#kubernetes (2018-10)

kubernetes

Archive: https://archive.sweetops.com/kubernetes/

2018-10-31

Ryan Ryke avatar
Ryan Ryke

whats the go to deployment tool you guys are using

Ryan Ryke avatar
Ryan Ryke

im looking for something that is simple for customers without any k8 experience

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

haha @Ryan Ryke, that would be Heroku

1
Ryan Ryke avatar
Ryan Ryke

smarty pants

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

and we have a collection of common helmfiles we use https://github.com/cloudposse/helmfiles

cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

Ryan Ryke avatar
Ryan Ryke

so you are running tiller and such on k8?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

yes

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

also @Ryan Ryke, we use https://codefresh.io for CI/CD

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

in there, you can deploy a helm chart to a k8s cluster from the console

Ryan Ryke avatar
Ryan Ryke

have you guys looked at jenkins x?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

you can have a helm chart in any repositories (museums), they even offer their own Managed Helm repos

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

no, we did not use jenking x for that

Ryan Ryke avatar
Ryan Ryke

its too bad the aws tools arent a little better suited

Ryan Ryke avatar
Ryan Ryke

skaffold looks cool too

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

yea AWS is lacking a lot in k8s space

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Looks like Deis and Dies Workflow are both no longer maintained

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Those were the reason though helm exists

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

They are built to create a Heroku like experience for Kubernetes

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Oh looks like Flynn is still alive and well https://github.com/flynn/flynn

flynn/flynn

A next generation open source platform as a service (PaaS) - flynn/flynn

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Imo the were the underdog to deis. Deis got acquired by Microsoft and got abandoned shortly there after .

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Effectively Managing Kubernetes with Cost Monitoring attachment image

This is the first in a series of posts for managing Kubernetes costs. Article shows how to quickly setup monitoring for basic cost metrics.

:--1:2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Daren

pericdaniel avatar
pericdaniel

scimmed it quick, is it free?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

as far as I can tell

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
AjayTripathy/kubecost-quickstart

Quickly install kube-state-metrics, prometheus, and grafana on your cluster with helm. - AjayTripathy/kubecost-quickstart

pericdaniel avatar
pericdaniel

yea i went to the Kubecost website at the bottom of the article

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
KubeCost

Effectively manage your Kubernetes costs

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

for those that missed it

pericdaniel avatar
pericdaniel

and they had some pricing shennigans

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
astefanutti/kubebox

⎈❏ Terminal and Web console for Kubernetes. Contribute to astefanutti/kubebox development by creating an account on GitHub.

2018-10-23

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Provider: Helm - Terraform by HashiCorp

The Helm provider is used to deploy software packages in Kubernetes. The provider needs to be configured with the proper credentials before it can be used.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

not sure if i prefer terraform managing helm to helmfile managing helm

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we’ve had to do a lot of conditional logic to support helm configuration which is supported by helmfile

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but configurable values in helm is not easy. maybe with 0.12 it will be a viable alternative.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

with terraform shared state as a service, it may win me over

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Google GKE vs Microsoft AKS vs Amazon EKS - kubedex.com attachment image

Come and read Google GKE vs Microsoft AKS vs Amazon EKS on Kubedex.com. The number one site to Discover, Compare and Share Kubernetes Applications.

:--1:1
daveyu avatar
daveyu

a kops column would be nice

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, I guess they are looking more at managed offerings

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but kops would be good for comparison nonetheless

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

what’s going on with Alibaba Cloud ACK ? (failed in many cases)

2018-10-22

lvh avatar

anyone know of a neat secrets management thing that lets me back stuff up when using GKE + KMS

lvh avatar

(I know etcdctl exists, I’m just wondering if that’s literally how you do it)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

The alternative is to encrypt all secrets in git using public KMS key. Then the system of record is git. Thus restoring is more about redeploying.

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)
Think twice before using Helm – VirtusLab – Medium attachment image

Beyond hype — a critical look at Helm

Max Moon avatar
Max Moon

re: secure… Previously I used helm in a “Helm per namespace” model. Meaning, each app resided in it’s own namespace, each namespace got it’s own tiller, and each tiller got locked down by some very restrictive RBAC policies. Because of how Tiller operates, it effectively is a “giant sudo server”, as the author puts it, but with the right policies, it can be used safely. What I most often hear is “what if someone gets on the tiller pod, they can do anything!” which is solved by the helm-per-namespace model. I wrote policies that allowed helm/tiller to create, update, and read within it’s own namespace (meaning, i, as a human, was required to destroy something, because from day 2 on this wasn’t required very often), and any attempt to retrieve any information from k8s outside of the namespace was denied.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

the tiller is also slated to be deprecated in helm v3, for a strictly client-side operation

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

just like kubernetes, helm provides an interface for representing applications on kubernetes

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

kubernetes secrets, for example, are an interface for representing sensitive information. until kubernetes 1.8 these weren’t encrypted and people scoffed at it too. these are fair critiques that don’t go unnoticed. the thing is though, because these interfaces are defined well, the underlying implementations can be improved. that’s what happened with kubernetes secrets.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

the same will happen with helm and it won’t require massive re-tooling.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Tillerless Helm v2

Helm really became a de-facto as Kubernetes Package Manager. Helm is the best way to find, share, and use software built for Kubernetes as it states on https://helm.sh. That’s true and sounds very cool. Since Helm v2, helm got a server part called The Tiller Server which is

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(via one of the comments)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


but I’m not sure about Lua scripting because it can add additional complexity to the charts.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

while I’m not crazy about Lua, it’s worked out well for Nginx as the embedded language.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

in terms of adding complexity, strongly disagree

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I don’t think gotemplating is easier to manage complexity. i think an actual language that could evolve into a DSL would be better. Lua has that potential.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

also, v3 won’t be limited to Lua. that’s just the first alternative engine they are introducing. gotemplating will still be supported.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


pull-based DevOps workflow, a new Helm Controller project will be started

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

is this related to Flux?

2018-10-17

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

hi @Erik Osterman (Cloud Posse) Saw this yesterday https://github.com/skyscrapers/terraform-kubernetes. They are using null resources to call kops and helm.

rohit.verma avatar
rohit.verma

@Erik Osterman (Cloud Posse) any idea about making https://www.telepresence.io work with geodesic

Home - Telepresence

Telepresence: a local development environment for a remote Kubernetes cluster

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I don’t think geodesic stands in the way.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

isn’t it just a glorified (but cool) reverse proxy?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i thought it replaces your pod for your service

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

and then proxies it back to your local workstation

rohit.verma avatar
rohit.verma

that’s correct, but it also modifies entries in iptables

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

oh really?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

IMO (“in a perfect world”), seems like one should just replace the image with vendor/telepresence and pass some kind of KEY env

rohit.verma avatar
rohit.verma

yes, I couldn’t debug it completely but it worked flawlessly when running natively but within geodesic it doesn’t able to resolve the proxied items

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

oh

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

are you saying the iptables stuff happens locally?

rohit.verma avatar
rohit.verma

yes

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

aha, i see

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, makes sense - now I understand what you want to do and how geodesic affects that

rohit.verma avatar
rohit.verma

someway if geodesic can use the mac’s iptable or sync with that

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

can you do something like you did with kubectl proxy?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

port bind

rohit.verma avatar
rohit.verma

actually there isn’t a way to pass port binding

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I can’t think of a practical way to keep it in geodesic

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think you’d need to export a kubecfg and run telepresence and kubectl natively

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

or run your apps in geodesic

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

e.g. nodejs app

rohit.verma avatar
rohit.verma

i thought that also

rohit.verma avatar
rohit.verma

will raise an issue about it on their git, let’s see if they have a recommendation

2018-10-12

samh avatar
samh
10:30:27 PM

@samh has joined the channel

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
neuvector/kubernetes-cis-benchmark

A set of scripts inspired by CIS Kubernetes Benchmark that checks best-practices of Kubernetes installations - neuvector/kubernetes-cis-benchmark

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
aquasecurity/kube-hunter

Hunt for security weaknesses in Kubernetes clusters - aquasecurity/kube-hunter

:--1:1
Gaurav avatar
Gaurav

Thanks @Erik Osterman (Cloud Posse)

2018-10-10

Gaurav avatar
Gaurav

Thanks @Erik Osterman (Cloud Posse) and @Andriy Knysh (Cloud Posse)

Gaurav avatar
Gaurav

I am running this command in my centos7 desktop machine

Gaurav avatar
Gaurav

Didn’t got a fix yet :(

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Ok, so you’ve already installed minikube? If so, how did you go about it?

2018-10-09

Gaurav avatar
Gaurav

Hello

Gaurav avatar
Gaurav

[[email protected] kubernetes]# kubectl run hello-minikube –image=worpress The connection to the server localhost:8080 was refused - did you specify the right host or port?

Gaurav avatar
Gaurav

How to fix this

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

hey @Gaurav - please share a little bit more about your env

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

are you on linux or mac?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@Gaurav the error usually means that kube config is not set or not found. Take a look here, hopefully some of the answers will work for you: https://github.com/kubernetes/kubernetes/issues/23726

Running Kubernetes Locally via Docker - `kubectl get nodes` returns `The connection to the server localhost:8080 was refused - did you specify the right host or port?` · Issue #23726 · kubernetes/kubernetes

Going through this guide to set up kubernetes locally via docker I end up with the error message as stated above. Steps taken: export K8S_VERSION='1.3.0-alpha.1' (tried 1.2.0 as well) copy-…

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
did you specify the right host or port? error on Kubernetes

I have followed the helloword tutorial on http://kubernetes.io/docs/hellonode/. When I run: kubectl run hello-node –image=gcr.io/PROJECT_ID/hello-node:v1 –port=8080 I get: The connection to …

2018-10-07

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
AWS Service Operator for Kubernetes Now Available :rocket: | Amazon Web Services attachment image

Have you ever tried to integrate Amazon DynamoDB with an application running in Kubernetes? How about deploying an S3 Bucket for your application to use? If you have, you will know this usually requires you to use some tool such as AWS CloudFormation or Hashicorp Terraform. Then you’ll need to create a way to deploy […]

:--1:1

2018-10-03

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
pietervogelaar/kubernetes-job-monitor

This provides a monitor dashboard that makes it easy to see which jobs are running and if their latest status was “succeeded” or “failed”. - pietervogelaar/kubernetes-job-monitor

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:37:20 PM

2018-10-01

pericdaniel avatar
pericdaniel

@Erik Osterman (Cloud Posse) yes sir!

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
Setting up the Kubernetes AWS Cloud Provider - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Setting up the Kubernetes AWS Cloud Provider - Scott’s Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Provision AWS Services Through Kubernetes Using the AWS Service Broker | Amazon Web Services attachment image

使用 AWS Service Broker 通过 Kubernetes 配置 AWS 服务 There’s no doubt that containers have changed how we build projects. One of the guiding principles of a containerized workflow approach has been to give back control to the developer, allowing them to choose their dependencies and how to consume them – most importantly, when they […]

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Andriy Knysh (Cloud Posse) can you add some context?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

this link https://aws.amazon.com/blogs/opensource/provision-aws-services-kubernetes-aws-service-broker/ describes an AWS service broker for k8s so we could provision some AWS resources from Kubernetes (e.g. Load Balancers or Route53 records)

Provision AWS Services Through Kubernetes Using the AWS Service Broker | Amazon Web Services attachment image

使用 AWS Service Broker 通过 Kubernetes 配置 AWS 服务 There’s no doubt that containers have changed how we build projects. One of the guiding principles of a containerized workflow approach has been to give back control to the developer, allowing them to choose their dependencies and how to consume them – most importantly, when they […]

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
Setting up the Kubernetes AWS Cloud Provider - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Setting up the Kubernetes AWS Cloud Provider - Scott’s Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

    keyboard_arrow_up