The NodeSelector Is My Mixed-CPU-Architecture Kubernetes Cluster's Best Friend!
I have an always growing Kubernetes cluster. I currently have a cluster made of 2 Raspberry Pis and 1 PC but HOW, isn't that frowned upon? Well, you can use the NodeSelector attribute to make the containers stick to specific nodes. The specifics we are covering in this article are the CPU architectures of the nodes since the Raspberry Pis run ARM and my PCs run AMD64.
Don't be a part of the naughty list of the internet exposed Kubernetes clusters!
A finding by the Shadow Foundation uncovered close to half a million k8s endpoints on the internet which can be targets to exploits. One factor is that by default these clusters are built with public IPs since cloud providers are outside your network and not all companies can have ExpressRoutes or dedicated point to point connectivity. To increase the security and have easier routing of your kubernetes cluster you can create a private cluster. In Azure Kubernetes Service the private cluster assigns an internal IP to your k8s API but NGINX defaults to external IP so in this article I walk through configuring NGINX to have internal IPs as well to keep it all inside the network.
5 Quick but powerful tips for Dev#$%!Ops Success
There are a ton of variations out there like DevSecOps, MLOps, GitOps (My Favorite), NetOps, DataOps, BizOps, even NoOps, etc. In my opinion, it all comes back to the basic definition which says that Dev<whatever in the middle>OPS is like a soup recipe with 3 main ingredients that are easy to find in your organization's pantry which are people, processes and automation tools. Add the right amount of each ingredient to taste and turn on the heat (Do not cook people)!
The end goal is to serve your customers the best bowl of software soup they've had?!
Self-Healing I.T. Orchestration with Jenkins, Powershell, ServiceNow and Azure DevOps!
Most I.T. ticketing systems have an incident module to wait for users to submit issues so that the team can triage and react to solve the issue. In some cases you can spot repetitive issues and automate a fix or workaround to, at least, proactively bring services back online faster than waiting for an user to get an issue and then report the incident. Another benefit on automating fixes or work arounds is that they work 24/7 and they respond faster then the on call person. In this article I will show how to use Jenkins, Powershell, ServiceNow and Azure DevOps to orchestrate a server reboot after detecting a specific issue in the event log of a Windows server.
Scale Down a specific node in Azure Kubernetes Service
In the past I've scaled up a cluster to test a new deployment or to provide extra compute during an upgrade but when it comes to scaling down AKS won't pick the node with less resources or even the drained one so I've seen it briefly disrupt a deployment.
To have more control on what AKS scales down you can use virtual machine scale set protection policies to specify which node to remove. Here's how to do so...
Deploy Carbon Black linux sensor to your endpoints with a simple Ansible playbook.
You can bake some things into your gold images and/or deploy after the servers are up. Unlike other AVs, Carbon Black makes it easy to do both but in this article we will talk about deploying it after the ubuntu server is up with Ansible.
There are 2 requirements to this playbook. First get the company code from your Carbon Black console. Second, download the sensor from the Carbon Black console ahead of time to to avoid sign-in or MFA. I have 2 examples here where you can download it to the local ansible agent and copy it to the remote server or you can download from Azure storage blob.
The ansible playbook is simple but I added some conditions to make it idempotent.
Checks if CB is already installed
Create directories to place the compressed and uncompressed files.
Downloads installer from Blob to target (If not present)
Uncompress Tarball on Remote Target
Install with Company Code
Easiest Way to Deploy Ubuntu 20.04 with NVIDIA Drivers and the Latest CUDA toolkit via Packer.
I am building an analytics system that deploys containers on top of the Azure NCasT4_v3-series virtual machines which are powered by Nvidia Tesla T4 GPUs and AMD EPYC 7V12(Rome) CPUs. I am deploying the VM from an Azure DevOps pipeline using Hashicorp Packer and after trying a few ways I found a very easy way to deploy the VM, Driver and Cuda Toolkit which I will share in this article.
Add MinIO to an Elastic Cloud On Kubernetes ES Cluster to Snapshot or Restore Indices.
A client had an on prem deployment on bare metal and chose to use MinIO as a snapshot repository. We migrated to AKS and needed to restore the data in the new cluster. Initially we were going to Snapshot to an Azure Storage account but there were bugs on the old version ES containers which didn't allow us to register an Azure Repo (one of the many reasons to lift and shift) so we had to take the data off MinIO. There is not a lot of documentation out there so wanted to put it all together to help others.
Avoid Self-Monitoring on your PROD ElasticSearch Cluster! Ship logs to a separate deployment.
It is highly recommended to disable self-monitoring on your production Elasticsearch deployment for performance and built-in support in Elastic Cloud on Kubernetes. In this article we go over configuring the monitoring cluster.
Deploy A Private Elastic Cloud Kubernetes Cluster On Azure DevOps Pipelines For CI/CD
ElasticSearch has developed a great Operator for Kubernetes to orchestrate tasks to make things easier to deploy and prevent cowboy engineers like me forcing changes that end up breaking stuff :D . In this article I will go over deploying ECK on AKS via ADO and I will share some FYIs. (Too many acronyms, get ready for more.)