A neat summary for upgrading EKS to 1.24.
This article contains some considerations and action items before an upgrade as well as some points for future releases.
P.S. This article came from the chat. So, if you have interesting things to share, feel free to join it! The chat is in Ukrainian.
#aws #kubernetes
This article contains some considerations and action items before an upgrade as well as some points for future releases.
P.S. This article came from the chat. So, if you have interesting things to share, feel free to join it! The chat is in Ukrainian.
#aws #kubernetes
Medium
Amazon EKS Upgrade Journey From 1.23 to 1.24
We are now welcoming “Stargazer”. Process and considerations while upgrading EKS control-plane to version 1.24.
In case of major power outages, we can schedule deployment by a sheet of paper, and when power return - scan and use SheetOps.
https://github.com/learnk8s/xlskubectl
By the way, have a nice day :)
https://github.com/learnk8s/xlskubectl
By the way, have a nice day :)
GitHub
GitHub - learnk8s/xlskubectl: xlskubectl — a spreadsheet to control your Kubernetes cluster
xlskubectl — a spreadsheet to control your Kubernetes cluster - learnk8s/xlskubectl
Amazon has made 120 AWS courses available for free.
To get courses, you only need to know English and make a few additional steps:
0. Login OR Create an account in Amazon
After sign in/up, you will be redirected here
1. Choose and go to any course you like
2. Click "Order Now for free"
3. Get the error "Sorry, we couldn't complete your purchase". Press "change your country/region"
4. Click on the "Country / Region Settings". It will open with "Current country/region – Unknown"
5. Click Change
6. Now you need to enter absolutely any address and mobile phone from the USA. You can take any from here. The mobile phone must be indicated without spaces/brackets/dashes - i.e. only numbers.
7. Now you can return and get courses.
P.S. That works up to 9 Dec 2022. You can access courses up to 28 Apr 2023.
P.P.S. You can get only 6 courses if you click them one by one. But if you order many courses at the same time - the number of ordered courses will be limited to the number that you will have time to order before Amazon prepares 6 courses in your Amazon Online Learning cabinet. So click quickly to get more courses :)
To get courses, you only need to know English and make a few additional steps:
0. Login OR Create an account in Amazon
After sign in/up, you will be redirected here
1. Choose and go to any course you like
2. Click "Order Now for free"
3. Get the error "Sorry, we couldn't complete your purchase". Press "change your country/region"
4. Click on the "Country / Region Settings". It will open with "Current country/region – Unknown"
5. Click Change
6. Now you need to enter absolutely any address and mobile phone from the USA. You can take any from here. The mobile phone must be indicated without spaces/brackets/dashes - i.e. only numbers.
7. Now you can return and get courses.
P.S. That works up to 9 Dec 2022. You can access courses up to 28 Apr 2023.
P.P.S. You can get only 6 courses if you click them one by one. But if you order many courses at the same time - the number of ordered courses will be limited to the number that you will have time to order before Amazon prepares 6 courses in your Amazon Online Learning cabinet. So click quickly to get more courses :)
I remember people creating NAT instances in AWS because NAT Gateway was not available at a time.
Now, some claim that NAT Gateway is too expensive, thus nat instances is the way.
The circle is complete, I guess.
Anyways, here’s alterNAT - self provisioned NAT instances in AWS.
To be completely honest, there are use cases for NAT instances indeed and they do not claim that this solution is for everyone.
#aws #networking
Now, some claim that NAT Gateway is too expensive, thus nat instances is the way.
The circle is complete, I guess.
Anyways, here’s alterNAT - self provisioned NAT instances in AWS.
To be completely honest, there are use cases for NAT instances indeed and they do not claim that this solution is for everyone.
#aws #networking
GitHub
GitHub - 1debit/alternat: High availability implementation of AWS NAT instances.
High availability implementation of AWS NAT instances. - 1debit/alternat
Kubeshark is an traffic viewer for Kubernetes providing deep visibility into all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster.
I don’t have much to add here. This is basically a Wireshark for Kubernetes. So, if you probably know it if you need something like this. Otherwise, I would say that one can live Ok without it. Yet, if you ever need to analyze, what’s going on with requests in your cluster, you can always use this tool!
#kubernetes #networking
I don’t have much to add here. This is basically a Wireshark for Kubernetes. So, if you probably know it if you need something like this. Otherwise, I would say that one can live Ok without it. Yet, if you ever need to analyze, what’s going on with requests in your cluster, you can always use this tool!
#kubernetes #networking
GitHub
GitHub - kubeshark/kubeshark: The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing…
The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clu...
Here the FireHydrant company writes that MTTR (mean time to recovery) metric is overrated.
I tend to agree with their justification: not all incidents are the same. Not all systems are equally critical as well as not always the cause or rather a set of causes is easy to mitigate.
However, it’s still important to measure the quality of your incident response somehow. The propose two metrics instead:
- Mean time to detection - basically, how long it takes for you to spot a problem. I would also ask an additional question here: was a problem reported by your observability systems, or by your colleagues or customers?
- Mean time to retrospective - or mean time to postmortem if you wish. I think this is a good one. It’s true that some details may fade away from memory, so sooner you do a retrospective - the better! Also, it’s f you actually measure this time, it can help you to prioritize meetings and put postmortems as a higher priority comparing to, for example, a team standup.
#observability
I tend to agree with their justification: not all incidents are the same. Not all systems are equally critical as well as not always the cause or rather a set of causes is easy to mitigate.
However, it’s still important to measure the quality of your incident response somehow. The propose two metrics instead:
- Mean time to detection - basically, how long it takes for you to spot a problem. I would also ask an additional question here: was a problem reported by your observability systems, or by your colleagues or customers?
- Mean time to retrospective - or mean time to postmortem if you wish. I think this is a good one. It’s true that some details may fade away from memory, so sooner you do a retrospective - the better! Also, it’s f you actually measure this time, it can help you to prioritize meetings and put postmortems as a higher priority comparing to, for example, a team standup.
#observability
FireHydrant
The MTTR that matters
A metric you should be tracking is Mean Time to Retrospective.
I try to be consistent with the digest even when I just want to lay on on a couch and watch some YouTube.
A new issue of the CatOps Digest is out!
#newsletter
A new issue of the CatOps Digest is out!
#newsletter
CatOps Newsletter
CatOps Digest 2022-12-04
What was on CatOps in the last two weeks…
Not a technical post.
Today is the Volunteer Day. I want to dedicate this post to all the people who help daily our military forces as well as civilians.
Thank you for your work and dedication!
Now, I add a Linktree to each post that contains links to various volunteer organizations as well as other useful things. Today I want to share individuals and foundations I regularly support personally.
- Pavlo Bondarenko and Naya are collecting funds for recon drones and Starlinks for AFU. The both have PayPal, so it’s easy to send money from outside Ukraine. Pavlo is a friend of mine, we’ve been to Sziget Festival together a couple of times. Before the full scale invasion he was running a Ukrainian podcast production “Radio Podil”.
Pavlo’s links
Naya’s links
- UA Responders a foundation specialized on tactical medicine and other medical things. I know them, because my wife is actively helping there and my classmate helps them with logistics. They have Polish IBAN, so it’s handy to send money from within the EU. Obviously, they have other ways to accept donations as well.
- Come Back Alive. I mean, they do not require an introduction. This is the most famous and probably the oldest volunteer organization in Ukraine that helps UA military. Also, now they have a convenient web form to accept donations right in their website.
(image via @lachentyt)
#volunteers #Ukraine
Today is the Volunteer Day. I want to dedicate this post to all the people who help daily our military forces as well as civilians.
Thank you for your work and dedication!
Now, I add a Linktree to each post that contains links to various volunteer organizations as well as other useful things. Today I want to share individuals and foundations I regularly support personally.
- Pavlo Bondarenko and Naya are collecting funds for recon drones and Starlinks for AFU. The both have PayPal, so it’s easy to send money from outside Ukraine. Pavlo is a friend of mine, we’ve been to Sziget Festival together a couple of times. Before the full scale invasion he was running a Ukrainian podcast production “Radio Podil”.
Pavlo’s links
Naya’s links
- UA Responders a foundation specialized on tactical medicine and other medical things. I know them, because my wife is actively helping there and my classmate helps them with logistics. They have Polish IBAN, so it’s handy to send money from within the EU. Obviously, they have other ways to accept donations as well.
- Come Back Alive. I mean, they do not require an introduction. This is the most famous and probably the oldest volunteer organization in Ukraine that helps UA military. Also, now they have a convenient web form to accept donations right in their website.
(image via @lachentyt)
#volunteers #Ukraine
Here’s an article on Currying in Go. Currying is a technique borrowed from the functional programming. It’s essentially a partial implementation of a function.
Anyways, I find such articles interesting, because they show some unconventional angles of a language. I haven’t personally used currying in Go yet. However, examples in that article look reasonable. Maybe, one I day I will try it.
I’m not saying that you should use this technique in your code, but maybe you find it useful. In the latter case, you’re welcome!
#go #programming
Anyways, I find such articles interesting, because they show some unconventional angles of a language. I haven’t personally used currying in Go yet. However, examples in that article look reasonable. Maybe, one I day I will try it.
I’m not saying that you should use this technique in your code, but maybe you find it useful. In the latter case, you’re welcome!
#go #programming
A quite old article on debugging a NodeJS AWS Lambda function.
Yet, I still want to share this one, because even if you don‘t have NodeJS functions specifically, the article has some insights on how to debug Lambda functions in general.
Also, there some take away points that would be relevant for any HTTP workload, not just JS.
#aws #serverless
Yet, I still want to share this one, because even if you don‘t have NodeJS functions specifically, the article has some insights on how to debug Lambda functions in general.
Also, there some take away points that would be relevant for any HTTP workload, not just JS.
#aws #serverless
bahr.dev
How We Debugged And Fixed 'EMFILE: too many files open' On AWS Lambda NodeJS
This article shows how we debugged and fixed an 'EMFILE: too many files open' error on AWS Lambda.
An “Awesome SLOs” list.
Books, articles, videos, and more.
Also, it’s open source, so feel free to contribute!
#slo #observability
Books, articles, videos, and more.
Also, it’s open source, so feel free to contribute!
#slo #observability
GitHub
GitHub - stevexuereb/awesome-slo: Curated list of resources on SLOs
Curated list of resources on SLOs. Contribute to stevexuereb/awesome-slo development by creating an account on GitHub.
Last week we recorded one of our usual voice chats as a test. So, more people who were unable to join because of blackouts could listen to it.
Moreover, the topic of our voice chats was: “How to work without electricity, Internet access, and utilities”.
Although, we have touched other topics as well, as it usually happens:
- Starlinks and external antennas
- M1/2 MacBooks
- Ancient communication technologies
The recording is in Ukrainian and available on:
- YouTube as a static image
- Spotify
- Apple Podcasts
- Google Podcasts
- Anchor
Enjoy!
#voice #говорилка
Moreover, the topic of our voice chats was: “How to work without electricity, Internet access, and utilities”.
Although, we have touched other topics as well, as it usually happens:
- Starlinks and external antennas
- M1/2 MacBooks
- Ancient communication technologies
The recording is in Ukrainian and available on:
- YouTube as a static image
- Spotify
- Apple Podcasts
- Google Podcasts
- Anchor
Enjoy!
#voice #говорилка
YouTube
Як працювати без світла
Записали в тестовому режимі говрилку про те, як працювати, коли немає світла.Поговорили про зарядні станції, акумулятори, Старлінки, Макбуки на М1/2 (і які в...
Disk encryption in AWS is close to useless and potentially harmful.
No, it’s not like AWS is going to do anything with your data.
tl;dr: Encryption at rest protects you from cases when someone steals your disk. However, such an attack vector is so hard in a cloud environment that it’s completely worthless for an attacker.
However, the correct implementation of the encryption at rest will take time and effort that you can put into real risk mitigation and security hardening instead.
#security #aws
No, it’s not like AWS is going to do anything with your data.
tl;dr: Encryption at rest protects you from cases when someone steals your disk. However, such an attack vector is so hard in a cloud environment that it’s completely worthless for an attacker.
However, the correct implementation of the encryption at rest will take time and effort that you can put into real risk mitigation and security hardening instead.
#security #aws
Mellow Root
Disk encryption in AWS is close to useless and potentially harmful
Security theater is the practice of taking security measures that are considered to provide the feeling of improved security while doing little or nothing to...
Monokle CLI is yet another tool to validate cnfiguration for the objects in your
Kubernetes clusters. It's a part of a bigger Monokle project and can be used as a CLI and integrated into your CI/CD pipeline.
For now it can validate:
- YAML syntax
- The schemas of your YAMLs against a configurable K8s version
- Links/references between Kubernetes resources
- A set of predefined OpenPolicyAgent (OPA) policies
- Custom rules written in typescript
Also, it looks like there's an active development around this tool at the moment. So, let's see, how it goes.
#kubernetes
Kubernetes clusters. It's a part of a bigger Monokle project and can be used as a CLI and integrated into your CI/CD pipeline.
For now it can validate:
- YAML syntax
- The schemas of your YAMLs against a configurable K8s version
- Links/references between Kubernetes resources
- A set of predefined OpenPolicyAgent (OPA) policies
- Custom rules written in typescript
Also, it looks like there's an active development around this tool at the moment. So, let's see, how it goes.
#kubernetes
Medium
Monokle-CLI: Flexible Kubernetes YAML Validation
The importance of validation of your Kubernetes YAMLs as part of your pre-commit/deploy workflows is evident as the adoption of…
I like graphical representations of complex systems.
So, here you are: a zine-like scheme of the RAFT consensus algorithm
#raft #zine
So, here you are: a zine-like scheme of the RAFT consensus algorithm
#raft #zine
SRE-ish
Understanding RAFT consensus algorithm
A zine about RAFT
A nice overview of how Docker works on non-Linux hosts as well as an explanation, why I/O operations are so slow. Plus, some hints on how to make it faster for the local development.
tl;dr. Because Docker requires Linux capabilities, thus is has to have Linux VM to run Linux-based images on MacOS and Windows. This VM shares filesystem with the host, which is slow. There’s a new implementation VirtioFS, which is faster, but still not ideal.
We briefly discussed ways of running Docker on the new M-based Macs on our previous voice chat and this article has links to some tools we mentioned there, specifically: Rancher Desktop and Colima.
Also, I recall developers at my previous job complaining about slow-ish Docker performance, but IIRC VirtioFS was not widely adopted back then.
#docker #linux
tl;dr. Because Docker requires Linux capabilities, thus is has to have Linux VM to run Linux-based images on MacOS and Windows. This VM shares filesystem with the host, which is slow. There’s a new implementation VirtioFS, which is faster, but still not ideal.
We briefly discussed ways of running Docker on the new M-based Macs on our previous voice chat and this article has links to some tools we mentioned there, specifically: Rancher Desktop and Colima.
Also, I recall developers at my previous job complaining about slow-ish Docker performance, but IIRC VirtioFS was not widely adopted back then.
#docker #linux
Paolomainardi
Docker on MacOS is slow and how to fix it
Thanks to the DALL·E 2, we finally have a very nice graphic representation of the feelings of a Docker container inside a macOS environment, I will try with this article to make this poor container safe to the coast.
TL;DR Link to heading At the time of writing…
TL;DR Link to heading At the time of writing…
cURL is going to support an output of server certificates in PEM format using
Support for these new
-w
(write-out) options.Support for these new
-w
variables has been merged into curl’s master branch and is scheduled to be part of the coming release of curl version 7.88.0 on February 15th, 2023.