Openshift on AWS Caveats

Cloud versus on-premises based Openshift deployments have their own unique set of challenges. From a consulting perspective, I generally view cloud as easier in terms of orchestration, but with the possibility of deeper technical issues.

The main challenges people seem to face with OCP on AWS are integration with the cloud plugin, registry storage, DNS, and successfully managing the AWS and Openshift layers in harmony:

Openshift on AWS architecture

Read on →

Prometheus

Some time last year Prometheus became a technical preview for Openshift. That same month I rolled onto a project with some pretty steep architectural layouts of handling metrics. I spent several sprints hacking out of the box features and configurations into Openshift’s Prometheus deployment. All of this changed towards the end with the introduction of the Monitoring Operator. I’ll be writing about that at a later date, I’m still working out some kinks in my home lab.

Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community. It is now a standalone open source project and maintained independently of any company. To emphasize this, and to clarify the project’s governance structure, Prometheus joined the Cloud Native Computing Foundation in 2016 as the second hosted project, after Kubernetes.

Read on →

Building Thie Site (Again)

My previous setup wasn’t very agile. It was fun scrapping some shell scripts together but it wasn’t very agile or flexible.

This new incarnation is generated using Octopress. It’s a pretty simple deployment and not that much different from my previous setup. I didn’t need to change much from my original deployment script. I took a pretty basic theme and ripped most of it out to emulate the old site as much as I could. Currently this falls apart on mobile browsers.

I literally just kick this off with a shell script to a tiny ec2 instance.

Read on →

Kubernetes-2

Accessing the Kubernetes Dashboard

Not of much use right now, but simple to set up:

1
2
3
4
kubectl create -f https://git.io/kube-dashboard
kubectl proxy
Starting to serve on 127.0.0.1:8001
ssh -L 8001:127.0.0.1:8001 -N <hostname>
Read on →

Kubernetes

Learning these new hip container orchestration tools can be intimidating. I remember learning OpenShift the first time and slamming my face against the keyboard for days as my installer would fail 35 minutes out of an hour in. Learning these tools can also be cumbersome for us who self practice if you use a cloud service.

Read on →

Plotting Banned Hosts

I’ve had some extra time this week. I made a quick and dirty way to automatically plot nodes I ban from this site. This has been done before and the code is public, I’ll probably check out those examples next week to compare. I added an extra action to Fail2ban to append each IP to a text file. I have an hourly cronjob generating a new plot and throwing it into html/images/. Part of it calls on this Rscript:

1
2
3
4
5
6
7
8
9
10
11
12
13
  library("rgeolocate")
  library("stringr")
  library("rworldmap")

  ipVector <- strsplit(readLines("banned.txt"), '\n')
  list <- ip_api(ipVector, delay = TRUE)
  newmap <- getMap(resolution = "li")

  png(file = 'plot.png', width=992, height=553, res=45)

  plot(newmap)
  points(list$longitude, list$latitude, col = "red", pch=10)
  dev.off()
Read on →

Fail2ban

This site is hosted using Amazon Web Services. I don’t have much preference with cloud providers, but I needed some experience with ec2 instances. Amazon’s security groups have made securing things pretty trivial, especially with my simple use case.

Seeing a growing emphasis on security in the last decade has been really interesting. I always viewed it as a checkbox for job qualification, as opposed to a career track (In a similar argument to how, a building contractor should be naturally qualified at securing a structure, since he knows how they are from the inside-out) so I used to question the need for “Security Teams.” Later on I learned it’s necessary for resource management and ensuring product delivery.

Read on →

Building This Site [Legacy]

This is no longer relevant.

I have no idea how to make a website. I considered reading into best practices and learning whatever web people do, but making things up as I go along is a lot more interesting. The only webserver experience I have is the occasional IT exam question, and most of that is the equivalent of hitting a switch. So, everything here is subject to change any time.

Most things I’m interested in sharing are pretty reasonable by hand - I don’t need any fancy databases or dynamic pages, and I also don’t want to re-learn some tool every time I haven’t touched things in awhile. This wasn’t a big deal until the idea of maintaining a blog came up. I write most pages on my personal laptop and use a small Ansible playbook to synchronize the two. Currently this is pretty basic:

Read on →