSS 9.6, disclosed May 7, and yes you should patch today.
TanStack npm Worm: The Supply-Chain Attack With a Dead-Man's Switch
Attackers republished 14+ official TanStack packages on npm with a worm that signs itself back in if you try to remove it. Walkthrough of the dead-man's switch and how to check if you got hit.
Distributed Tracing with OpenTelemetry: From Instrumentation to Visualization
A hands-on walkthrough of instrumenting a real service with OpenTelemetry, wiring up the Collector, and actually finding the slow span in your traces. No toy examples.
News Digests
DevOps Weekly Digest - Week 20, 2026
Your weekly digest of Kubernetes, cloud native tooling, CI/CD, IaC, observability, and security. Hand-picked so you can skim it on a coffee break.
Comparisons
Snyk vs Trivy
Snyk vs Trivy side by side for security scanning in DevOps pipelines. Coverage, CI integration, false-positive rates, and pricing all in one place.
Grafana vs Kibana
Grafana vs Kibana for dashboards and data viz, broken down by data sources, query languages, and operational cost. Helpful if you are picking one for a new stack.
Guides
Security Gates
Set up automated security gates that block deploys on critical vulnerabilities and policy violations instead of yelling about them in Slack later. Concrete pipeline examples included.
Quizzes
Running Your First Chaos Experiment with Litmus Quiz
Test how well you actually know Litmus Chaos with real scenarios covering installation, ChaosEngines, probes, and result parsing. Good gut check before you break your own cluster on purpose.
Flashcards
Zero-Downtime Database Migrations for PostgreSQL
Practical techniques for changing PostgreSQL schemas on a busy production database without taking the app down. Quick flashcards you can run through before your next migration window.
Featured Games
DNS Resolution Simulator
Step through a DNS lookup yourself with an interactive simulator. See the hierarchy, watch the queries hop, and finally make recursive vs iterative click.
DevOps Scorecard
Score yourself across 8 DevOps skill areas and walk away with a shareable card. Equal parts honest self-review and bragging rights.
Happy learning, The DevOps Daily Team