#office-hours (2020-05)

Meeting password: sweetops

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Meeting password: sweetops

2020-05-28

2020-05-27

Zoom avatar
Zoom
06:27:15 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Mike Martin avatar
Mike Martin

It’s asking me to enter a password, but don’t see one in the calendar invite

Zoom avatar
Zoom
06:27:25 PM

rohit g has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:35 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:25 PM

Marc Tanne has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:38 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:42 PM

Ianculov Vucomir has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:59 PM

Robert Horrox has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:45 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:51 PM

Walter Sosa has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:39 PM

Hilal Jaffan has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:42 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:43 PM

Alex Siegman has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:40 PM

Haroon Rasheed has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:05 PM

Daniel Blue has joined Public “Office Hours”

HS avatar

Please I need help joining the meeting, The meeting link is requesting password

Mike Martin avatar
Mike Martin

Same for me

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

sweetops

HS avatar

thanks

Mike Martin avatar
Mike Martin

Worked - thank you!

Zoom avatar
Zoom
06:36:42 PM

Adedayo Akinpelu has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:29 PM

Michael Martin has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:37 PM

zloeber has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:35 PM

Andrea Bolandrina has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:24 PM

Jim Park has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:17 PM

Michael Martin has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:58 PM

eddie.wizelman has joined Public “Office Hours”

roth.andy avatar
roth.andy
Supporting the HashiCorp Terraform Extension for Visual Studio Code attachment image

We are working internally to update the community VS Code extension to fully support Terraform 0.12 syntax and use our Language Server by default. A new version will be shipping later this year with the updates.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Coffee with Codefresh - Live Q&A! - Codefresh

Welcome to the new Coffee with Codefresh — a Q&A live stream with members of the Codefresh team!  This is a community event for both Codefresh employees and customers, or if you are not yet a customer but have questions, you are welcome to join! We welcome you to a casual and relaxed question and … Continued

Zoom avatar
Zoom
06:44:34 PM

Jeremy Schuller has joined Public “Office Hours”

Zoom avatar
Zoom
06:45:10 PM

Mike Marseglia has joined Public “Office Hours”

Zoom avatar
Zoom
06:46:07 PM

PePe Amengual has joined Public “Office Hours”

Zoom avatar
Zoom
06:46:43 PM

Jie Chen has joined Public “Office Hours”

Zoom avatar
Zoom
06:47:51 PM

Vijay Ravi has joined Public “Office Hours”

Zoom avatar
Zoom
06:48:22 PM

Jeremy Schuller has joined Public “Office Hours”

Zoom avatar
Zoom
06:49:41 PM

Brian Tai has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
vcr/vcr

Record your test suite’s HTTP interactions and replay them during future test runs for fast, deterministic, accurate tests. - vcr/vcr

Zoom avatar
Zoom
06:55:54 PM

gemini has joined Public “Office Hours”

Zoom avatar
Zoom
06:58:23 PM

Jeremy Schuller has joined Public “Office Hours”

Zoom avatar
Zoom
07:01:11 PM

Juan Soto has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
  1. ThoughtWorks now recommends caution in managing stateful systems via container orchestration platforms such as Kubernetes.
  2. https://www.thoughtworks.com/radar/techniques/managing-stateful-systems-via-container-orchestration
  3. Our retort: https://cloudposse.com/devops/should-you-run-stateful-systems-via-container-orchestration/
Managing stateful systems via container orchestration | Technology Radar | ThoughtWorks attachment image

This Technology Radar quadrant explores the techniques being used to develop and deliver software

roth.andy avatar
roth.andy
KubeDB by AppsCode attachment image

KubeDB by AppsCode simplifies and automates routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair for various popular databases on private and public clouds

To run or not to run a database on Kubernetes: What to consider attachment image

It can be a challenge to run a database in a distributed container environment like Kubernetes. Try these tips and best practices.

Andrey Nazarov avatar
Andrey Nazarov

We are using Stash from AppsCode. So far so good, but I’ve heard complains about KubeDB support

KubeDB by AppsCode attachment image

KubeDB by AppsCode simplifies and automates routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair for various popular databases on private and public clouds

To run or not to run a database on Kubernetes: What to consider attachment image

It can be a challenge to run a database in a distributed container environment like Kubernetes. Try these tips and best practices.

Zoom avatar
Zoom
07:13:51 PM

Michael Martin has joined Public “Office Hours”

roth.andy avatar
roth.andy
So Long, and Thanks for All the Fish! · Issue #314 · hashicorp/vscode-terraform

HashiCorp and I have just - after a few months of discussions - started the process of handing over maintainership of vscode-terraform to HashiCorp. This is something I am really happy about and it…

Alex Siegman avatar
Alex Siegman
juliosueiras - Overview

I am a developer who was born in Cuba and grew up in China. I mostly develop in linux with vim as the primary editor for any languages - juliosueiras

Alex Siegman avatar
Alex Siegman
juliosueiras/vscode-languageclient-terraform

VSCode Terraform LSP Client. Contribute to juliosueiras/vscode-languageclient-terraform development by creating an account on GitHub.

Alex Siegman avatar
Alex Siegman

@Erik Osterman (Cloud Posse) didn’t you have a “things to think about when choosing a ci/cd platform” article/spreadhseet/list/whatnot you shared a while back?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Alex Siegman - we do - let me dig that up. Thanks for reminding me.

Alex Siegman avatar
Alex Siegman

Might help folks form their own ideas about choosing codefresh vs jenkins vs whatever

Alex Siegman avatar
Alex Siegman

@roth.andy FYI, unless you pay a base licensing cost for “Enterprise” per month/year, which you probably would anyways for self-hosted, codefresh does charge per user as well as per concurrency. I’ve been through that with them before Then again, I make no secret that I’m very anti-per-user pricing.

roth.andy avatar
roth.andy

Yep, Enterprise is all we are looking at

Alex Siegman avatar
Alex Siegman

Still bothers me that it’s an upcharge to get unlimited users, when the usage factor is primarily from pipeline runs

Alex Siegman avatar
Alex Siegman

Feels very double-dip to me, but the platform does have a lot of positives

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Here are some ways to control your AWS costs: https://cloudposse.com/aws-cost-controls/

1
:--1:2
Matt Gowie avatar
Matt Gowie
Huh… the link [spotinstance.com> forwards to <http://aws.amazon.com aws.amazon.com](http://spotinstance.com).
Alex Siegman avatar
Alex Siegman

sure does, that’s weird

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I must be linking to the wrong site - I’ll fix

Zoom avatar
Zoom
08:43:41 PM

New Zoom Recording from our Office Hours session on 2020-05-27 is now available.

Benjamin Hudgens avatar
Benjamin Hudgens

Hello, my co-worker linked the above office hours video where he asked the question about NAT networks. Is it appropriate to ask a question in this channel about the above video?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Sure thing @

Benjamin Hudgens avatar
Benjamin Hudgens

Regarding the conversation about NAT gateways, vs NAT instances, vs IGW’s (approx 45mins in video); why is the NAT gateway or NAT instance meaningfully different than the NAT provided by the IGW? As in, how does one nat provide a different level of security over the other?

The IGW documentation defines the function as NAT’ing; what makes the IGW nat fail an audit, so to speak? (vs the other two methods)

From Docs:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html

Benjamin Hudgens avatar
Benjamin Hudgens

I was hoping maybe you guys had experience with audits that flagged this and could help me understand why it was flagged?

Benjamin Hudgens avatar
Benjamin Hudgens

We literally couldn’t come up with a reason to pay for either NAT solution when IGW’s allow free inbound traffic and zero maintenance? We tried really hard to justify the NAT subnet setup given it’s the classical network config.. Compliance was a concern in our chat, and I’m wondering if you guys have actually seen it flagged (and why).

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(I will respond to you)

Matt Gowie avatar
Matt Gowie

Somebody feel free to correct me if I’m wrong here: NAT Gateways and NAT Instances don’t allow inbound traffic. They’re a purely outbound mechanism for Private Subnet resources to communicate to the wider internet.

IGW allows inbound and outbound traffic — It’s the VPC’s interface to the internet.

Generally, the thought behind putting services like Databases or Web app in private subnets is so that those resources can’t be accessed by the public internet. They’re only accessible via certain fronting services like load balancers and therefore that makes them more secure against port scanning and what not.

:--1:1
Benjamin Hudgens avatar
Benjamin Hudgens

If I’m running a NAT Instance, an IGW would be functionally identical to PORT forwarding back to one of the machines serviced by that particular instance.

I do think you’re correct; I’m not aware of the NGW’s supporting any sense of forwarding.

Benjamin Hudgens avatar
Benjamin Hudgens

So; hmm, that’s a good perspective.

Benjamin Hudgens avatar
Benjamin Hudgens

We’re really thinking about dropping these and leaning on sec groups given the IGW is more like a PAT instead of a NAT. I’ll bring up your point tomorrow, that’s at least ONE functional difference we didn’t come up with on our own. TY!

Matt Gowie avatar
Matt Gowie

One thing that’s worth mentioning again is that if you folks switch to NAT instances + an S3 VPC Endpoint then you’ll still be able to retain the same level of security (not have all your resources in public subnets), while also saving a ton.

It won’t be as cheap as it is to run all your resources in public subnets, but that would definitely be frowned upon by any security audit. At a minimum, I would say there are very few cases where your DB shouldn’t be run in a private subnet.

Benjamin Hudgens avatar
Benjamin Hudgens

Perhaps. I’m trying to understand why it’s not better to run our DB in an IGW subnet and simply do not attach an EIP (or public ip at all). We can mount an EIP (or EIN) for maintenance with a very specific sec group. Again, my understanding is the IGW is still a NAT per their docs.

We actually do leverage the VPCE’s in a few of our route tables for S3. Mike didn’t bring up the various other expensive things in our environment. Talking to S3/Dynamo is free over the VPCE’s .. but most other services incur a cost.

Benjamin Hudgens avatar
Benjamin Hudgens

We’re challenging our assumptions about the setup; trying to understand why an audit is going to flag an external IP with a deny all sec group, or how that’s different than a nat instance that could employ port forwarding just the same.

Benjamin Hudgens avatar
Benjamin Hudgens

Really appreciation the outside thoughts. The one you highlighted above is good, and compliance audits was our other concern. We just couldn’t understand the ‘technical’ reasons it would be flagged. Erik highlighted it a bit on your call; there are “best practices” we all employ, and we’re challenging those a bit to understand why we’re paying extra $$. We were failing to come up with good reasons. I thank you for giving this some thought from an outside perspective!

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(Will respond a bit later)

Benjamin Hudgens avatar
Benjamin Hudgens

Sure sure! No problem! Appreciate the feedback. Mike has been representing us on your calls. I lead his team and I’ve wanted to join, but I haven’t had the luxury yet. We talk about you guys quite a bit. Pretty sure I skipped the Terraform docs, and just learned terraform reading you guys’ work.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Actually, one request: since this is such a well prepared question, would you mind posting it instead here: https://ask.sweetops.com/

SweetOps

SweetOps is a collaborative DevOps community for engineers of all skill levels.

Benjamin Hudgens avatar
Benjamin Hudgens

Oh! Sure!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That will allow for an equally constructive response

Benjamin Hudgens avatar
Benjamin Hudgens

Absolutely.

Benjamin Hudgens avatar
Benjamin Hudgens
Why pay for NAT solutions in AWS?
TLDR; We deeply understand what all NAT options are and how they work. Super strong team technically. We’re challenging our traditional wisdom and assumptions to try to justify why we should spend extra $$$ on NAT solutions in AWS. We are not restricted by cost but certainly do not spend money purely for religious reasons (as in, because that’s how we’ve always done it). We are currently considering three mechanisms to reach EC2 instances: IGW -> Subnet(s) 1-1 NAT (When PIP or EIP attach…
:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Sweet! I will get back to you - thanks for posting

randomy avatar
randomy

Great question. Typo here with can/can’t: (and NAT Instances) *can* permit inbound traffic *at all*

2020-05-26

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Last week I have create a new Terraform module to host GitHub self hosted action runners on AWS spot instances. For those who are interested the setup is explained in this post https://040code.github.io/2020/05/25/scaling-selfhosted-action-runners

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Heads up! next wednesday on June 3rd (not this week), we’ll have a guest speaker to answer any/all your questions on Cloud Formation.

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

If I get this demo working I’ll be using the new Kubernetes provider for Terraform during my keynote at the Crossplane Community Day virtual event. https://www.eventbrite.com/e/crossplane-community-day-tickets-104465284478 https://twitter.com/mitchellh/status/1265414263281029120

attachment image

Yes! An alpha release of a new Kubernetes provider for Terraform that can represent ANY K8S resource (including any CRDs). You can also run this one-liner (image) to convert any YAML over. https://www.hashicorp.com/blog/deploy-any-resource-with-the-new-kubernetes-provider-for-hashicorp-terraform/ https://pbs.twimg.com/media/EY-nj__U8AAzI4C.jpg

party_parrot2
:--1:1

2020-05-21

Andrey Nazarov avatar
Andrey Nazarov

Thanks for bringing up my questions! I didn’t have a chance to join the call, but it was a pleasure to watch.

Regarding unanswered question on Tech Radar. I can elaborate a bit and probably it can be a topic for the next session.

What ThoughtWorks says now is that:
We recommend caution in managing stateful systems via container orchestration platforms such as Kubernetes. Some databases are not built with native support for orchestration — they don’t expect a scheduler to kill and relocate them to a different host. Building a highly available service on top of such databases is not trivial, and we still recommend running them on bare metal hosts or a virtual machine (VM) rather than to force-fit them into a container orchestration platform
Kinda a warning. And I know some cases when clients want to do such a move no matter what (I mean to migrate databases to K8s). There might be plenty of databases especially when it is a single tenant app and a bunch of microservices around. What’s your experience with managing databases (Postgres, MariaDB) in K8s given a current state of tooling? Managed services vs operators vs helm charts?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We’ll discuss this some more today

Andrey Nazarov avatar
Andrey Nazarov

Thanks for bringing up my question again! It’s not a perfect time for me to participate, but I’ll do my best to join in the future.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I converted localstack to run in kubernetes for locally testing out AWS scripts on kind clusters. Example includes the use of kompose, helmfile, the raw helm chart, and my own little framework for stitching it all together. https://zacharyloeber.com/2020/05/aws-testing-with-localstack-on-kubernetes/

2020-05-20

Pierre Humberdroz avatar
Pierre Humberdroz

I might not be here still want to leave something for later today.

So I was affected by quay incident quite heavily I had a test running in my development cluster which drains a node every hour and adds a new one to have a rotation and short lived nodes. Well since quay was not up some of my pods were not able to be scheduled (image pull back) and this caused quite a bit of headache.. But I am happy that I learned from it. I might have to cache/reupload to my own registry.

:--1:1
Pierre Humberdroz avatar
Pierre Humberdroz

So sometimes it might be worth to not touch a running system.

Zachary Loeber avatar
Zachary Loeber

This makes for a good argument in favor of self-hosted container registry infrastructure….

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I’ve just watched two weeks old open hours and I would give two thumbs up for monochart concept (never knew I has a name though:). We’ve been following a quite similar approach for about two years so far. Our approach is a bit different in a way that we do write helm charts. We have a common chart treated as an abstract class with all bells and whistles inside that covers 80-90% of use cases, but we still can’t satisfy everybody (since we are a very small team of ops, we just have a lot of other things to do). By writing charts per service (let’s call it a service chart) we allow chart developers to inherit all the components of the common chart plus add everything they need for a certain scenario. Sometimes these are objects that are not in the common chart. Sometimes these are dependencies which they want to make a bundle with. But it’s a matter of a couple of minutes to write a service chart. And yes we use helmfile to manage all of this, but also with helmfile we provide a very narrow interface to users who don’t want to deal with Helm at all and just want to deploy the app to his or her environment.

The question which bothers us sometimes though is what would be a better approach - to create a new object template inside a chart and populate it as a part of a chart or add additional functionality as a dependency to a chart. Say we want to add the possibility to do backups or monitoring. We can a)create a chart with all backup objects and add it to service charts as a dependency or b)add these objects as templates to the common chart and populate a new version of it. Although we really like the flexibility we have we sometimes encounter these questions about better approaches all the time:)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

What do you think about “Managing stateful systems via container orchestration” blipping as Assess on the latest Technology Radar?

https://www.thoughtworks.com/radar/techniques/managing-stateful-systems-via-container-orchestration

roth.andy avatar
roth.andy

With the Windows additions of great Mac/Linux-y things like

A 1st party package manager

A MacOS-style “spotlight” feature

Support for Linux GUI apps

WSL2 Are we finally getting to the point where I don’t have to dual-boot Linux on my windows machine to do serious development in a containerized/kubernetes world?

Pierre Humberdroz avatar
Pierre Humberdroz

does docker still run in a VM on windows? Or can it run easily in WSL and you connect locally (in windows) somehow with the docker client?

roth.andy avatar
roth.andy


does docker still run in a VM on windows?
On my machine, yes. I haven’t tried WSL2 yet though

Alex Siegman avatar
Alex Siegman

every few months I try to develop on my windows desktop at home and just get mad at it heh. every time i try though, more things work. i usually end up back on osx though

randomy avatar
randomy

I’m looking forward to the GUI support. WSL 2 + Docker Desktop + VS Code is getting pretty good but there are still too many times where I need to run a web browser in Linux because of AWS credentials, VPNs, SSH tunnels, etc. I tried an X server but ran into issues with dbus and things kept crashing after a while, so proper GUI support will be good.

randomy avatar
randomy

Hyper-V with a “quick create” Ubuntu image is pretty decent. No need to dual boot. But I’ve only tried this on my machine with 32 GB of memory…

roth.andy avatar
roth.andy


Hyper-V with a “quick create” Ubuntu image is pretty decent
Do you have a link you can point me to with some docs on this? I’ve messed around a little with Hyper-V and VirtualBox but my experience was very underwhelming, even with 32GB of memory

roth.andy avatar
roth.andy

@randomy

randomy avatar
randomy

I don’t know any docs in particular but this sums it up https://www.thomasmaurer.ch/2019/06/how-to-create-an-ubuntu-vm-on-windows-10/

How to create an Ubuntu VM on Windows 10 attachment image

Windows 10 is not just a modern desktop operating system, and it also has some great IT Pro and Developer related features build in. One of them is client Hyper-V. This is the same hypervisor which powers virtualization in Windows Server and the Microsoft Azure datacenters. With Hyper-V, you can create virtual machines running on

randomy avatar
randomy

I’m using the Ubuntu 18 version. I think I tried a newer one a while back but ran into issues. I use i3 which may or may not improve performance. And finally, I have a little AutoHotKey script that positions the VM window properly because Hyper-V annoyingly doesn’t let you maximize a VM without going into full-screen mode.

roth.andy avatar
roth.andy

:–1:

Joe Niland avatar
Joe Niland

This podcast was a decent summary of the latest with WSL2 and Docker - https://hanselminutes.com/736/making-docker-lovely-for-developers-with-simon-ferquel

Making Docker lovely for Developers with Simon Ferquel

Scott’s been using Docker Desktop for years now, and in this episode he talks to Simon Ferquel about Docker on Windows. How will WSL2 make Docker even better? How does Docker help developers specifically be more productive (and happier?) How much easier can Docker get and how does Docker Desktop enable that?

Mathieu Frenette avatar
Mathieu Frenette

What was the driving reason why you chose the approach of bundling Terraform infra configuration files within a Geodesic image (and are you still using that approach?), versus treating them as two distinct entities (that could still be versioned side-by-side within the same repo and used together in a pipeline)?

Mathieu Frenette avatar
Mathieu Frenette

We are moving our CI/CD pipelines from Jenkins X (which is 100% Gitops driven) to Codefresh, where we have the ease of use of shared configs and secrets that we can manage easily via the UI and inject into our pipelines as environment variables. However we realize that such configs and secrets are not version-controlled and may sometimes be tightly coupled with the pipelines as they evolve. If for some reason we need to rollback our pipelines, all related configurations will not follow accordingly. What are your thoughts and experience about such external configurations that escape the Gitops domain?

Chad Ostler avatar
Chad Ostler

we’re using codefresh… and it’s so unreliable we’ve decided to do anything but that now

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

wow! we have a lot of interesting talking points today. excited

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Just another heads up, we’ve had to enable passwords on the Zoom calls (zoom forcing our hand on this). The password is sweetops if you’re prompted for it…

Zoom avatar
Zoom
06:26:24 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:37 PM

Marc Tanne has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:58 PM

Robert Horrox has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:54 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:56 PM

Mukul Garg has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:08 PM

zloeber has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:21 PM

Adam Crown has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:42 PM

Jie Chen has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:43 PM

Mathieu Frenette has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:13 PM

Adrian Todorov has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:48 PM

Marcin Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:04 PM

Dale-Kurt Murray has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:04 PM

eddie.wizelman has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:56 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:46 PM

Alex Siegman has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:01 PM

Pierre has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:33 PM

Neil Gealy has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Secrets attachment image

Get started with one of our guides, or jump straight into the API documentation.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
10 most common mistakes using kubernetes attachment image

We had the chance to see quite a bit of clusters in our years of experience with kubernetes (both managed and unmanaged - on GCP, AWS and Azure), and we see some mistakes being repeated. No shame in that, we’ve done most of these too! I’ll try to show the ones we see very often and talk a bit about how to fix them.

:--1:1
Zoom avatar
Zoom
06:35:24 PM

Pierre has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:49 PM
dalekurt avatar
dalekurt
GitOps Days 2020 (May 20 & 21) You are invited!

You are invited: GitOps Days 2020 (May 20 & 21). Whether you’ve been wanting to learn about GitOps for the first time or you want to get your teams on board with GitOps, this event is for you! This free online event will run from 9:00am PT to 3:00pm PT over two days.

Zoom avatar
Zoom
06:37:31 PM

Brian Tai has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:52 PM

Andrew Elkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:56 PM

Marc Tamsky has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:35 PM

Prasanna Pawar has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:10 PM
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Registry as a pull through cache

Use-case If you have multiple instances of Docker running in your environment, such as multiple physical or virtual machines all running Docker, each daemon goes out to the internet and…

caretak3r avatar
caretak3r

what is the meeting password?

roth.andy avatar
roth.andy

sweetops

Zoom avatar
Zoom
06:48:00 PM

rohit g has joined Public “Office Hours”

Zoom avatar
Zoom
06:51:12 PM

José Netto has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Versioning and Deploying Secrets

Regarding examples of secrets, these are good, though we should also call out the different ways secrets are consumed. Especially when dealing with third-party software, the configuration mechanisms vary. Sometimes environment variables suffice, sometimes configuration files are required. Other times, with in-house software, they might directly interface with something like HashiCorp Vault or the AWS Secrets Manager (ASM). What I like about your current approach is that it provides a consistent…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
variantdev/mod

Missing package manager for any task runners and build tools e.g. make and variant - variantdev/mod

Pierre Humberdroz avatar
Pierre Humberdroz
Dependabot

Automated dependency updates for your Ruby, Python, JavaScript, PHP, .NET, Go, Elixir, Rust, Java and Elm.

Zoom avatar
Zoom
07:20:04 PM
Pierre Humberdroz avatar
Pierre Humberdroz
Whitesource Renovate - Automated Dependency Updates attachment image

Save time and reduce risk by automating dependency updates in software projects. Fully customizable with a setting to suit every workflow

Blaise Pabon avatar
Blaise Pabon

Life is full of contradictions…. Trump becomes president… and now we even have the NPM guys doing dependency management!

Whitesource Renovate - Automated Dependency Updates attachment image

Save time and reduce risk by automating dependency updates in software projects. Fully customizable with a setting to suit every workflow

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
aslafy-z/helm-git

Helm plugin to fetch charts from Git repositories. Contribute to aslafy-z/helm-git development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Renovate - GitHub Marketplace

Keep dependencies up-to-date with automated Pull Requests

Blaise Pabon avatar
Blaise Pabon

Sorry I couldnt make it today, I miss you guys. Homeschooling in the time of covid….

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we had an absolutely amazing office hours today! recording will be posted in a few hours.

Zoom avatar
Zoom
08:46:39 PM

New Zoom Recording from our Office Hours session on 2020-05-20 is now available.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Btw, we’re also uploading all our office hours to youtube!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

if you haven’t already subscribed to our channel, it would be a big help! we need to reach 100 subscribers to claim our URL.

2020-05-15

2020-05-14

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
sighupio/permission-manager

Permission Manager is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW - sighupio/permission-manager

omerfsen avatar
omerfsen
sighupio/permission-manager

Permission Manager is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW - sighupio/permission-manager

omerfsen avatar
omerfsen

Permission-manager does NOT work with EKS

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(@Zachary Loeber just linked me to the github org and was looking through the repos when I foudn this)

omerfsen avatar
omerfsen

Hi

omerfsen avatar
omerfsen

let me check

omerfsen avatar
omerfsen

thank you

Blaise Pabon avatar
Blaise Pabon

Hey folks, I just got a job offer from Very Good Security… I found out about them right here, thanks to @Erik Osterman (Cloud Posse)

5
:--1:2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That’s great @Blaise Pabon!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Is it a developer advocacy role?

Blaise Pabon avatar
Blaise Pabon

Well, the title is Solution architect and it’s the sort of early stage “pre-and-post sales support while preparing the path to excellence” that is my specialty. …Honestly, in this market, I don’t feel comfortable turning my nose up an a paycheck from good people, doing something that I’m not ashamed of.

I think there’s a lot of potential. I didn’t meet a single person who gave me the “works on my machine… it’s above my pay grade” attitude.

Zachary Loeber avatar
Zachary Loeber

woot!

2020-05-13

Mathieu Frenette avatar
Mathieu Frenette

Question for today’s office hour: What are the best practices for version numbering of multiple resources (apps, charts, docker images, etc) stored in the same monorepo? Using git tags (ie: v1.0.1) to track semantic versions seems awkward, because all resources would share the same version “counter”. Using the short commit hash seems more appropriate, but it is not allowed as chart version, which expects a semantic version in the form 1.0.1. I’m currently considering using something like 1.0.1589390493, where the last number is the number of seconds since UNIX epoch, calculated using the commit’s timestamp:

$(date "+%s" -d "$(git show -s --format=%ci)")

The major and minor versions could be stored in a file in the base dir of each resource. Any other suggestions?

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks @! We’ll discuss

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here please share your questions for today’s office hours!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Zoom avatar
Zoom
06:28:00 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:11 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:21 PM

Marc Tanne has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:23 PM

rohit g has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:30 PM

Jim Park has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:32 PM

Andrew Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:20 PM

zloeber has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:35 PM

Omer Sen has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:38 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:53 PM

Andrew Elkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:07 PM

Andrea Bolandrina has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:19 PM

David Scott has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:30 PM

Robert Horrox has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:39 PM

Brian Tai has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:00 PM

Mathieu Frenette has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:31 PM

Vitali Bystritski has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:13 PM

CHONAN TSAI has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

1.0.0+eh12345

Zoom avatar
Zoom
06:36:38 PM

Gemini Agaloos has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
mikefarah/yq

yq is a portable command-line YAML processor. Contribute to mikefarah/yq development by creating an account on GitHub.

nian avatar

As an alternate, check this: https://kislyuk.github.io/yq/

The syntax for this is much more similar to jq, which helps.

mikefarah/yq

yq is a portable command-line YAML processor. Contribute to mikefarah/yq development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We ultimately selected the one by mikefarah because it’s in go and distributes binary releases

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Semantic Versioning 2.0.0

Semantic Versioning spec and website

Zoom avatar
Zoom
06:41:10 PM

Adedayo Akinpelu has joined Public “Office Hours”

omerfsen avatar
omerfsen

What do you use to authenticate users against aws eks? I want to use external authentication mechanism aside from aws-auth configmap. Maybe use my AD users/groups?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Statuspage | Hosted Status Pages for Your Company

Statuspage.io is the best way for web infrastructure, developer API, and SaaS companies to get set up with their very own status page in minutes

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Keycloak

Keycloak is an open source identity and access management solution

omerfsen avatar
omerfsen

Jboss keycloak

omerfsen avatar
omerfsen

Okta replacer

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
louketo/louketo-proxy

A OpenID / Proxy service. Contribute to louketo/louketo-proxy development by creating an account on GitHub.

:--1:1
caretak3r avatar
caretak3r

Ambassador is a good step I think: https://www.getambassador.io/docs/1.4/howtos/sso/okta/

:--1:1
Zoom avatar
Zoom
06:55:03 PM

Steve Boardwell has joined Public “Office Hours”

Zoom avatar
Zoom
06:56:21 PM

Edward Wizelman has joined Public “Office Hours”

Marc Tanne avatar
Marc Tanne

Question on video stream transcoding from h.265/HEVC to h.264

Zoom avatar
Zoom
07:00:34 PM

soyer has joined Public “Office Hours”

roth.andy avatar
roth.andy
:--1:1
omerfsen avatar
omerfsen

Another question. I want to limit pod/deployment to only accept ingress(incoming) traffic from Aws Alb Ingress only not any other pod/deployments on SAME k8s namespace. Networkpolicy is limited namespaces, labels but seperating namespaces requires seperate alb ingress AND seperate external-dns (as both of them works on one Namespace only) what do u suggest?

Zoom avatar
Zoom
07:10:54 PM

Muhammed Soyer has joined Public “Office Hours”

omerfsen avatar
omerfsen

Since ingress is not a deployment…

roth.andy avatar
roth.andy
NVIDIA Container Runtime and Orchestrators

Kubernetes on NVIDIA GPUs enables enterprises to scale up training and inference deployment to multi-cloud GPU clusters seamlessly. It lets you automate the deployment, maintenance, scheduling and operation of multiple GPU accelerated application containers across clusters of nodes. With increasing number of AI powered applications and services and the broad availability of GPUs in public cloud, there is a need for open-source Kubernetes to be GPU-aware.

omerfsen avatar
omerfsen

Ok let me chech appmesh on Aws

:--1:1
omerfsen avatar
omerfsen

Instead of istio

omerfsen avatar
omerfsen

Not yet ;)

omerfsen avatar
omerfsen

Or solo meshctl

msoyer avatar
msoyer

Anyone heard about BackStage by Spotify ? It is a developer portal to provision applications etc .. I heard about it recently, just started evaluating.. https://backstage.io/

Backstage · An open platform for building developer portals

An open platform for building developer portals

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
nbering/terraform-provider-ansible

“Logical” provider for integrating with an Ansible Dynamic Inventory script. - nbering/terraform-provider-ansible

roth.andy avatar
roth.andy

https://thenewstack.io/how-the-u-s-air-force-deployed-kubernetes-and-istio-on-an-f-16-in-45-days/

USAF Chief Software Officer likes to say “If Kubernetes is good enough for missiles and F-16s then it is good enough for you”

How the U.S. Air Force Deployed Kubernetes and Istio on an F-16 in 45 days attachment image

Kubernetes, Istio, knative and an internally developed specification for “hardening” containers are now the default software development platform across the military.

Robert Horrox avatar
Robert Horrox

Is their any example repos with variant2 running terraform modules

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We haven’t published our solution yet

Robert Horrox avatar
Robert Horrox

Ok then I’ll start winging it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Happy to give you a walk through sometime if you want to see what it does

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman attachment image

Welcome to my scheduling page. Please follow the instructions to add an event to my calendar.

Robert Horrox avatar
Robert Horrox

That would be great

Zoom avatar
Zoom
08:46:14 PM

New Zoom Recording from our Office Hours session on 2020-05-13 is now available.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@ perfect time! got this in my inbox today

chonan tsai avatar
chonan tsai

@Erik Osterman (Cloud Posse) Fantastic - thanks for sharing today. This is gonna be useful.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
12:33:26 AM

@Erik Osterman (Cloud Posse) set the channel topic: Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Meeting password: sweetops

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

PSA:

2020-05-12

2020-05-11

2020-05-10

2020-05-08

Zoom avatar
Zoom
09:29:42 PM

New Zoom Recording from our Office Hours session on 2020-04-29 is now available.

2020-05-06

Pierre Humberdroz avatar
Pierre Humberdroz

So I am curious if this is just something that would be useful to me. But would a tool where you can aggregate events from multiple sources onto a single timeline be useful for y’all?

This is just a quick mock up of something I have been thinking about.

Zoom avatar
Zoom
06:29:17 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:26 PM

Andrew Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:30 PM

zloeber has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:30 PM

Adam Watson has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:35 PM

Adedayo Akinpelu has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:36 PM

Edward Wizelman has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:38 PM

Pierre Humberdroz has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:51 PM

Marcin Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:14 PM

David Scott has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:44 PM

Darrin Rentschler has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:57 PM

Darrin Rentschler has left Public “Office Hours”

Zoom avatar
Zoom
06:31:02 PM

kiran k has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
ZoomerBackgrounds

Browse and share virtual backgrounds for video calling applications with ease!

Zoom avatar
Zoom
06:31:41 PM

Szymon Matuszewski has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:42 PM

Brian Tai has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:51 PM

Sri P has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:07 PM

Gemini Agaloos has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:33 PM

Jose Netto has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:54 PM

Jordan Levington has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:07 PM

Jordan Levington has left Public “Office Hours”

Zoom avatar
Zoom
06:39:02 PM

Omer Sen has joined Public “Office Hours”

Zoom avatar
Zoom
06:39:56 PM

Libert Schmidt has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:30 PM

Andrew Elkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:30 PM

Miranda Pearson has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:43 PM

Mikael Fridh has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:30 PM

Lewis Jenkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:44:37 PM

Geoff Weinhold has joined Public “Office Hours”

roth.andy avatar
roth.andy
aaratn avatar
aaratn

what book is it ?

roth.andy avatar
roth.andy

DevOps Handbook

aaratn avatar
aaratn

Cool !

roth.andy avatar
roth.andy

derp, need to rotate those…

Pierre Humberdroz avatar
Pierre Humberdroz

it is fine.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Grafana Loki attachment image

Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and …

Zoom avatar
Zoom
06:52:17 PM

Charlie Mathews has joined Public “Office Hours”

Mikael Fridh avatar
Mikael Fridh

Loki is great for the way it can integrate nicely with prometheus metrics due to the labels - you can basically match them up… But honestly, what has me going right now is https://github.com/flant/loghouse + https://github.com/ClickHouse/ClickHouse . Not fully tested it yet though.

Just look at this statement… ClickHouse works 100-1000x faster than traditional approaches. Most vendors and projects will have bold claims… but they are rarely this confident .

flant/loghouse

Ready to use log management solution for Kubernetes storing data in ClickHouse and providing web UI. - flant/loghouse

ClickHouse/ClickHouse

ClickHouse is a free analytics DBMS for big data. Contribute to ClickHouse/ClickHouse development by creating an account on GitHub.

Zoom avatar
Zoom
06:54:12 PM

asadana has joined Public “Office Hours”

Zoom avatar
Zoom
06:54:30 PM

Olivier Chaine has joined Public “Office Hours”

roth.andy avatar
roth.andy
chonan tsai avatar
chonan tsai

devops handbook? Really like this login example. Makes a lot of sense.

roth.andy avatar
roth.andy

yep

Zoom avatar
Zoom
07:02:22 PM

Miranda Pearson has left Public “Office Hours”

Zoom avatar
Zoom
07:04:19 PM

Marc Boudreau has joined Public “Office Hours”

Pierre Humberdroz avatar
Pierre Humberdroz

thanks @roth.andy

Zoom avatar
Zoom
07:06:48 PM

Omer Sen has left Public “Office Hours”

Zoom avatar
Zoom
07:07:11 PM

Brian Tai has left Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Caddy 2 - The Ultimate Server with Automatic HTTPS attachment image

Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
KrakenD - Open source API Gateway attachment image

Enterprise open source API Gateway built with Go lang

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Nomad by HashiCorp attachment image

Nomad is a highly available, distributed, data-center aware cluster and application scheduler designed to support the modern datacenter with support for long-running services, batch jobs, and much more.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

PSA

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

in 1.16 /extenionsons/v1beta1 api going away for certain resources

David Scott avatar
David Scott

https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html#1-16-prequisites Specifically these resources are removed: DaemonSet, Deployment, StatefulSet, ReplicaSet, NetworkPolicy, PodSecurityPolicy

Other things, like Ingress, can still be used with extensions/v1beta1

:--1:1
David Scott avatar
David Scott

The most important thing in regards to this: Check the apiVersion: on your kube-proxy DaemonSet. AWS’s instructions for updating kube-proxy only have you update the image tag, so it is likely that it will be using the deprecated API.

Mikael Fridh avatar
Mikael Fridh
FairwindsOps/pluto

A cli tool to help discover deprecated apiVersions in Kubernetes - FairwindsOps/pluto

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
zloeber/CICDHelper

Fairly large set of scripts for crafting and working with devops tools - zloeber/CICDHelper

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

Zoom avatar
Zoom
07:30:55 PM

Adedayo Akinpelu has left Public “Office Hours”

Zoom avatar
Zoom
07:32:07 PM

Charlie Mathews has left Public “Office Hours”

Zoom avatar
Zoom
07:32:09 PM

Adam Watson has left Public “Office Hours”

Zoom avatar
Zoom
07:32:09 PM

David Scott has left Public “Office Hours”

Zoom avatar
Zoom
07:32:10 PM

zloeber has left Public “Office Hours”

Zoom avatar
Zoom
07:32:10 PM

Pierre Humberdroz has left Public “Office Hours”

Zoom avatar
Zoom
07:32:10 PM

Andrew Roth has left Public “Office Hours”

Zoom avatar
Zoom
07:32:12 PM

Geoff Weinhold has left Public “Office Hours”

Zoom avatar
Zoom
07:32:15 PM

asadana has left Public “Office Hours”

Zoom avatar
Zoom
07:32:19 PM

Marcin Branski has left Public “Office Hours”

Zoom avatar
Zoom
07:32:19 PM

Szymon Matuszewski has left Public “Office Hours”

Zoom avatar
Zoom
07:32:20 PM

Andrew Elkins has left Public “Office Hours”

Zoom avatar
Zoom
07:32:26 PM

Edward Wizelman has left Public “Office Hours”

Zoom avatar
Zoom
07:32:47 PM

Marc Boudreau has left Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
segmentio/chamber

CLI for managing secrets. Contribute to segmentio/chamber development by creating an account on GitHub.

Zoom avatar
Zoom
07:39:00 PM

Mikael Fridh has left Public “Office Hours”

Zoom avatar
Zoom
07:39:03 PM

Libert Schmidt has left Public “Office Hours”

Zoom avatar
Zoom
07:39:15 PM

Olivier Chaine has left Public “Office Hours”

Zoom avatar
Zoom
07:39:15 PM

Jose Netto has left Public “Office Hours”

Zoom avatar
Zoom
07:39:15 PM

Erik Osterman (Cloud Posse) has left Public “Office Hours”

Zoom avatar
Zoom
07:39:16 PM
Zoom avatar
Zoom
07:39:16 PM

Gemini Agaloos has left Public “Office Hours”

Zoom avatar
Zoom
07:39:16 PM

kiran k has left Public “Office Hours”

Zoom avatar
Zoom
07:39:16 PM

Lewis Jenkins has left Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Crap - I think I forgot to hit record. Zoom UI changed and through me off. still processing

Zoom avatar
Zoom
10:47:40 PM

New Zoom Recording from our Office Hours session on 2020-05-06 is now available.

2020-05-04

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Here’s a great question for office hours this week: https://sweetops.slack.com/archives/CQCDCLA1M/p1588441766212200

Hi Everyone! I would love experts advice on scaling issues I’m having with a Monolith Application

The stack is Ruby, Mysql, Redis, RabbitMQ, and the webserver being used is Passenger, Scaling every other components (mysql, redis, rabbitmq) is not a problem, all of them are scaling awesomely, However, the application server is performing woefully, and the problem is with Passenger, the ruby app is a Legacy codebase in which every component of the application is bundle together in one place, including the mobile app graphql endpoints, and 20+ daemons that needs to run for the app to work.

I have tried scaling horizontally a couple of times which was not effective because I realized that the daemons works in a way that they can’t run concurrently on multiple servers, so that means I had to resolve to scaling vertically, now during peak periods, the server resources are not really used up, but the server keeps crashing, and the major reason is because Passenger(Ruby webserver) couldn’t handle some certain number of connections at once, so after thoroughly going through the passenger doc, I realized that there is a way to increase the maximum number of connection per process, this has been the temporary tweak that is keeping the server up and running for now.

However, We will be starting a campaign Next week, and we are expecting to have x5 the traffic requests we get during peak times, and I need advice on other approaches I can take to Autoscaling my Infrastructure

PS: 1. We are looking to re-architect the entire system by decoupling some services 2. We still run on Ruby 2.2, upgrading it will break our codebase (which is why we need to do 1 above)

I know this community consists of professionals that have handle way larger systems at scale, and I will appreciate everyone’s input on this

Thank you

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@HS will you join us today on office hours? ~20 minutes from now

Hi Everyone! I would love experts advice on scaling issues I’m having with a Monolith Application

The stack is Ruby, Mysql, Redis, RabbitMQ, and the webserver being used is Passenger, Scaling every other components (mysql, redis, rabbitmq) is not a problem, all of them are scaling awesomely, However, the application server is performing woefully, and the problem is with Passenger, the ruby app is a Legacy codebase in which every component of the application is bundle together in one place, including the mobile app graphql endpoints, and 20+ daemons that needs to run for the app to work.

I have tried scaling horizontally a couple of times which was not effective because I realized that the daemons works in a way that they can’t run concurrently on multiple servers, so that means I had to resolve to scaling vertically, now during peak periods, the server resources are not really used up, but the server keeps crashing, and the major reason is because Passenger(Ruby webserver) couldn’t handle some certain number of connections at once, so after thoroughly going through the passenger doc, I realized that there is a way to increase the maximum number of connection per process, this has been the temporary tweak that is keeping the server up and running for now.

However, We will be starting a campaign Next week, and we are expecting to have x5 the traffic requests we get during peak times, and I need advice on other approaches I can take to Autoscaling my Infrastructure

PS: 1. We are looking to re-architect the entire system by decoupling some services 2. We still run on Ruby 2.2, upgrading it will break our codebase (which is why we need to do 1 above)

I know this community consists of professionals that have handle way larger systems at scale, and I will appreciate everyone’s input on this

Thank you

HS avatar

Yes

    keyboard_arrow_up