Openshift on Cloudowski DevOps Expert

23 - O praktycznym podejściu do Platform Engineeringu na dużym środowisku z Mariuszem Pełką

Mon, 26 Feb 2024 09:04:23 +0000

Możesz chodzić na konferencje, czytać dokumentacje i snuć plany, ale dopiero praktyczne użycie rozwiązań usprawniających wdrożenia aplikacji pozwala na potwierdzenie realnej przydatności nowych technologii.
I o tym rozmawiam z moim gościem tego odcinka - Mariuszem Pełką z P4 (operatora sieci Play). Nie ukrywam, że znam Mariusza z projektu, gdzie współpracowaliśmy nad budową platformy opartej na kontenerach, Kubernetes (a właściwie to OpenShift) oraz praktykach Platform Engineeringu.

Newsletter #65 - Coraz mniej dystrybucji Kubernetes i niektórzy z niego rezygnują

Tue, 14 Mar 2023 08:00:00 +0000

Wciąż moje główne zajęcie to tworzenie kursu, ale znajduję też czas na bycie na bieżąco z nowościami i ciekawymi projektami. Dzisiaj porcja tego co zwróciło moją uwagę ostatnio z moimi komentarzami.

Newsletter #60 - Czym jest IDP i dlaczego Cilium wymiata

Tue, 07 Feb 2023 07:00:00 +0000

Koniec tego szaleństwa. Chodzi o tryb przedsprzedaży, z którego wychodzę i powracam do standardopwego trybu publikowania treści.
Dzisiaj standardowa porcja informacji ze świata Cloud Native. Styczeń się już skończył, niedługo Walentynki, później Wielkanoc, wakacje i oby do Bożego Narodzenia.

Newsletter #50 - Interesujące nowości dla Kubernetes od Microsoft

Tue, 08 Nov 2022 07:00:00 +0000

Rzadko piszę o Microsoft, a w końcu to olbrzymi gracz na rynku cloudowym (podobno drugi, tuż za AWS). Tak się składa, że ostatnio wypuścili garść ciekawych nowości dla swojego Kubernetesa, czyli AKS. To cieszy, bo oznacza, że Ci którzy korzystają z chmury Microsoftu nie zostaną w tyle za EKS czy moim ulubionym GKE. Wiem, że Azure jest w sporej ilości firm w Polsce - widzę to szczególnie podczas szkoleń. A dla tych co nie mają Azure przygotowałem też garść innych nowości. Zapraszam!

Which Kubernetes distribution to choose for on-prem environments?

Sat, 30 Jan 2021 12:47:00 +0000

Most people think that Kubernetes was designed to bring more features and more abstraction layers to cloud environments. Well, I think the biggest benefits can be achieved in on-premise environments, because of the big gap between those environments and the ones that can be easily created in the cloud. This opens up many excellent opportunities for organizations which for some reasons choose to stay outside of the public cloud. In order to leverage Kubernetes using on-premise hardware, one of the biggest decisions that needs to be made which software platform to use for Kubernetes. According to the official listing of available Kubernetes distributions, there are dozens of options available. If you look closely at them, however, there are only a few viable ones, as many of them are either inactive or have been merged with other projects (e.g. Pivotal Kubernetes Service merged with VMware Tanzu). I expect that 3-5 of these distributions will eventually prevail in the next 2 years and they will target their own niche market segments. Let’s have a look at those that have stayed in the game and can be used as a foundation for a highly automated on-premise platform.

4 ways to manage Kubernetes resources

Sat, 14 Mar 2020 22:00:00 +0000

Kubectl is the new ssh

When I started my adventure with linux systems the first tool I had to get to know was ssh. Oh man, what a wonderful and powerful piece of software it is! You can not only log in to your servers, copy files, but also create vpns, omit firewalls with SOCKS proxy and port-forwarding rules, and many more. With Kubernetes, however, this tool is used mostly for node maintenance provided that you still need to manage them and you haven’t switched to CoreOS or another variant of the immutable node type. For any other cases, you use kubectl which is the new ssh. If you don’t use API calls directly then you probably use it in some form and you feed it with plenty of yaml files. Let’s face it - this is how managing Kubernetes environment looks like nowadays. You create those beautiful, lengthy text files with the definitions of the resources you wish to be created by Kubernetes and then magic happens and you’re the hero of the day. Unless you want to create not one but tens or hundreds of them with different configurations. And that’s when things get complicated.

Why Vault and Kubernetes is the perfect couple

Fri, 21 Feb 2020 22:00:00 +0000

The (not so) secret flaws of Kubernetes Secrets

When you’re starting learning and using Kubernetes for the first time you discover that there is this special object called Secret that is designed for storing various kinds of confidential data. However, when you find out it is very similar to ConfigMap object and is not encrypted (it can be optionally encrypted at rest) you may start wondering - is it really secure? Especially when you use the same API to interact with it and the same credentials. This, combined with a rather simple RBAC model, can create many potential risks. Most people would stick with one of three default roles for regular users - view, edit, and admin - with view as the only one that forbids viewing Secret objects. You need to be very careful when assigning roles to users or deciding to create your custom RBAC roles. But again, this is also not that easy since RBAC rules can only whitelist API requests - it is not possible to create exceptions (i.e. create blacklists) without using the external mechanism such as Open Policy Agent.

How to build CI/CD pipelines on Kubernetes

Wed, 23 Oct 2019 20:00:00 +0000

Kubernetes as a standard development platform

We started with single, often powerful, machines that hosted many applications. Soon after came virtualization, which didn’t actually change a lot from a development perspective but it did for the field of operations. So developers became mad, and that’s when the public cloud emerged to satisfy their needs instead of operations guys’. Now, this pendulum has moved once again and we have something that is beneficial for both sides - Kubernetes platform. I keep saying and will repeat it here again - I think it’s one of the best projects that have emerged in the last decade. It has completely changed the perspective of how we deliver applications and also how we manage platforms for them. This time I want to focus on the delivery process and how it can be built and what the real benefits of using Kubernetes for that purpose are.

10 most important differences between OpenShift and Kubernetes

Thu, 29 Aug 2019 20:00:00 +0000

UPDATED on 10.6.2019 (after the release of OpenShift 4.1): Added information on OpenShift 4.

UPDATED on 30.8.2019: Added information on CodeReady Containers for running single OpenShift node.

OpenShift has been often called as “Enterprise Kubernetes” by its vendor - Red Hat. In this article, I’m describing real differences between OpenShift and Kubernetes.

Jenkins on OpenShift - how to use and customize it in a cloud-native way

Wed, 31 Jul 2019 20:00:00 +0000

I can’t imagine deployment process of any modern application that wouldn’t be orchestrated by some kind of pipeline. It’s also the reason why I got into containers and Kubernetes/OpenShift in the first place - it enforces changes in your approach toward building and deploying but it makes up for with all these nice features that come with Kubernetes.

Maintaining big Kubernetes environments with factories

Sun, 21 Jul 2019 20:00:00 +0000

People are fascinated by containers, Kubernetes and cloud native approach for different reasons. It could be enhanced security, real portability, greater extensibility or more resilience. For me personally, and for organizations delivering software products for their customers, there is one reason that is far more important - it’s the speed they can gain. That leads straight to decreased Time To Market, so highly appreciated and coveted by the business people, and even more job satisfaction for guys building application and platforms for them.

Honest review of OpenShift 4

Thu, 20 Jun 2019 20:00:00 +0000

We waited over 7 months for OpenShift Container Platform 4 release. We even got version 4.1 directly because Red Hat decided not to release version 4.0. And when it was finally released we almost got a new product. It’s a result and implication of acquisition of CoreOS by Red Hat announced at the beginning of 2018. I believe that most of the new features in OpenShift 4 come from the hands of a new army of developers from CoreOS and their approach to building innovative platforms. But is it really that good? Let me go through the most interesting features and also things that are not as good as we’d expect from over 7-month development (OpenShift 3.11 was released in October 2018).

How to increase container security with proper images

Sun, 26 May 2019 20:00:00 +0000

Security is a major factor when it comes to a decision of whether to invest your precious time and resources in new technology. It’s no different for containers and Kubernetes. I’ve heard a lot of concerns around it and decided to write about the most important factors that have the biggest impact on the security of systems based on containers running on Kubernetes.
This is particularly important, as it’s often the only impediment blocking potential implementation of container-based environment and also taking away chances for speeding up innovation. That’s when I decided to help all of you who wants strengthen security of their containers images.

Three levels of highly available apps on Kubernetes

Mon, 21 Jan 2019 22:00:00 +0000

Beautiful but useless systems

Hundreds of applications, thousands of users and millions of requests - that is often a landscape of a modern IT environment. However, problems are still the same.

Why managing container images on OpenShift is better than on Kubernetes

Sat, 15 Sep 2018 20:00:00 +0000

So you’ve decided to go with Kubernetes and started building your container images. Now the question is where to push them and how to manage them properly?

Myths around containers. Part 3: Speed

Thu, 22 Feb 2018 22:00:00 +0000

Containers are considerably faster than virtual machines - at least that’s what most people say. But do they actually bring more speed to overall development and deployment process? Let’s find out in the third part of my article series.

Myths around containers. Part 2: Portability

Sun, 28 Jan 2018 22:00:00 +0000

Is it true that after so many years we finally have real, portable format for all applications? It seems that we’ve come very close to that goal and it’s time to find out more about portability that comes with container revolution.

Myths around containers. Part 1: Security

Sun, 07 Jan 2018 22:00:00 +0000

We had many revolutions in IT infrastructure world over past 20 years or so. Virtualization promised hardware abstraction, private cloud promised lower costs and flexibility and containers keep adding more to that pile creating a vision of perfect world.