DevOps and other issues by Yurii Rochniak (@grem1in) – SRE @ Preply && Maksym Vlasov (@MaxymVlasov) – Engineer @ Star. Opinions on our own.
We do not post ads including event announcements. Please, do not bother us with such requests!
Recent Posts
Ha! I was sure I shared this article with y'all before, but when I tried to find it on the channel today, I was unable to. In any case, even it was here, it won't hurt to repeat it.
So, here it is - Kubernetes: EKS, Calico and custom Admission Webhooks.
This article sheds some light on the EKS networking. The gist is that if you use anything except the native VPC CNI, your control plane pods (API, scheduler, etc.) and workload pods will end up in different networks, because you cannot install any custom pods into the control plane.
Unless you use admission webhooks, you probably won't even notice; but if you do, API won't be able to contact your admission controller pods without some workarounds.
This is the nature of managed services: you gain something - you loose something.
#kubernetes#eks#aws
So, here it is - Kubernetes: EKS, Calico and custom Admission Webhooks.
This article sheds some light on the EKS networking. The gist is that if you use anything except the native VPC CNI, your control plane pods (API, scheduler, etc.) and workload pods will end up in different networks, because you cannot install any custom pods into the control plane.
Unless you use admission webhooks, you probably won't even notice; but if you do, API won't be able to contact your admission controller pods without some workarounds.
This is the nature of managed services: you gain something - you loose something.
#kubernetes#eks#aws
For today’s Donations Monday I would like to remind you about the UA Responders foundation that raises funds for medical equipment.
I know these folks personally, so I can vouch for them.
#donations#Ukraine
I know these folks personally, so I can vouch for them.
#donations#Ukraine
A fresh issue of the CatOps Digest is here:
https://newsletter.catops.dev/p/catops-digest-2024-04-21
#digest#newsletter
https://newsletter.catops.dev/p/catops-digest-2024-04-21
#digest#newsletter
Some lightweight read for you on Friday.
From the 80's to 2024 - how CI tests were invented and optimized sneak peeks into the history of automated testing. And evaluates possible future avenues where testing strategies could go.
Fun fact: Jenkins is apparently 20 years old. I didn't know that :D
Another fun fact: we had a voice chat about Jenkins recently. Yet, I still need to find some mental power to edit it.
#cicd
From the 80's to 2024 - how CI tests were invented and optimized sneak peeks into the history of automated testing. And evaluates possible future avenues where testing strategies could go.
Fun fact: Jenkins is apparently 20 years old. I didn't know that :D
Another fun fact: we had a voice chat about Jenkins recently. Yet, I still need to find some mental power to edit it.
#cicd
If you work with Kubernetes, there won't be any new information for you. However, when you encounter a namespace stuck in the "Termination" state the first time, it might be dumbfounding.
This article describes what to do in such situations. Also, it's good to learn about
#kubernetes
This article describes what to do in such situations. Also, it's good to learn about
finalizers at some point anyway.#kubernetes
I'm no Azure user - this thing came from the chat.
Azure has a collection of verified modules for Terraform and Bicep (their own IaC tool).
So, if you happened to work with Azure, check it out! Maybe, it could make your life a bit easier.
#iac#terraform#azure
Azure has a collection of verified modules for Terraform and Bicep (their own IaC tool).
So, if you happened to work with Azure, check it out! Maybe, it could make your life a bit easier.
#iac#terraform#azure
I had a whole talk about testing of the Helm charts, but it's not the only (almost) YAML that you could test!
This blog post describes how one could test their Prometheus alerts. Which is more productive than waiting till something happens.
#observability#testing
This blog post describes how one could test their Prometheus alerts. Which is more productive than waiting till something happens.
#observability#testing
or today's Donations Monday, I'd like to remind you about a big fundraiser by "Come Back Alive" to support the Ukrainian snipers there's still a long way to go, but the majority of the funds are already there.
#donations#Ukraine
#donations#Ukraine
A programming books bundle on Humble Bundle by Manning Press.
There are a couple of books that could be interesting to you, even if programming is not your primary occupation.
#books#programming
There are a couple of books that could be interesting to you, even if programming is not your primary occupation.
#books#programming
Despite a clickbait title, this is actually a good article with a list of good practices for Kubernetes.
tl;dr list:
- Use ephemeral contianers for debug
- Use admission controllers
- Kustomize is a nice tool
- Autoscale based on custom metrics if it makes sense
- Tweak API Priority and Fairness (APF) if it makes sense
- Submariner for multicluster (I have used other tools for multi-cluster, there are many ways of connecting clusters, so it's up to you to decide, what to use)
- Use Topology Spread Constraints
#kubernetes
tl;dr list:
- Use ephemeral contianers for debug
- Use admission controllers
- Kustomize is a nice tool
- Autoscale based on custom metrics if it makes sense
- Tweak API Priority and Fairness (APF) if it makes sense
- Submariner for multicluster (I have used other tools for multi-cluster, there are many ways of connecting clusters, so it's up to you to decide, what to use)
- Use Topology Spread Constraints
#kubernetes
Sometimes, people claim that I am anti-certifications, which is not true. I haven't had an experience in my life when I had to get a certificate for a new job or a promotion. However, if certification works for you, it's great!
Besides, until the 16th of April, you can buy courses from CNCF with 30% discount.
#courses#cncf
Besides, until the 16th of April, you can buy courses from CNCF with 30% discount.
#courses#cncf
For today's Donations Monday we need to support a member of our community - Oleksa Baida, who's going to join the Armed Forces of Ukraine soon.
He managed to cover most of the equipment and medical expenses on his own, but there are still things left.
Monobank Jar:
https://send.monobank.ua/jar/7sYxdJPVuo
Top-up a card directly:
Bank requisites:
Отримувач: Байда Олексій Сергійович
IBAN: UA383220010000026202344355441
ІПН/ЄДРПОУ: 3139812353
Призначення платежу: Поповнення рахунку банки
Also, if you want to meet Oleksa in person, there gonna be a gathering in Kyiv tomorrow at 19:00 (Kyiv time).
If you want to join, please, fill out this form, so he can book a place with enough space for everyone.
https://forms.gle/Q6P6bHLGJcCEpUps8
#donations#Ukraine
He managed to cover most of the equipment and medical expenses on his own, but there are still things left.
Monobank Jar:
https://send.monobank.ua/jar/7sYxdJPVuo
Top-up a card directly:
5375411215704862Bank requisites:
Отримувач: Байда Олексій Сергійович
IBAN: UA383220010000026202344355441
ІПН/ЄДРПОУ: 3139812353
Призначення платежу: Поповнення рахунку банки
Also, if you want to meet Oleksa in person, there gonna be a gathering in Kyiv tomorrow at 19:00 (Kyiv time).
If you want to join, please, fill out this form, so he can book a place with enough space for everyone.
https://forms.gle/Q6P6bHLGJcCEpUps8
#donations#Ukraine
A new issue of the CatOps Newsletter is here:
https://newsletter.catops.dev/p/catops-digest-2024-04-07
#newsletter#digest
https://newsletter.catops.dev/p/catops-digest-2024-04-07
#newsletter#digest
Friday is a great day to listen to our CatOps voice chat (in Ukrainian)! Especially, since the topic of this episode is mental health and management.
We kinda slipped into discussing management at some point.
You can find the episode on:
- YouTube
- Substack
- Spotify
- Apple Podcasts
- RSS Feed
Enjoy!
#voice_chat
We kinda slipped into discussing management at some point.
You can find the episode on:
- YouTube
- Substack
- Spotify
- Apple Podcasts
- RSS Feed
Enjoy!
#voice_chat
I almost forgot to post it here.
Today I'm speaking at the GeekOpsUA Virtual Meetup (in Ukrainian) at 19:00 Kyiv time (18:00 CET).
There's no specific topic, it's going be just a fireside chat.
Here's the link you can join today
- GeekOpsUA on Telegram
- GeekOpsUA on LinkedIn
- GeekOpsUA on YouTube
See you there!
#event
Today I'm speaking at the GeekOpsUA Virtual Meetup (in Ukrainian) at 19:00 Kyiv time (18:00 CET).
There's no specific topic, it's going be just a fireside chat.
Here's the link you can join today
- GeekOpsUA on Telegram
- GeekOpsUA on LinkedIn
- GeekOpsUA on YouTube
See you there!
#event
A nice step-by-step guide of how to test a Python AWS Lambda function locally with LocalStack.
This guide doesn't cover fixtures in LocalStack, though. In my experience, adding fixtures into LocalStack is PITA, but I have a very specific scenario where I need to create a couple of thousands of S3 objects relatively fast.
#aws#serverless#python
This guide doesn't cover fixtures in LocalStack, though. In my experience, adding fixtures into LocalStack is PITA, but I have a very specific scenario where I need to create a couple of thousands of S3 objects relatively fast.
#aws#serverless#python
For those who also had holidays.
Everything you need to know about the recent
#security
Everything you need to know about the recent
xz vulnerability in one place.#security
RedHat reported a 10/10 vulnerability in the xz compression library.
The vulnerability provides remote backdoor access and present in xz 5.6.0 and 5.6.1.
There’s also an interesting discussion of this vulnerability on HackerNews:
#security
The vulnerability provides remote backdoor access and present in xz 5.6.0 and 5.6.1.
There’s also an interesting discussion of this vulnerability on HackerNews:
annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of its "great new features".
#security
Kondense is a Kubernetes tool that allows you resize contianers in a pod based on the memory pressure.
It’s installed as a sidecar and uses real-time memory pressure to determine the optimal memory for each containers in a pod.
You can read the justification behind this tool in this Reddit post
#kubernetes
It’s installed as a sidecar and uses real-time memory pressure to determine the optimal memory for each containers in a pod.
You can read the justification behind this tool in this Reddit post
#kubernetes
People often say that Observability is a Data problem. Although, it sounds correct intuitively, I cannot say that I fully understood how Data engineering approaches could be applied to the Observability systems.
This article about Wide Events clarified things for me a bit. Indeed, if any event that happened in the system is just an object with some value and useful metadata, things like metrics, logs, and traces become less relevant - it's all events now!
Apparently, this is how Observability is done in Meta, according to the author, and apparently people in Meta like it. I never worked for Meta, I don't know what they really use there and if it's better than the tools available to us mere mortals.
However, this is an interesting concept, and it would be wonderful to see similar projects that are not internal to the Big Tech companies.
#observability
This article about Wide Events clarified things for me a bit. Indeed, if any event that happened in the system is just an object with some value and useful metadata, things like metrics, logs, and traces become less relevant - it's all events now!
Apparently, this is how Observability is done in Meta, according to the author, and apparently people in Meta like it. I never worked for Meta, I don't know what they really use there and if it's better than the tools available to us mere mortals.
However, this is an interesting concept, and it would be wonderful to see similar projects that are not internal to the Big Tech companies.
#observability
Related Posts
Fast Crypto Pumps (Official) Telegram Group
We do #massive #crypto #pumps on #Hotbit #pump , #Vip #private #group ,5x-500xEveryone proceeds on their own risk,SUPPORT: @fastcryptopumpsadmin #exclusive #signals #trade #futures #pumpanddump #cryptocurrency #binance #event #bigpumps #event
Top Hacker News Telegram Channel
Top stories from https://news.ycombinator.com (with 500+ score) Contribute to the development here: https://github.com/ylogx/best-hackernews-bot If you have any questions please post it in github issues so that everyone can access that information.
PUMP-CLUB-EUROPE👾 Telegram Channel
We do #massive #crypto #pumps on #Hotbit .No pre #pump #Vip #private #group ,5x-500xEveryone proceeds on their own risk,SUPPORT: @lubolubo #Advertisement #Ads#exclusive #signals #trade #futures #pumpanddump #cryptocurrency #event #CPE
Daily Life Hacks Telegram Channel
We want to help you better your lifestyle. Make it easier and more comfortable. @DailyMotivations ➡️Some time i have to post ads. For Ads and Support :- https://telega.io/c/RealDailyLifeHacks Ads :- https://adsly.me?ref=15529 Admin :- @DigitalGuy
