#random (2022-02)

Non-work banter and water cooler conversation

A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels.

Archive: https://archive.sweetops.com/random/

2022-02-01

bradym avatar
4
6

2022-02-02

Ryan Cartwright avatar
Ryan Cartwright
A collaborative hub for infrastructure as code | The Stack Overflow Podcast

On this sponsored episode of the podcast, we talk with Marcin Wyszynski, founder and CEO at Spacelift. Marcin says Spacelift aims to be for infrastructure-as-code what GitHub is to git. It centralizes everything about your IaC system: it runs code, deploys within CI/CD pipelines, tracks the progress of your infrastructure, and gives you insight into who made what changes and why. Today it works with the IaC tools already out there: Terraform, Cloud Formation, and Pulumi, with plans to add support for services like Ansible and Kubernetes in the future. 

2022-02-03

Zachary Loeber avatar
Zachary Loeber

Anyone ever author a declarative yaml manifest then need to add some linting/validation to the manifest afterwards? If so, are there any good tools to automate such a thing?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Jsonschema?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It’s supported by all major IDEs, many command line tools, GitHub actions, etc

Zachary Loeber avatar
Zachary Loeber

I was looking at that actually, seems that helm produces a jsonschema from a values file via schema-gen (found the use example here: https://github.com/hashicorp/vault-helm/blob/main/Makefile)

vault-helm/Makefile at main · hashicorp/vault-helmattachment image

Helm chart to install Vault and other associated components. - vault-helm/Makefile at main · hashicorp/vault-helm

André avatar

I’ve found this a few weeks ago: https://github.com/23andMe/Yamale

GitHub - 23andMe/Yamale: A schema and validator for YAML.attachment image

A schema and validator for YAML. Contribute to 23andMe/Yamale development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

wow, didn’t know about the helm schema-gen subcommand

2022-02-04

2022-02-07

Antarr Byrd avatar
Antarr Byrd

Any conferences people looking forward to this year?

managedkaos avatar
managedkaos

I’m getting hyped on GCP this year so Google Cloud Next is on my list. google

2
1
steenhoven avatar
steenhoven

Wondering if I would go to kubecon again. Not sure what to expect with this corona-thingy

2022-02-08

managedkaos avatar
managedkaos

I went to Kubecon in ’21. Even through my mask, the scent of hand sanitizer was heavy in the air.

2022-02-09

2022-02-13

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
2
5

2022-02-16

75devendrasahu avatar
75devendrasahu

Hi Team,

I want to create Azure Container Registry, how should I design it for organization so it will be at best and easy to handle

Yonatan Koren avatar
Yonatan Koren

This Slack is mostly AWS-oriented, but I’m sure someone can help. Have you tried asking in #azure?

75devendrasahu avatar
75devendrasahu

Didn’t find out #azure, now I searched and got that thanks suggestion.

np1
martin.helfert avatar
martin.helfert

hey everyone. Is anyone using serverless-framework? how do you handle the serverless-state.json when you’re deploying in a CI pipeline? shouldn’t cloudformation handle all that when using the aws provider? is there anything similar like handling the state with terraform?

Phil Hadviger avatar
Phil Hadviger

I’m experimenting with AWS SAM currently, but still undecided if it’ll accomplish what I need to it. It’s a mix of a local lambda runner, with options to deploy the lambda via CloudFormation stacks. The core infrastructure of the lambda (VPCs, roles, etc), I still setup using Terraform prior to using SAM, and I just reference those pieces in the SAM configs.

msharma24 avatar
msharma24
Do any companies/projects publish their Terraform code publicly?

I’m looking for Terraform examples from companies/projects. For example, Arch Linux has all their Ansible/Terraform in a public GitLab repo….

1

2022-02-17

Mithra avatar

Hello Team,

I have an instance running on Azure Virtual Machine Scale Set Where it is complaining about installing NuGetBinaries On Ubuntu 18.04 can anyone help with a command on it please. Tried multiple ways to get installed but nothing seemed to be working. Any input please in this issue your response is highly appreciated.

bradym avatar

You’re probably more likely to get a response in #azure

1

2022-02-18

2022-02-22

Shreyank Sharma avatar
Shreyank Sharma

Hi all, We are using a webserver with ElasticBeanstalk from 2019., the platform is tomcat 8.5 with java8 running on 64 bit Amazon Linux. Apache as proxy recently (from Jan 30th) we started getting Service Unavailable issues if go to the endpoint from time to time. and if we refresh 2-3 times it will get resolved on its own.

then I download full logs. under elasticbeanstalk-error_log I can see
[Mon Feb 21 10:00:58.338035 2022] [proxy:error] [pid 14882:tid 139757313533696] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Mon Feb 21 10:00:58.338078 2022] [proxy_http:error] [pid 14882:tid 139757313533696] [client <private-ip-here
:12566] AH01114: HTTP: failed to make connection to backend: httpd-UDS, referer: http://<custom-end-point
/1/<name.jsp
?s=sec$$4P!&refresh=300
[Mon Feb 21 10:43:40.663468 2022] [proxy:error] [pid 14882:tid 139757120071424] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Mon Feb 21 10:43:40.663518 2022] [proxy_http:error] [pid 14882:tid 139757120071424] [client <private-ip-here
:21136] AH01114: HTTP: failed to make connection to backend: httpd-UDS
repeated multiple times from Jan30th. and when I look at access.log I can see 503 error log exactly at the same time when permission denied error logs in elasticbeanstalk-error_log And I looked at the running process using ps -aux | grep httpd and ps -aux | grep tomcat both are running from 2019 and have no restarts. what more I can do to troubleshoot these issues

thanks

Nishant Thorat avatar
Nishant Thorat

We all know AWS regions have disparity in service hosting. As of today, us-east-1 (N. Virginia) hosts a max of 306 services while ap-northeast-3 (Osaka) has only 127 services hosted. I needed to answer, for any given AWS service which regions host the service, what services are hosted in a given region. Found a few ways. https://www.cloudyali.io/blogs/how-to-find-all-regions-an-aws-service-is-available

How to find all regions an AWS Service is available

Not all AWS Services are available in all AWS regions. Simple ways you can find all AWS regions AWS services are available.

1

2022-02-24

David avatar

Anyone have any pentesting recommendations for a place that does cryptographic-specific pentests (such as ensuring a company that claims e2e encryption is handling the encryption well)?

kevcube avatar
kevcube

if you’re talking about a downstream vendor, this sort of stuff is basically impossible to verify unless they’re willing to hand over all of their infrastructure

David avatar

This would be for pentesting our own application

2022-02-25

sohaibahmed98 avatar
sohaibahmed98
The end-to-end development and testing platform for Kubernetes and Cloudattachment image

Garden removes barriers between development, testing, and CI. Use the same workflows and production-like Kubernetes environments at every step of the process.

Zach avatar
The end-to-end development and testing platform for Kubernetes and Cloudattachment image

Garden removes barriers between development, testing, and CI. Use the same workflows and production-like Kubernetes environments at every step of the process.

Zach avatar

Seems neat, are you using this?

sohaibahmed98 avatar
sohaibahmed98

No not yet but I am trying to create POC for my company.

2022-02-26

2022-02-28

Shilpa avatar

@Channel Morning everyone .. Quick Q one of our API is getting loads of hits say e.g. 50k hits in minute, how I can define architecture behind it to handle the load. Please guide.

sohaibahmed98 avatar
sohaibahmed98

are you using anything like solace, kafka or rabbitmq etc?

Shilpa avatar

Its a new requirement so I can design best possible solution

Shilpa avatar

RabbitMQ I am aware of

Shilpa avatar

@sohaibahmed98 help me with factors i will have to consider while designing

sohaibahmed98 avatar
sohaibahmed98

I think at start you could thing of the following like

  1. adding cache on some methods which are returning same data.
  2. check your database queries , try to optimize them and also introduce indexes or compound indexes
  3. If you not using kafka or rabbitmq then try to move code from synchronous to asynchronous (spring boot) which could be e,g email etc if its not break anything
  4. use rabbitmq, incase of rabbitmq plz ignore point 3, all asynchronous will be handle by rabbitmq
sohaibahmed98 avatar
sohaibahmed98

I am not sure about your current infrastructure its monolith or microservice base

Shilpa avatar

microservices

sohaibahmed98 avatar
sohaibahmed98

are u using any cloud?

sohaibahmed98 avatar
sohaibahmed98

its on aws fargate or kubernetes?

Shilpa avatar

yes aws kubernetes

sohaibahmed98 avatar
sohaibahmed98

which load balancer you are using?

Shilpa avatar

frankly they gave me this statement to demonstrate them what factors I will consider

Shilpa avatar

I thought of load balancer, caching stuff. what else I can consider to serve the purpose?

Shilpa avatar

say as twitter api, it might get 1000s of hits. to serve without fail how should I build my infra so it will help serve the all requests without fail.

sohaibahmed98 avatar
sohaibahmed98
  1. cache
  2. optimize database
  3. load balancer
  4. increase nodes for microservice (auto scalling)
  5. divide request according to user region,
  6. use rabbitmq or event driven approach to handle large requests (its important) you can keep track which request failed in order to process again. solace or kafka is super super fast to handle large amount of requests
  7. use high performance global database or divide then into multi region
1
sohaibahmed98 avatar
sohaibahmed98

also keep in mind request throtling techniques

sohaibahmed98 avatar
sohaibahmed98

rate limiting

Shilpa avatar

In one of the project I was getting throttling error so I increased the limit. Is it right thing to do?

sohaibahmed98 avatar
sohaibahmed98

did you investigated why you were getting throttling error?

Shilpa avatar

One of the Lambda was keep hitting the API in every few secs

Shilpa avatar

it was internal API though for CI

sohaibahmed98 avatar
sohaibahmed98

Also for above question you posted regarding 50k hits. There is lot of guys in this group who are better then me it would be great if they also reply.

Shilpa avatar

Thank you so much for your time, will deep dive into it. It will really helpful to start with. Definitely if anyone knows about it please share your knowledge.

sohaibahmed98 avatar
sohaibahmed98

welcome anytime

    keyboard_arrow_up