Continuous Delivery should be a solved issue: the practice is well-defined and there is a plethora of tools implementing it with more or less peculiarities, but still many struggle implementing it. The dream of a perfect continuous deployment flow from the developer to the production environment with software quality gates based on automated tests is still alive in me, I tried and tried several times with multiple implementations on multiple platforms and never got to the point where I could say: “I’m done, this works exactly as I wanted”.
[Read More]
Serverless on Kubernetes
Kubernetes is the de facto platform for running modern applications: its broad adoption in 2017 and the velocity of the project made it so and it’s been accepted as the standard for many companies, from small to planet scale. It was impossible that such an extensible platform would be left out the serverless party, so here are the 4 main players offering FaaS to be run via k8s.
A premise If you’re new to serverless and FaaS and all the previous buzzwords sound like cacophony to your ears, I really recommend reading this post and watching this talk.
[Read More]
Golang Concurrency Patterns
In the early days of Go the language was often tailored towards “system programming” due to its C-stlye syntax and ability to write high-performance applications. Few time after, Go adoption was starting to gain traction for distributed systems development and projects like etcd, docker and kubernetes revealed the power of the networking capabilities offered by the internals in the language. Along the way a lot of libraries have been built around the powerful primitives offered by Go but in my opinion there is not enough use literature around the Communicating Sequential Processes implementation available through channels and goroutines, they are not even widely used in the standard library.
[Read More]
Getting Started With Google Cloud Builder
One of the advantages of containerized applications is the standardization, some would say “write it once, runs everywhere” but that’s another motto for another product. Anyway with a new packaging technology the same problems are faced: build reproducibility, or the necessity for people doing Ops to know they are going to deploy the same exact piece of code the Dev team used in their tests. So to address this issue the container image needs to be immutable: once it’s built, it’s not going to be changed, ever.
[Read More]
DevOps: you're doing it wrong
Recently I received a mail pointing me to a post about DevOps culture and some anti-patterns and misconception on how to build and grow a DevOps culture in a company. Whoever like me works in the Enterprise (“the one with the big E” - Kelsey Hightower) knows that applying DevOps practices often is limited to the adoption of some tools or the creation of a “DevOps team” responsible of managing some continuous delivery pipeline.
[Read More]
Automate TLS management on AWS with LetsEncrypt
Letsencrypt is cool: automated, free TLS certificates for everybody! They are sponsored mainly by internet corps and they started a crowd-funding campaign to avoid the influence of this corps in the future of the project. I recently moved the blog to hugo on AWS and I’m now porting the TLS management scripts I wrote a while ago on AWS: this is a nice exercise to give a proper TLS automation valid for everyone on AWS.
[Read More]
4pres goes #serverless
Last month I felt I was a little late for the #serverless party going on all over the internet and I started taking a look at what the pros and cons would be to actually not manage any server myself. Shutting down my VPS hosting my apps I will lose my mail server, my MySQL instances and my Docker registry but: who cares? There are cloud services I can use with hundreds of times more availability and for a fraction of the cost.
[Read More]
Moving the blog to hugo
In times of experimenting, I am now having a lot of fun with docker, rkt, kubernetes and containers ecosystem in general. But one thing I never forget to play with is content editing and publishing! So here I am, trying to migrate all my blog and website to Hugo :)
So instead of a bare VPS I am moving my blog to AWS S3 + Cloudfront CDN. This will be more scalable and far less expensive.
[Read More]
A benchmark of AWS EFS
Amazon Web Services Elastic File System has been to my knowledge the service to have the longest beta testing period: reason for this may be that not as many client as expected tested it and AWS received too few feedback on it or that there were issues not to release GA. I don’t want to speculate on which one is correct but now that it has been officially released I decided to give it a try and of course compare it to a self-managed solution on the same platform.
[Read More]
AWS IAM policy to let users manage their own MFA
If you’re an AWS administrator you know that managing web console security is pretty tough unless you know what you want and you know what you’re doing. So if what you want is let each AWS user manage their own MFA device configuration without you and force them to have MFA active to use the web console, here is your solution.
TL;DR
Create one or more groups with your web users Create a new policy using this JSON Attach the policy to the group(s) How does it work?
[Read More]