Today: September 13, 2024 2:06 pm
A collection of Software and Cloud patterns with a focus on the Enterprise

Software Engineering


This article is part of a series on Immutable Infrastructure and discusses the scenario of CI/CD pipelines to deliver high quality software quickly. It may be valuable to review Immutable Infrastructure Basics before reading this article. Continuous Integration and Continuous Delivery, CI/CD, is a practice in software development that aims to ensure high quality updates efficiently progress toward a release. The “Integration” part of CI/CD seeks to confirm that a software change will work with related systems. The divergence of systems that occurs without immutable infrastructure can reduce the effectiveness of CI/CD pipelines.......

Continue Reading


This article is part of a series on Immutable Infrastructure and discusses the scenario of Development Environments and Team Collaboration. It may be valuable to review Immutable Infrastructure Basics before reading this article. Development environments are intended to be flexible and in motion by design. At the same time, teams need to be able to work together and eventually deliver their work to other environments. As teams form and change over time, these objectives are often at odds with each other. The illustration below shows this dynamic at play over time. The above......

Continue Reading


One of the biggest shifts in technology that can be attributed to cloud is the move from away from hand crafting systems to defining systems and letting automation create them. This is often referred to as Infrastructure as Code, and is manifested along a spectrum. Toward the more “cloudy” end of the spectrum is the concept of immutable infrastructure, which means that once created, infrastructure exists in the same state until it is replaced by something new, but it is never changed. Some Examples A good example of immutability is a Java jar......

Continue Reading


Istio Ingress vs. Kubernetes Ingress

For years I have appreciated the clean and simple way Kubernetes approached Ingress into container workloads. The idea of an IngressController that dynamically reconfigures itself based on the current state of Ingress resources seemed very clean and easy to understand. Istio, on the other hand, felt more confusing, so I set out to correlate what I refer to as “traditional kubernetes ingress” with Istio ingress. The following diagram will help visualize my comments below. Dynamic Ingress Control Load Balancer at the Edge Both approaches are very similar in how they treat traffic at......

Continue Reading


etcd, https://coreos.com/etcd/, is a distributed key/value store and contains all details about a kubernetes cluster, such as resources and their states. How etcd is installed I install kubernetes, and etcd along with it, using kubespray https://github.com/kubernetes-incubator/kubespray Interacting with etcd etcd runs as a container. The startup script used by systemctl is /usr/local/bin/etcd, which has the contents below #!/bin/bash /usr/bin/docker run \ --restart=on-failure:5 \ --env-file=/etc/etcd.env \ --net=host \ -v /etc/ssl/certs:/etc/ssl/certs:ro \ -v /etc/ssl/etcd/ssl:/etc/ssl/etcd/ssl:ro \ -v /var/lib/etcd:/var/lib/etcd:rw \ --memory=512M \ --blkio-weight=1000 \ --name=etcd1 \ quay.io/coreos/etcd:v3.2.18 \ /usr/local/bin/etcd \ "$@" Interacting with the running etcd process......

Continue Reading


I frequently hear people talk about unit tests when they actually mean something else. In some cases, I would think it was pedantic to argue about the specific meaning of a term like unittest, but in this case I think it often works against the Software Developer to use the term incorrectly. Below I provide a short list with descriptions to explain some useful testing concepts. Unit test It’s important to be clear on what “unit” means It means a function/method or class It does not mean database, SaaS, filesystem or any other......

Continue Reading


Self-service access control in kubernetes

One of the most significant benefits of containers is that they empower a software engineer to explore technologies and infrastructure decisions quickly. Containers make it possible for a developer to try on new technologies and platforms and consider infrastructure decisions without a long approval and requisition process. It also reduces cost significantly, since many containers can run on a developer laptop. Access control and management of Kubernetes introduces a potential roadblock to this agile aspect of container-centric development. As a result, I put a lot of thought into how to provide easy, fast,......

Continue Reading


In spite of the popularity of Let’s Encrypt for generating free SSL/TLS certificates, I think their getting started page stinks. In case you feel the same way, I’ll try to give you a real quick start that will get you to your first certificate. Certificate Authority Let me point out that anyone with Linux (or Docker for that matter) can create a strong SSL/TLS certificate and encrypt their data. No third party is necessary. Where third parties like Comodo, GeoTrust, Verisign and now Let’s Encrypt come in is as Certificate Authorities. Publishers of......

Continue Reading


I’ve been having a lot of conversations lately about batch size and how the choice of batch size impacts software development and release processes. Today I went looking for some other perspectives and I found this post about optimization on the IBM website. The author provides a good summary of the benefits available by decreasing batch sizes in software development. I have been using agile methodologies for quite a long time, and they are much better than the traditional waterfall model. In the latter, all development is done at once, before testing occurs.......

Continue Reading


Often in development or when working on proofs of concept (PoC), I need working SSL to protect an endpoint. If I controlled the domain, I would use Lets Encrypt to generate a certificate. When I don’t control the domain, I often use self signed certificates. Below is how I create them and then use them to create a Secret in kubernetes. Choosing a domain (common name) When I don’t control the domain, that usually means I can’t setup a subdomain with appropriate name resolution for my project. In this case I use a......

Continue Reading