#kubernetes (2018-11)

kubernetes

Archive: https://archive.sweetops.com/kubernetes/

2018-11-30

Erik Osterman avatar
Erik Osterman
11:20:12 PM

@Erik Osterman set the channel topic: kubernetes

2018-11-28

Erik Osterman avatar
Erik Osterman


You can use a PodPreset object to inject information like secrets, volume mounts, and environment variables etc into pods at creation time.

2018-11-21

Erik Osterman avatar
Erik Osterman
futuresimple/helm-secrets

A helm plugin that help manage secrets with Git workflow and store them anywhere - futuresimple/helm-secrets

2018-11-19

sarkis avatar
sarkis

hey all - curious what the verdict is on kiam vs kube2iam… it seems like kiam was created to address some issues with kube2iam - is kiam the way to go these days?

Erik Osterman avatar
Erik Osterman

@sarkis yea, kube2iam is dead and should not be used. It’s a massive liability to even deploy in an AWS account. If you run more than N hosts (N ~10), you’ll DoS AWS APIs and they rate limit you.

Erik Osterman avatar
Erik Osterman

kiam addresses this by having a client/server model. clients run on all nodes (agents), and talk to the server. the server is responsible for fetching the credentials which reduces rate of requests

Erik Osterman avatar
Erik Osterman

it also caches

Erik Osterman avatar
Erik Osterman

I think there’s been some frustration related to the rate of development on Kiam, but the worse bugs are fixed.

Erik Osterman avatar
Erik Osterman

Also, I don’t know of any alternatives to kiam and kube2iam for AWS

sarkis avatar
sarkis

thanks @Erik Osterman!

2018-11-14

Erik Osterman avatar
Erik Osterman

How are you guys handling busy helm deployments where the tiller is busy attending to other deployments…

                                                                                                                             
Error: could not find a ready tiller pod  
Erik Osterman avatar
Erik Osterman

@Max Moon @dustinvb

Erik Osterman avatar
Erik Osterman
Add --replicas option for Tiller HA fixes #2334 by onorua · Pull Request #3464 · helm/helm

Introduce –replicas option to configure amount of Tiller instances on the cluster. Fixes #2334. The next PR will be about distributed lock, this one is just exterior.

dustinvb avatar
dustinvb

I haven’t ran into this scaling issue yet.

Erik Osterman avatar
Erik Osterman

—replicas option looks nice

:--1:1
Erik Osterman avatar
Erik Osterman

@michal.matyjek @Daren have you run into this?

Max Moon avatar
Max Moon

I have not run into this yet either

Daren avatar
Daren

I have not

michal.matyjek avatar
michal.matyjek

not yet

michal.matyjek avatar
michal.matyjek

how many deployments are we talking about?

Erik Osterman avatar
Erik Osterman

just concurrency

Erik Osterman avatar
Erik Osterman

so we’re running helm on every PR synchronization for unlimited staging environments

Erik Osterman avatar
Erik Osterman

so we’re getting it

Erik Osterman avatar
Erik Osterman

e.g. 2 developers push at around the same time

2018-11-13

btai avatar

thanks

btai avatar

sorry, still new to k8s

btai avatar

hypothetically if i create a cluster role binding with the namespace and name that matches the job, that should work?

Erik Osterman avatar
Erik Osterman

More or less

Erik Osterman avatar
Erik Osterman

I don’t know the specific matching selectors that are available

Erik Osterman avatar
Erik Osterman

This is near. Copy secrets from a centralized system of record. https://github.com/mittwald/kubernetes-replicator/

mittwald/kubernetes-replicator

Kubernetes controller for synchronizing secrets & config maps across namespaces - mittwald/kubernetes-replicator

2018-11-12

btai avatar

anyone use the official python kube library?

btai avatar

can you load the config from a dict?

Erik Osterman avatar
Erik Osterman

why not use config profiles instead?

Erik Osterman avatar
Erik Osterman

e.g. AWS_DEFAULT_PROFILE=cp-prod-admin

Erik Osterman avatar
Erik Osterman

the underlying aws SDK should then handle everything automatically

btai avatar

the kube config?

Erik Osterman avatar
Erik Osterman

heh, my bad @btai

btai avatar

how would i run kubectl within a container running from a job?

Erik Osterman avatar
Erik Osterman

here’s an example doing it from a deployment: https://github.com/onfido/k8s-rabbit-pod-autoscaler

onfido/k8s-rabbit-pod-autoscaler

Kubernetes autoscaler for pods that consume RabbitMQ - onfido/k8s-rabbit-pod-autoscaler

Erik Osterman avatar
Erik Osterman

doing it from a job wouldn’t be any different

Erik Osterman avatar
Erik Osterman

just need the proper role bindings

Erik Osterman avatar
Erik Osterman

in this case, kubectl is gettin called from in the autoscale.sh

btai avatar

so if i have the wrong role bindings

btai avatar

would i be getting this error:

btai avatar
The connection to the server localhost:8080 was refused - did you specify the right host or port?
Erik Osterman avatar
Erik Osterman

all i know is when we implemented it for redis using the strategy above (for rabbit), we didn’t need to specify any hosts

Erik Osterman avatar
Erik Osterman

it just autodiscovers it

btai avatar

the pod autodiscovers

btai avatar

ok thats what i was hoping for

Erik Osterman avatar
Erik Osterman

it also provides a kube context

btai avatar

so the pod itself didnt have any kubeconfig or kube api secrets

Erik Osterman avatar
Erik Osterman

yea, it didn’t have anythign like that

Erik Osterman avatar
Erik Osterman
vanvalenlab/kiosk-autoscaler

Contribute to vanvalenlab/kiosk-autoscaler development by creating an account on GitHub.

btai avatar

yeah i have a job basically doing the same thing

btai avatar

executing a shell script that makes a kubectl call

btai avatar

but i get the above error

Erik Osterman avatar
Erik Osterman

kops cluster?

btai avatar

aks

Erik Osterman avatar
Erik Osterman

ok

Erik Osterman avatar
Erik Osterman

we tested it on gke and kops

btai avatar

yeah it works in kops

btai avatar

that job

Erik Osterman avatar
Erik Osterman

oh interesting!

Erik Osterman avatar
Erik Osterman

you have rbac enabled in kops?

btai avatar

although the kops

btai avatar

doesnt have rbac enabled

Erik Osterman avatar
Erik Osterman

Erik Osterman avatar
Erik Osterman

haha

btai avatar

yeah

btai avatar

so do i create a clusterrolebinding for the job?

Erik Osterman avatar
Erik Osterman
onfido/k8s-rabbit-pod-autoscaler

Kubernetes autoscaler for pods that consume RabbitMQ - onfido/k8s-rabbit-pod-autoscaler

2018-11-11

aknysh avatar
aknysh

@ramesh.mimit I found this site very interesting and with lots of resources about distributed systems, and real-life examples from many companies

ramesh.mimit avatar
ramesh.mimit

@aknysh thanks..

Erik Osterman avatar
Erik Osterman

“Google Kubernetes Engine’s third consecutive day of service disruption”

2018-11-09

Erik Osterman avatar
Erik Osterman

Nope, we use for example the CloudFlare Acesss/Argo ingress and nginx-ingress controller in the same cluster

Ryan Ryke avatar
Ryan Ryke
Erik Osterman avatar
Erik Osterman

I love his presentations and he’s definitely the best evangelist for kubernetes

Erik Osterman avatar
Erik Osterman

and i think he’s presenting the simple side that should be presented

Erik Osterman avatar
Erik Osterman

and here comes the but…..

Erik Osterman avatar
Erik Osterman

but in the real world of deploying complex applications with interdependencies, secrets, configurations, etc… it devolves into something much more complicated

Ryan Ryke avatar
Ryan Ryke

his presentations are always awesome

Ryan Ryke avatar
Ryan Ryke

for sure

Erik Osterman avatar
Erik Osterman

and the gap to cross from the hello world examples to customer apps is huge

Ryan Ryke avatar
Ryan Ryke

he makes it look so “easy button”

Erik Osterman avatar
Erik Osterman
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

Erik Osterman avatar
Erik Osterman

PLEASE SOMEONE SHOW ME HOW TO MAKE THIS EASIER

Erik Osterman avatar
Erik Osterman

i want to

Erik Osterman avatar
Erik Osterman

i hate this

Erik Osterman avatar
Erik Osterman

and here’s the rest of all the other apps

Erik Osterman avatar
Erik Osterman
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

Ryan Ryke avatar
Ryan Ryke

so with one of my customers we are working on two distinct steps… once to build the app, then a seperate one to update (deploy) the app in an ongoing fashion

Erik Osterman avatar
Erik Osterman

so we’re using helm, and some hate on helm for one reason or another. but one things for sure, this is hiding an even more enormous pile of YAML/go templating on the backend.

Ryan Ryke avatar
Ryan Ryke

i hate kelsey hightower in the best way possible

aknysh avatar
aknysh
Continuous Delivery with Amazon EKS and Jenkins X | Amazon Web Services attachment image

Amazon Elastic Container Service for Kubernetes (Amazon EKS) provides a container orchestration platform for building and deploying modern cloud applications using Kubernetes. Jenkins X is built on Kubernetes to provide automated CI/CD for such applications. Together, Amazon EKS and Jenkins X provide a continuous delivery platform that allows developers to focus on their applications. This […]

aknysh avatar
aknysh

i did not think it could do so much, it creates pipelines for infrastructure itself (prod and staging), and pipelines for the app, and even spawns a separate testing/staging env in k8s for each PR, and comments on GitHub on PRs (like atlantis), and creates GitHub repos with Helm charts for the infrastructure (prod and staging)

aknysh avatar
aknysh

https://github.com/jenkins-x/sso-operator (@Erik Osterman already posted it before)

jenkins-x/sso-operator

Single Sign-On Kubernetes operator for Dex identity provider - jenkins-x/sso-operator

aknysh avatar
aknysh

one thing it can’t do is to upgrade the k8s cluster b/c it itself sits in the same cluster

Erik Osterman avatar
Erik Osterman

wow

ramesh.mimit avatar
ramesh.mimit

@here Any recommendations for learning distributed systems from basics to advance?

ramesh.mimit avatar
ramesh.mimit

noticed, lot of people knows the tools but not the concepts…

2018-11-08

rms1000watt avatar
rms1000watt

For the codefresh peeps out there.. does it matter what/how the ingress controller looks when using codefresh for deployments?

rms1000watt avatar
rms1000watt

2018-11-07

Erik Osterman avatar
Erik Osterman
technosophos/helm-ksonnet

Experimental ksonnet plugin for Helm. Contribute to technosophos/helm-ksonnet development by creating an account on GitHub.

Erik Osterman avatar
Erik Osterman

Dig it

Erik Osterman avatar
Erik Osterman
Proposal: Jsonnet template integration · Issue #2577 · helm/helm

In order to provide jsonnet rendering for helm charts a new ReleaseModule similar to the Rudder ReleaseModule should be developed. This module would take charts and render them as Jsonnet templates…

Erik Osterman avatar
Erik Osterman

Guess my hopes of seeing ksonnet as a template engine in helm were misguided

Erik Osterman avatar
Erik Osterman

I know Lua is coming. I’d heard such great things about jsonnet, that I assumed it would be well suited. But Lua I guess is a better understood embeddable language

Erik Osterman avatar
Erik Osterman

Last I had to write Lua was 14 years ago when dealing with Nginx

2018-11-06

aknysh avatar
aknysh

@rohit.verma we saw something like that with some of k8s pods, in particular kiam- when deleted, the pods take many minutes to terminate

aknysh avatar
aknysh

so maybe it’s an issue with some deployments, not the network itself?

rohit.verma avatar
rohit.verma

But the pods I am referring here is generic like nginx or spring boot app

rohit.verma avatar
rohit.verma

Anyways more concerned about a general opinion on different kubernetes networks

Erik Osterman avatar
Erik Osterman

We haven’t had the opportunity to explore/optimize the network layer in k8s

Erik Osterman avatar
Erik Osterman

Also are you familiar with the dumb-init “fix” ?

Erik Osterman avatar
Erik Osterman

This is to address the same symptoms

Erik Osterman avatar
Erik Osterman
Yelp/dumb-init

A minimal init system for Linux containers. Contribute to Yelp/dumb-init development by creating an account on GitHub.

onzyone avatar
onzyone

@aknysh hello again, do you have any doco’s and best practices for promoting kube, within nonp? … ie … dev to staging?

Erik Osterman avatar
Erik Osterman

for clarification, are you talking about promoting images and helm charts? or promoting usage of kubernetes within a company

onzyone avatar
onzyone

right now we are using diff name spaces in k8s

onzyone avatar
onzyone

currently it is within company

Erik Osterman avatar
Erik Osterman

So the same cluster for staging and production?

onzyone avatar
onzyone

dev and staging

onzyone avatar
onzyone

bump

Erik Osterman avatar
Erik Osterman

sorry, i let this fall through the cracks.

Erik Osterman avatar
Erik Osterman

we don’t have a well documented process for what you want. we’ve implemented and documented it internally for customers, but still need to document it on our site.

Erik Osterman avatar
Erik Osterman

also, looks like the video was taken down =/

onzyone avatar
onzyone

nice

onzyone avatar
onzyone

this is the same thing that I had in mind …

onzyone avatar
onzyone

do what is your view databases with persistent volumes?

Erik Osterman avatar
Erik Osterman

Use fully managed databases for anything you care about

Erik Osterman avatar
Erik Osterman

Use database containers for disposable environments

Erik Osterman avatar
Erik Osterman

So for example, when we deploy environments for every PR we use containers

onzyone avatar
onzyone

thumbsup_all

onzyone avatar
onzyone

what are your thoughts on some of the work that Kelsey Hightower has done in this space? https://github.com/kelseyhightower/pipeline

kelseyhightower/pipeline

A step by step guide on creating build and deployment pipelines for Kubernetes. - kelseyhightower/pipeline

Erik Osterman avatar
Erik Osterman

have’t taken a look at it

Erik Osterman avatar
Erik Osterman

Nonp?

onzyone avatar
onzyone

ya we run a two accounts … were one is prod and one is none-prod

onzyone avatar
onzyone

and all our none-prod stuff happens in nonp

Erik Osterman avatar
Erik Osterman

Aha gotcha

Erik Osterman avatar
Erik Osterman

We don’t have the promotion process documented but I can share how it looks (we use Codefresh)

Erik Osterman avatar
Erik Osterman

I am currently on my phone so will share a little later

onzyone avatar
onzyone

np sounds good thumbsup_all

Tee avatar

using kops or terraform for creating kubernetes Production. What is better and cons ??

aknysh avatar
aknysh

@Tee we use terraform to create kops resources, e.g.

aknysh avatar
aknysh
cloudposse/terraform-root-modules

Collection of Terraform root module invocations for provisioning reference architectures - cloudposse/terraform-root-modules

aknysh avatar
aknysh
cloudposse/terraform-root-modules

Collection of Terraform root module invocations for provisioning reference architectures - cloudposse/terraform-root-modules

aknysh avatar
aknysh

and then use kops to provision k8s clusters

Erik Osterman avatar
Erik Osterman

there was some discussion earlier in #terraform I think related to EKS

aknysh avatar
aknysh

we also have TF modules for EKS

Erik Osterman avatar
Erik Osterman

@Tee are you thinking GCP or AWS?

Tee avatar

AWS

Erik Osterman avatar
Erik Osterman

so on AWS, my opinion is that it’s more work than than necessary to manage EKS with terraform. the challenge comes down to upgrading. there’s some discussions on strategies for that.

aknysh avatar
aknysh

@aknysh are ya’ll using it with kops? Looks like it. How does TF generation fit in if at all?

Erik Osterman avatar
Erik Osterman

with kops, the ability to do rolling-updates is built in; it’s a purpose built tool like kops will do a better job at managing lifecycles.

Erik Osterman avatar
Erik Osterman

if fargate announces EKS support at the end of the month, I might change my stance

Tee avatar

But the EKS and FARGATE gets pretty expensive

Tee avatar

as far i think

Erik Osterman avatar
Erik Osterman

humans aren’t cheap either

Tee avatar

Right

Tee avatar

So what do you suggest for longterm. Not considering the cost. With less bottlenecks and nightmares

aknysh avatar
aknysh

not an easy question

Tee avatar

I mean in terms of stability

aknysh avatar
aknysh

kops is well established and works well, and does lifecycle management

aknysh avatar
aknysh

EKS is new and lacks a lot of features, but it will stay and they will improve it

aknysh avatar
aknysh

Fargate will improve and cost will be reduced

Erik Osterman avatar
Erik Osterman

(we’re not using EKS in production yet, so our story will be biased towards kops)

Tee avatar

Oh ok. Thanks @Erik Osterman & @aknysh for your suggestions.

aknysh avatar
aknysh

yea, the point is that with the current state of EKS, you need to do and provision even more resources than using kops

aknysh avatar
aknysh

and it does not support many features

aknysh avatar
aknysh

Fargate could improve it, but as many mentioned it’s costly (and it does not exists yet)

Tee avatar

That makes sense

Matthew avatar
Matthew

I am currently moving all of our infrastructure off Mesosphere DC/OS onto EKS and EKS has been phenomenal in my opinion - just lots of support from many different aspects such as AWS and the Kubernetes community

Matthew avatar
Matthew

as well as great folks like Cloud Posse

aknysh avatar
aknysh

yea thanks @Matthew

aknysh avatar
aknysh

the point is that with EKS, if for example you need to perform a rolling update, it’s not supported out of the gate

aknysh avatar
aknysh

so a lot of friction with many things

aknysh avatar
aknysh

with kops it just works

aknysh avatar
aknysh

but sure for longterm EKS/Fargate would be better

Matthew avatar
Matthew

Yeah i’ve talked with EKS specialist from AWS and they currently suggest a blue/green strategy for upgrading which can be tedious and at times break backwards compatibility

btai avatar

how do you export a single context of your kubeconfig?

btai avatar

say my local kubeconfig has a dev qa prod context

aknysh avatar
aknysh

@btai we don’t have multiple contexts. We use containers + ENV vars pattern (implemented in geodesic + repo per env + Dockerfile(s)). So in each container (prod, staging, dev, etc), when we run it, we have all ENV vars defined for that particular env (ENV vars come from Dockerfiles or from SSM if they are secrets). That includes everything for Terraform, kops, k8s, etc.

aknysh avatar
aknysh

So when we do for example kops export kubecfg, the environment knows what context we want

aknysh avatar
aknysh

and we can run those geodesic containers locally and also in CI/CD pipelines (for which we use Codefresh since it can run each pipeline step as a Docker container)

btai avatar

nice thanks

rms1000watt avatar
rms1000watt

Have you guys used Codefresh enterprise? I know you’re all big into codefresh here. Just curious of any pitfalls or bits of advice you guys have

rms1000watt avatar
rms1000watt

(enterprise to run on-prem)

Erik Osterman avatar
Erik Osterman

So Codefresh enterprise has 3 variations: full SaaS, hybrid and on-prem

Erik Osterman avatar
Erik Osterman

we’ve been working exclusively with the enterprise SaaS

rms1000watt avatar
rms1000watt

Ooo

Erik Osterman avatar
Erik Osterman

what’s the primary driver for going on-prem?

rms1000watt avatar
rms1000watt

compliance requiring no dependence on external SaaS providers

rms1000watt avatar
rms1000watt

Erik Osterman avatar
Erik Osterman

which compliance certification?

rms1000watt avatar
rms1000watt

oh wow, you haven’t even taken me out on a date yet to be asking such risquè questions.

rms1000watt avatar
rms1000watt

lol jk, I think fedramp

Erik Osterman avatar
Erik Osterman

lol

Erik Osterman avatar
Erik Osterman

ok - that’s a whole ’nother cup of tea

Erik Osterman avatar
Erik Osterman

not familiar with

Erik Osterman avatar
Erik Osterman

but sounds like you’d need full on-prem.

Erik Osterman avatar
Erik Osterman

so i probably wouldn’t enlighten you more than you already know

rms1000watt avatar
rms1000watt

No worries. We’re new to codefresh–so just probing for any gotcha’s really

Erik Osterman avatar
Erik Osterman

@dustinvb can definitely elaborate

Erik Osterman avatar
Erik Osterman

are you using the helm based install?

rms1000watt avatar
rms1000watt

I think at the moment, yes

rms1000watt avatar
rms1000watt

debating about the release of terraform 0.12 and using all the templating stuff

rms1000watt avatar
rms1000watt

rather than 2 templating engines.. tiller.. and all that jazz

Erik Osterman avatar
Erik Osterman

so i get where you’re coming from - but from what i’ve gleaned the current helm provider is too basic to handle all kinds of helm charts. maybe with 0.12 it’s better off

Erik Osterman avatar
Erik Osterman

you’ve seen our helmfiles repo? basically you can’t do half of what we do with helmfile using that provider

rms1000watt avatar
rms1000watt

https://marketplace.fedramp.gov/#/product/aiware-government?sort=productName

Just as a cover my ass that I’m not saying providing any confidential information.. it’s publicly available that we’re on fedramp ^^^ lol

rms1000watt avatar
rms1000watt

Oh, my bad. I didn’t mean the helm provider.. I meant generating the k8s.yml files on the fly based on the infra-state.. no helm installation anywhere

rms1000watt avatar
rms1000watt

just a thought at the moment–not necessarily going that direction for sure

Erik Osterman avatar
Erik Osterman

but yea, you could basically create terraform modules in place of helm charts

Erik Osterman avatar
Erik Osterman

… if terraform templating is sufficient

rms1000watt avatar
rms1000watt

hehe, yeah, big “if”

Erik Osterman avatar
Erik Osterman

it’s been my experience, the “simple” case always works well regardless of the technology

rms1000watt avatar
rms1000watt

ah

rms1000watt avatar
rms1000watt

how have you guys been liking helm? any complaints with the tiller stuff, or you guys are experienced enough with it all–nothing really bugs you?

Erik Osterman avatar
Erik Osterman

i mean, it sucks about the tiller and all

Erik Osterman avatar
Erik Osterman

but i look at helm more like an interface

Erik Osterman avatar
Erik Osterman

and the interface won’t change dramatically, but the underlying implementation is getting a big overhaul as you’re probably aware

Erik Osterman avatar
Erik Osterman

as part of that tiller is going away and the template engine going pluggable

rms1000watt avatar
rms1000watt

“tillerless helm” is the buzz

rms1000watt avatar
rms1000watt

yea

Erik Osterman avatar
Erik Osterman

as a way to manage a complex apps it’s great

Erik Osterman avatar
Erik Osterman

and app dependencies

Erik Osterman avatar
Erik Osterman

i say (and with some humility) that those before us have invested a lot of time in what it takes to manage software releases

Erik Osterman avatar
Erik Osterman

deb, rpm, apk, etc.

Erik Osterman avatar
Erik Osterman

we tried to avoid that with just a Makefile; it worked well until it didn’t. in the end, we needed all that a package manager provides and conceded to package .apk alpine packages

Erik Osterman avatar
Erik Osterman

my point is that just templatizing raw kubernetes resources and applying them seems easy enough and i’m sure you can get away with it for a long time

Erik Osterman avatar
Erik Osterman

but then you realize you want to have dependencies, triggers on deployment or uninstall, and rollbacks, etc. then you’re on your own.

Erik Osterman avatar
Erik Osterman

the more homegrown/spun, the more the solution diverges from the trajectory the community is taking

Erik Osterman avatar
Erik Osterman

because the community is solving problems around a standardized toolset

rms1000watt avatar
rms1000watt

all true

rms1000watt avatar
rms1000watt

so i’m curious.. you bring up rollbacks

rms1000watt avatar
rms1000watt

codefresh/spinnaker’s solutions didn’t offer enough in that aspect?

Erik Osterman avatar
Erik Osterman

codefresh relies on the fact that helm does rollbacks automatically

rms1000watt avatar
rms1000watt

ah

Erik Osterman avatar
Erik Osterman

and even bakes that into the UI with one-click rollbacks

Erik Osterman avatar
Erik Osterman

they also have some even more cool stuff in the works - but you’ll have to ask them to see it

rms1000watt avatar
rms1000watt

For sure

rms1000watt avatar
rms1000watt

we have meetings setup with them

rms1000watt avatar
rms1000watt

We’ll probe

Erik Osterman avatar
Erik Osterman

very cool! hit me afterwards and let me know how it goes

:--1:1
rms1000watt avatar
rms1000watt

does all this reveal a well needed niche (product offering) in the CI/CD process for k8s?

rms1000watt avatar
rms1000watt

since there always ends up being handrolled stuff?

Erik Osterman avatar
Erik Osterman

haha, not sure - there are more CI/CD platforms today than ever

rms1000watt avatar
rms1000watt

https://github.com/gaia-pipeline/gaia I like their philosophy at that in particular

gaia-pipeline/gaia

Build powerful pipelines in any programming language. - gaia-pipeline/gaia

rms1000watt avatar
rms1000watt

yea

Erik Osterman avatar
Erik Osterman

i can’t keep them straight anymore

Erik Osterman avatar
Erik Osterman

spinnaker is now coming out with an enterprise offering too

rms1000watt avatar
rms1000watt

haha nice. Well, after the bloodbath, hopefully the best solution reigns supreme

rms1000watt avatar
rms1000watt

ah

rms1000watt avatar
rms1000watt

halyard was surprising when I first played with it

Erik Osterman avatar
Erik Osterman

and then github actions

rms1000watt avatar
rms1000watt

then I looked at the helm chart for spinnaker.. and it was just a bunch of hal commands

rms1000watt avatar
rms1000watt

yea

Erik Osterman avatar
Erik Osterman

but i agree that there’s still big room for improvement

Erik Osterman avatar
Erik Osterman

the fact there is so much handrolling and independent tooling

Erik Osterman avatar
Erik Osterman

I think codefresh is well poised to do that as it relates to cicd+kubernetes+helm

rms1000watt avatar
rms1000watt

does your gut think helm isn’t going anywhere?

Erik Osterman avatar
Erik Osterman

until I see an alternative that has anywhere near the critical mass of helm, yes - i think it’s here for the foreseeable future

Erik Osterman avatar
Erik Osterman

for example, there’s ksonnet (based on jsonnet) which looks interesting

Erik Osterman avatar
Erik Osterman

but i think some variation of that could be used as a pluggable engine for helm

Erik Osterman avatar
Erik Osterman

also, i don’t want to see proliferation of more packaging systems right now - it’s too early

Erik Osterman avatar
Erik Osterman
rimusz/helm-tiller

Helm tiller plugin aka Tillerless Helm. Contribute to rimusz/helm-tiller development by creating an account on GitHub.

Erik Osterman avatar
Erik Osterman

have you seen this plugin?

Erik Osterman avatar
Erik Osterman

this is pretty smart.

rms1000watt avatar
rms1000watt

I thiiiink I’ve seen this one.. if not it was something similar

Erik Osterman avatar
Erik Osterman

basically, it’s a drop in replacement. it still stores all configs in the cluster (per namespace if you want)

Erik Osterman avatar
Erik Osterman

you run a temporary tiller locally

Erik Osterman avatar
Erik Osterman

this can be run as part of CI

rms1000watt avatar
rms1000watt

interesting.. hmm.. nice actually!

Erik Osterman avatar
Erik Osterman

(though would break the codefresh helm UI, since it would need to talk to the tiller and there would be none running)

rms1000watt avatar
rms1000watt

ah, right

2018-11-04

rohit.verma avatar
rohit.verma

hi all, what are you opinion on different networking option in kubernetes on aws. Which is more preferred and felt robust. We did tried with aws-vpc-cni but felt that its not stable enough even with 1.1.0 for kuberntes 1.10.6. This becomes more unstable when all your worker nodes are unstable and started giving exception as sandox ip changed etc..

rohit.verma avatar
rohit.verma

we then switched to calico, but somehow its observed that its impacting the way pods terminate. If we delete a deployment, pods remain in terminating state for 5+ minutes.

Erik Osterman avatar
Erik Osterman

The pods stuck in a terminating state is a very frequently observed problem. Could it be related to the network layer? Maybe - but I would explore other possibilities. To me the network culprit seems like a red herring.

Erik Osterman avatar
Erik Osterman

Lots of posts/issues on it. Usually related to zombies.

    keyboard_arrow_up