#office-hours (2020-01)

Meeting password: sweetops

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Meeting password: sweetops

2020-01-29

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
bregman-arie/devops-exercises

Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization - bregman-arie/devops-exercises

7 top DevOps engineer interview questions for 2020

Passionate, qualified DevOps engineers are hard to come by. Use these DevOps engineer interview questions to zero in on your best candidates.

roth.andy avatar
roth.andy
Cloud Native Computing Foundation Announces Prometheus Graduation - Cloud Native Computing Foundation

Widely-adopted open source monitoring and alerting tool used by cloud native leaders like DigitalOcean, Red Hat, SUSE, and Weaveworks SAN FRANCISCO, Calif., August 9, 2018 – The Cloud Native Computing…

roth.andy avatar
roth.andy

@Pierre Humberdroz PROMCEPTION!

Pierre Humberdroz avatar
Pierre Humberdroz

our way currently is currently prometheus per ns -> master prometheus per cluster -> dedicated monitoring cluster prometheus -> elastic metric exporter to our elasticsearch cluster and after 14 days -> backup to blobstorage with a tool to get the data restored of a given time range.

dalekurt avatar
dalekurt

Side project

dalekurt avatar
dalekurt
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that’s rad!

dalekurt avatar
dalekurt

Running K3s

Blaise Pabon avatar
Blaise Pabon

oooh, you’re all ready for https://github.com/inlets/

Inlets

Inlets tunnels for your local endpoints. Inlets has 6 repositories available. Follow their code on GitHub.

Pierre Humberdroz avatar
Pierre Humberdroz

nice!

creature avatar
creature

that is rad. where’d the case come from?

roth.andy avatar
roth.andy
dalekurt avatar
dalekurt
hashicorp/terraform-github-actions

Terraform GitHub Actions. Contribute to hashicorp/terraform-github-actions development by creating an account on GitHub.

Blaise Pabon avatar
Blaise Pabon

Very nice interview with the Prometheus core team on: https://changelog.com/podcast/375

The Changelog #375: Gerhard goes to KubeCon (part 2) (talking Prometheus, Grafana, & Crossplane)

Gerhard is back for part two of our interviews at KubeCon 2019. Join him as he goes deep on Prometheus with Björn Rabenstein, Ben Kochie, and Frederic Branczyk… Grafana with Tom Wilkie and Ed Welch… and Crossplane with Jared Watts, Marques Johansson, and Dan Mangum. Don’t miss part one with Bryan Liles, Priyanka Sharma…

dalekurt avatar
dalekurt
1
dalekurt avatar
dalekurt

@roth.andy I have questions for you about your Raspberry Pi cluster.

roth.andy avatar
roth.andy

shoot

dalekurt avatar
dalekurt

Are you using Kubernetes or K3s?

roth.andy avatar
roth.andy

I started the project before K3s supported multi-master, so currently it uses kubeadm

dalekurt avatar
dalekurt

Have you been deploying using manifest files or helm?

Pierre Humberdroz avatar
Pierre Humberdroz

I am using k3s with k3sup

roth.andy avatar
roth.andy

The cluster doesn’t work yet, I got busy with other stuff, but it would definitely use helm

dalekurt avatar
dalekurt

OK cool, that happened to me as well. Started it last year and I just got through rebuilding it with k3s. I had set it up with kubeadm before but wanted to use something lighter.

dalekurt avatar
dalekurt

My plan is to get prometheus-operator Helm chart to get it up and running.

dalekurt avatar
dalekurt

Then setup Rook using USB keys on each of the raspberry pi

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
How the U.S. Air Force Deployed Kubernetes and Istio on an F-16 in 45 days - The New Stack attachment image

Kubernetes, Istio, knative and an internally developed specification for “hardening” containers are now the default software development platform across the military.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
mumoshu/variant

Wrap up your bash scripts into a modern CLI today. Graduate to a full-blown golang app tomorrow. - mumoshu/variant

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
mumoshu/variant2

Contribute to mumoshu/variant2 development by creating an account on GitHub.

dalekurt avatar
dalekurt

Jarvis X

:--1:1
Alex Siegman avatar
Alex Siegman

I missed what system you’re talking about, is this a codefresh change? re: the PV changes

roth.andy avatar
roth.andy

yes

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@btai has more details

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Pierre Humberdroz avatar
Pierre Humberdroz
FROM node:12-slim
RUN apt-get -y update && apt-get -y install git && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/man/?? /usr/share/man/??_*
ENV SOURCES /app

COPY . ${SOURCES}
WORKDIR ${SOURCES}
RUN chown -R node:node ${SOURCES} \
    && chmod 777 /tmp
USER node
RUN npm install --production --quiet

EXPOSE 5000

CMD ["npm", "start"]
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think this is what you don’t want to do for maximum layer caching

roth.andy avatar
roth.andy

right

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so a step before the COPY . would be to only copy over the packages.json and then download/process the deps.

roth.andy avatar
roth.andy

Also consider using npm ci instead of npm install

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I am not familiar with npm ci; what does that do?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

nice tip!

btai avatar

interesting @roth.andy, will test out npm ci , always looking to improve build times

btai avatar
What is the closest to `npm ci` in yarn

In npm there’s a ci command for installing the project with a clean state. In documentation it is claimed that: It can be significantly faster than a regular npm install by skipping certain user-

roth.andy avatar
roth.andy

@Pierre Humberdroz

Split into 2 projects

FROM node:12-slim
RUN apt-get -y update && apt-get -y install git && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/man/?? /usr/share/man/??_*
ENV SOURCES /app
WORKDIR ${SOURCES}
RUN chown -R node:node ${SOURCES} \
    && chmod 777 /tmp
USER node
EXPOSE 5000
CMD ["npm", "start"]
FROM theBase:someVersion
COPY ./packages.json ${SOURCES}
RUN npm ci
COPY . ${SOURCES}

Also, consider using webpack and nginx or something instead of npm start

Pierre Humberdroz avatar
Pierre Humberdroz

First time I hear to use nginx per container ? Why would I want to do that @roth.andy? It also goes against the philsophy of 1 process per container IMO.

In regards to webpack what is the reasoning for that?

roth.andy avatar
roth.andy

nginx would be the one process, instead of node. Webpack can build a production deployment package with minified javascript

roth.andy avatar
roth.andy

So you wouldn’t actually need to run npm install or anything, since webpack just creates one big index.js

Pierre Humberdroz avatar
Pierre Humberdroz

this is an API and not a frontend project.

roth.andy avatar
roth.andy

ah

Pierre Humberdroz avatar
Pierre Humberdroz

no worries.

Pierre Humberdroz avatar
Pierre Humberdroz

the main benefit of webpack or gulp in the backend world is you do not have to require everything on startup which makes startup time a lot faster. And the ability to use newer features

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(or just use a multi-stage docker build, no?)

roth.andy avatar
roth.andy

Yep, assuming you have caching set up. Since I don’t have caching it’s faster to actually make a base image

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

good point.

roth.andy avatar
roth.andy

Anybody tried out yarn 2 yet?

Zoom avatar
Zoom
10:35:52 PM

New Zoom Recording from our Public “Office Hours” on 2020-01-29 is now available.

2020-01-28

IckesJ avatar
IckesJ
11:06:17 PM

@IckesJ set the channel topic: Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

2020-01-22

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Terraform

Policy-based control for cloud native environments

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
instrumenta/conftest

Write tests against structured configuration data using the Open Policy Agent Rego query language - instrumenta/conftest

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
5 Common Terraform Patterns—Evolving Your Infrastructure with Terraform attachment image

Nicki Watt, OpenCredo’s CTO, explains how her company uses HashiCorp’s stack—and particularly Terraform—to support its customers in moving to the world of CI/CD and DevOps.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles for Kubernetes - cloudposse/helmfiles

roth.andy avatar
roth.andy

Quick video I made of the IaC demo. Feel free to poke holes in it

https://youtu.be/3Q4aFPWQplU

Zoom avatar
Zoom
01:17:01 AM

New Zoom Recording from our Public “Office Hours” on 2020-01-22 is now available.

2020-01-15

Pierre Humberdroz avatar
Pierre Humberdroz
kubernetes/community

Kubernetes community content. Contribute to kubernetes/community development by creating an account on GitHub.

Pierre Humberdroz avatar
Pierre Humberdroz
kubeform/kubeform

Kubernetes CRDs for Terraform providers. Contribute to kubeform/kubeform development by creating an account on GitHub.

imiltchman avatar
imiltchman

Was the CloudFlare demo in today’s office hours?

Pierre Humberdroz avatar
Pierre Humberdroz

it is planned

imiltchman avatar
imiltchman

Still happening?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yes, join now

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I’ll do it when you join

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@imiltchman

imiltchman avatar
imiltchman

I think I might have an outdate invite/zoom link

imiltchman avatar
imiltchman

TY. I’m on

imiltchman avatar
imiltchman

Thanks for that demo @Erik Osterman (Cloud Posse), that was awesome

Andrew Elkins avatar
Andrew Elkins

Thanks for the demo Erik.

Andrew Elkins avatar
Andrew Elkins

Here’s a brief comparison of CCPA and GDPR for those interested https://www.bakerlaw.com/webfiles/Privacy/2018/Articles/CCPA-GDPR-Chart.pdf

:--1:2
Zoom avatar
Zoom
10:53:07 PM

New Zoom Recording from our Public “Office Hours” on 2020-01-15 is now available.

2

2020-01-14

Pierre Humberdroz avatar
Pierre Humberdroz

Something for this weeks office hours perhaps.

I am currently trying to move some of our IaC logic out of the IaC repo and provide a module / tool to our application developers to provosion the databases for them incl. deployment of secrets in side of k8s. (See: https://github.com/helm-notifier/Terraform-Infrastructure/blob/master/02-step2/postgresHelmNotifier.tf)

If you have Ideas or are doing this already I would love to hear about it!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Suggest to stick with official style conventions

2020-01-10

sytten avatar
sytten

I don’t remember who asked about ECS and terraform yesterday

sytten avatar
sytten

But we have some news

sytten avatar
sytten
Treat new revisions of ECS task definitions as updates instead of new resources by sworisbreathing · Pull Request #11506 · terraform-providers/terraform-provider-aws

Community Note Please vote on this pull request by adding a :–1: reaction to the original pull request comment to help the community and maintainers prioritize this request Please do not leave "…

sytten avatar
sytten

This is great

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Oh wow, what a coincidence! We just talked about that

2020-01-08

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Office hours is happening today!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

let me know if you have any questions

Blaise Pabon avatar
Blaise Pabon

I’ll be joining late… I have to sit in a call with Ingram Micro…. for my sins.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
kubernetes-sigs/descheduler

Descheduler for Kubernetes. Contribute to kubernetes-sigs/descheduler development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@btai

btai avatar
btai
07:46:04 PM

@btai has joined the channel

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


This project runs as a Kubernetes Job that aims at killing pods when it thinks the cluster is unbalanced. You can run it once or as a Cron Job to run it periodically.

Pierre Humberdroz avatar
Pierre Humberdroz
helm-notifier/helm-notifier

Contribute to helm-notifier/helm-notifier development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-aws-eks-cluster

Terraform module for provisioning an EKS cluster. Contribute to cloudposse/terraform-aws-eks-cluster development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
vanvalenlab/kiosk

DeepCell Kiosk Distribution for Kubernetes on GKE and AWS - vanvalenlab/kiosk

roth.andy avatar
roth.andy
huginn/huginn

Create agents that monitor and act on your behalf. Your agents are standing by! - huginn/huginn

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
sytten avatar
sytten
nirmata/kyverno

Kubernetes Native Policy Management. Contribute to nirmata/kyverno development by creating an account on GitHub.

Zoom avatar
Zoom
10:17:55 PM

New Zoom Recording from our Public “Office Hours” on 2020-01-08 is now available.

    keyboard_arrow_up