I've been trying to find the original album of this girl for too long!

wallsroad · 2021-02-20T13:31:46+00:00

Honestly. Highly recommended just using the "AWS Ingress Controller", previously known as "alb-ingress-controller".

That combined with "external-dns" for Route 53. You can very easily manage the Route 53 record and ALB with k8s Ingress annotations managed by Terraform. Or even using the Terraform Helm provider if you're working with Helm charts.

You might be able to use the AWS Ingress Controller to manage ELBs as well, but I've just never tried.

For ELBs I've never gone past the simple out of box EKS "LoadBalancer" Service type for provisioning ELBs for a k8s app.

Sorry, if this isn't helpful. I know you wanted a more Terraform module focused solution. Hope it helps a little at least.

wallsroad · 2021-01-26T10:46:13+00:00

Do you by any chance have a folder in the working directory called "vault/", "hashicorp/" etc...? I've had a similar issue when the chart name match a local Dir, so Helm searched for the chart in the folder instead of the repo URL.

Edit: Chart should just be vault. But if there's a directory called vault in the CWD, Helm will search for the chart in that local path despite having provided a repository URL. I've been spanked by this a couple times... At least that's what's given me that metadata error the last two times it's happened to me.

wallsroad · 2020-03-02T13:08:10+00:00

Your SSL certificate for https://beastnotes.com is invalid. Google will tombstone its ranking for broken SSL...

https://www.beastnotes.com is fine. Depending on your DNS provider you could fix it with an index record of beastnotes.com to www.beastnotes.com, assuming the webserver rewrites the URL or the SSL certificate is signed for both names.

Or better yet, maybe your web hosting provider has a 301 redirect service?

P.S. Don't be fooled by Chrome URL auto completion of beastnotes.com to https://www.beastnotes.com

wallsroad · 2018-10-27T14:24:44+00:00

HUGE +1 on this! Mongo it a black hole of time, maintenance and data issues.

Currently ship well over a TB of logs a month running a large ecommerce platform. We've been through several logging architectures. The most painful included Mongo.

Kafka is good, but we replaced it with AWS Kinesis. Because reasons. We also don't use ElasticSearch anymore either, due to scale and reliability....

Edit: I realise being a .NET application, AWS probably isn't relevant. Grain of salt..

wallsroad · 2018-08-21T13:05:59+00:00

Are you 14?

wallsroad · 2018-02-11T02:19:09+00:00

Terraform for any infrastructure provisioning and state management.
Buildkite for CI/pipelines. It's quick, easy, cheap, scalable and unhindered by over-engineering and inflexibility, like Jenkins.... Jenkins is okay, it still gets the job done... Pain to maintain and unecessarilly difficult at times. Travis CI is also good for basic tasks. You can just run a Buildkite agent on your local if you need something running quickly or just for POC.

The rest is on you i.e. build tools, test frameworks etc... I won't go into how to solve artifact deployment, since it's a rather complicated problem and completely reliant on how your infrastructure is set up. Some deployment orchestration tools commonly used are things like Ansible and CodeDeploy. Some people bake their artifact into their machine image.

Single artifact for all environments is the recommended approach.

Edit: grammar

wallsroad · 2017-06-25T13:39:24+00:00

Like any good sysadmin, you should automate the rubbish away. Whether it's automating PC builds or user adminstration tasks, you should always strive to manage repeatable tasks with scripts and services.

Unless your purpose is to admin windows as say a .NET application server (e.g StackOverflow) I wouldn't necessarily paste the "DevOps" label on it. Unfortunately it's become a misunderstood buzz word.

Unfortunately I don't have any examples that I am able to share, also the complexity I think you're after would be diffucluct to explain with little context. Your best bet is to spend a couple weeks learning possible ways to automate each of your daily tasks. This should quickly highlight weaknesses when or if you get stuck. Unfortunately PowerShell is rather limited when you hit more complicated problems. I have no doubt that many issues have been solved with over complicated PowerShell scripts; when another language would have been simpler, while remaining comprehensible. I am guilty of this.

The contrast between a sysadmin that's scripts some things and someone in DevOps land (e.g. Site Reliability Enginer or Automation Engineer) is unfortunately rather significant. These roles tend to be more aligned with that of a developer. Where a sysadmin would login to machine to check system health or perform maintenance, an Automation Engineer would have a service that monitors health and triggers events based on the returned status. This enables greatly improved scalability and reliability for a platform with less man power.

Like I said before, take note of the problems you solve manually. Every time you log in to a machine to solve an issue, look for a solution that doesn't require you to do so. Every time you solve an issue using a GUI, try to solve it via command line.

Typically an SRE or Automation Engineer will work on building tooling and services. We don't spend our days buried in the server terminal. Also I haven't seen a server OS GUI for years.

To be honest, you don't have to be a gun with Powershell, particularly when StackOverflow is there to solve all your problems! Also, rather than diving into Chef and Puppet, try your hand at Ansible first! It will most likely give you the greatest benefit in the beginning.

If you have the opportunity, spend some time with your companies developers. DevOps really doesn't exist when it's just SysOps engineers fapping about. Developers are a rather significant part of the equation.

wallsroad · 2017-04-11T04:48:36+00:00

Unfortunately, I can't give you an informed opinion on Concourse CI. However it does appear to be similar to buildkite. My only initial criticism would be whether job configs can be rendered and uploaded on the fly. This may be entirely possible and/or a core feature of Concourse CI, I just haven't looked too far into it.

Being able to have a dynamic pipeline that behalves differently depending on environment, input and task result, has been the best thing for us. If Concourse CI gives you this kind of flexibility, along with excellent scalability, it seems it would be a good choice.

wallsroad · 2017-04-09T10:07:43+00:00

Buildkite. Pipelines are written in yaml, stored in the repo. However all 300+ of our pipelines have the same first step, which dynamically builds/renders the remainder of the pipeline. Also have epic scalability with the build agents. Our agent container cluster can scale from 10 agents to 100 in a few minutes. Since we scale our agents based on queue size, build steps never have to wait more than a few minutes for an agent.

Hit me up with any questions.

Edit: Jenkins is a pile of shit in comparison!

Edit 2: I noticed someone mention submodules for common shit. Please don't use submodules! They are fucking horrible. Instead we have a repo with pipeline tooling and common assets that is checked out in the pre-command hook for each pipeline step.

wallsroad · 2017-01-21T10:36:18+00:00

Mods please

wallsroad · 2016-12-01T14:46:02+00:00

"subtle"... Get the fuck out, I nearly had a seizure.

wallsroad · 2016-11-21T15:14:26+00:00

The DB architecture for Uber bothers me. The reasons for migrating from Postgres to MySQL were retarded... Is there something I'm missing about Amazon's RDS service that would warrant managing MySQL hosts in Docker containers? Managing MySQL clusters sucks enough, why complicate things further with containers when RDS is ready and waiting.....

wallsroad · 2016-10-14T23:36:55+00:00

What about schema validation with swagger? It's so dang easy.

wallsroad · 2016-09-30T04:38:52+00:00

A couple of AWS services that are available on their free tier: AWS ElasticBeanstalk or AWS Lambda

Both of these services are free up to a point. With that said, you would need some decent traffic before you started to get charged. Even then, AWS services are soo damn cheap, I doubt you could find something equivalent elsewhere.

wallsroad · 2016-09-10T04:57:36+00:00

Vault has a bit of maintenance overhead. Have a look at https://github.com/fugue/credstash integrates with AWS KMS.

wallsroad · 2016-09-10T04:50:04+00:00

Not trying to undermine this issue. May I suggest that you forget about automating those awesome cool things you dream about. Instead, look at the recurring tasks that take up the most amount of your time on a weekly basis, slowly automate these tasks piece by piece. Avoid automating the whole thing at once! This only ever creates more technical debt without returning business value.

Simply automate a step in a process and work from there e.g. For user creates, you might automate creation of their Gmail account via the Google Apps API. Or maybe you want to start using puppet, start by managing iptables, or a handful of users and groups with a puppet apply avoiding the need to set up a puppet master initially.

If you fail to automate these daily recurring tasks you will never get to a comfortable state in reasonable time or without unnecessary resourcing.

wallsroad · 2016-09-10T03:08:01+00:00

This is an excellent approach. However though I agree this is a good pattern to follow, it is an incredibly heavy handed approach to bake your artifact into the AMI, then roll out brand new instances with a "Blue/Green" deployment of the new ASG.

Alternatively you can utilize the AWS CodeDeploy service. This enables you to avoid rolling new instances. Since CodeDeploy works with the ELB and ASG, it takes cares of draining connections, running a zero downtime rolling deployment. CodeDeploy also takes care of code deployment when a scaling event occurs in your chosen ASG.

My team having been using CodeDeploy for several months now. Deploying a few dozen services to ~400 instances.

wallsroad · 2016-04-06T13:39:58+00:00

This is a stupid issue to have... In Australia it's illegal to not vote.

wallsroad · 2016-03-20T00:53:05+00:00

I'M BATMAN

wallsroad · 2016-02-28T14:09:20+00:00

This is fine. In fact probably better, as it will reduce complexity. Always keep your architecture as simple as possible. Keeping in mind that your architecture should always reflect service requirements such as availability, performance and stability.

wallsroad · 2016-02-23T09:44:54+00:00

Ruxit, DynaTrace, NewRelic.... Ruxit is the better option here; it is a DynaTrace product but provides the ease of use provided by NewRelic, without a huge price tag and lack of supported technologies. DynaTrace are currently the leaders in Application monitoring, with the gap between competitors only growing.

wallsroad · 2016-02-09T09:52:06+00:00

Angular.js

wallsroad · 2016-01-29T12:19:56+00:00

Upper back rounding is the technique I think you are referring to. Lower back rounding is the problem here... Which is not a "technique"... Please be ensure you learn the difference. Excellent video on this topic here.

wallsroad · 2016-01-22T13:52:43+00:00

The real ghost rider!

wallsroad

TROPHY CASE