etcd, https://coreos.com/etcd/, is a distributed key/value store and contains all details about a kubernetes cluster, such as resources and their states. How etcd is installed I install kubernetes, and etcd along with it, using kubespray https://github.com/kubernetes-incubator/kubespray Interacting with etcd etcd runs as a container. The startup script used by systemctl is /usr/local/bin/etcd, which has the contents below #!/bin/bash /usr/bin/docker run \ --restart=on-failure:5 \ --env-file=/etc/etcd.env \ --net=host \ -v /etc/ssl/certs:/etc/ssl/certs:ro \ -v /etc/ssl/etcd/ssl:/etc/ssl/etcd/ssl:ro \ -v /var/lib/etcd:/var/lib/etcd:rw \ --memory=512M \ --blkio-weight=1000 \ --name=etcd1 \ quay.io/coreos/etcd:v3.2.18 \ /usr/local/bin/etcd \ "$@" Interacting with the running etcd process......
Continue Reading
I frequently hear people talk about unit tests when they actually mean something else. In some cases, I would think it was pedantic to argue about the specific meaning of a term like unittest, but in this case I think it often works against the Software Developer to use the term incorrectly. Below I provide a short list with descriptions to explain some useful testing concepts. Unit test It’s important to be clear on what “unit” means It means a function/method or class It does not mean database, SaaS, filesystem or any other......
Continue Reading
One of the most significant benefits of containers is that they empower a software engineer to explore technologies and infrastructure decisions quickly. Containers make it possible for a developer to try on new technologies and platforms and consider infrastructure decisions without a long approval and requisition process. It also reduces cost significantly, since many containers can run on a developer laptop. Access control and management of Kubernetes introduces a potential roadblock to this agile aspect of container-centric development. As a result, I put a lot of thought into how to provide easy, fast,......
Continue Reading
In spite of the popularity of Let’s Encrypt for generating free SSL/TLS certificates, I think their getting started page stinks. In case you feel the same way, I’ll try to give you a real quick start that will get you to your first certificate. Certificate Authority Let me point out that anyone with Linux (or Docker for that matter) can create a strong SSL/TLS certificate and encrypt their data. No third party is necessary. Where third parties like Comodo, GeoTrust, Verisign and now Let’s Encrypt come in is as Certificate Authorities. Publishers of......
Continue Reading
I’ve been having a lot of conversations lately about batch size and how the choice of batch size impacts software development and release processes. Today I went looking for some other perspectives and I found this post about optimization on the IBM website. The author provides a good summary of the benefits available by decreasing batch sizes in software development. I have been using agile methodologies for quite a long time, and they are much better than the traditional waterfall model. In the latter, all development is done at once, before testing occurs.......
Continue Reading
Often in development or when working on proofs of concept (PoC), I need working SSL to protect an endpoint. If I controlled the domain, I would use Lets Encrypt to generate a certificate. When I don’t control the domain, I often use self signed certificates. Below is how I create them and then use them to create a Secret in kubernetes. Choosing a domain (common name) When I don’t control the domain, that usually means I can’t setup a subdomain with appropriate name resolution for my project. In this case I use a......
Continue Reading
Introduction Kubernetes (also written k8s) is a powerful container orchestration platform that works with Docker. This first video provides a high level explanation of how kubernetes differs from traditional application deployment and infrastructure management. Overview A kubernetes cluster is made up of masters and nodes. The masters are responsible for orchestration and the nodes host the orchestrated containers. In addition to orchestrating containers, it is helpful to have a gateway to route traffic through the cluster and a persistent storage mechanism. While these last two components aren’t strictly part of kubernetes, I consider......
Continue Reading
Kubernetes is getting a lot of attention recently, and there is good reason for that. Docker containers alone are little more than a developer convenience. Orchestration moves containers from laptop into the datacenter. Kubernetes does that in a way that simplifies development and operations. Unfortunately I struggled to find easy to understand high level descriptions of how kubernetes worked, so I made the diagram below. Operations While I don’t show the operator specifically (usually someone in IT, or a managed offering like GKE), everything in the yellow box would be managed by the......
Continue Reading
IT general controls are important for various reasons, such as business continuity and regulatory compliance. Traditionally, controls have focused on the infrastructure itself. In the context of long running servers in fixed locations, this was often an effective approach. As virtualization and container technologies become more prevalent, especially in public cloud, infrastructure focused IT controls can start to get in the way of realizing the following benefits: Just in time provisioning Workload migration Network isolation Tight capacity management DevOps Automated deployments Automated remediation One way to maintain strong IT controls can still get......
Continue Reading
Vendor and tool selection is often a complicated process for an enterprise. In the worst cases, the evaluation of tools, vendors and other technology solutions turns into a debate about tools, features and procedures. Why is this a problem? It’s that these debates too often fail to identify and measure against the outcomes that will benefit the business and the activities that will produce those outcomes. What is an Outcome An outcome is simply an end state or deliverable. The end state or deliverable is usually defined by the business and, if achieved,......
Continue Reading