Do you ever really think about how you get access to your Kubernetes control plane? Whatever mechanism you use to provision your cluster, you get a KUBECONFIG and usually just go on your merry way to overcomplicating your infrastructure. However, if you’ve ever looked at your KUBECONFIG you’ll see you...
Published Mar 23, 2024 by Lee Briggs
#tailscale
#kubernetes
#devops
Load Balancers are expensive. If you’re using Kubernetes, they are also a necessity. Figuring out how to expose a Kubernetes workload to the world without a Load Balancer is a bit like trying to make a sandwich without bread. You can do it, but nobody is going to want to...
Published Feb 26, 2024 by Lee Briggs
#tailscale
#kubernetes
#devops
Earlier this year, I attended CfgMgmtCamp in Ghent and listened to Adam Jacob’s “What if Infrastructure as Code never existed” keynote. Note: I’d like to extend a huge thanks to Adam for taking the time to review this post, and for an unnamed person for consistently reviewing these posts and...
Published Sep 28, 2023 by Lee Briggs
#devops
#infrastructure-as-code
If you’ve read this blog before, or are unfortunate enough to have an actual personal relationship with me, you’ll know that I have strong opinions and can be, shall we say, passionate about them. For posts on this blog, I try to share those opinions and avoid directly addressing the...
Published Sep 4, 2023 by Lee Briggs
#devops
#infrastructure-as-code
If you’re thinking of migrating to another infrastructure as code tool (and why would you, everything is great in the IaC world now, right?!) you might find yourself asking yourself a fundamental question when you get started: how do I structure things in a way that scales well and stands...
Published Aug 17, 2023 by Lee Briggs
#devops
#infrastructure-as-code
#aws
#pulumi
One of my favourite things about AWS is their ability to make the wrong decision easy and the right decision hard. Our world is moving towards managed services and “off the shelf” experiences for provisioning infrastructure and deploying applications. AWS itself has gotten the memo with its introduction of services...
Published Sep 5, 2022 by Lee Briggs
#devops
#infrastructure-as-code
#aws
Note: I am a Pulumi employee which means I have an agenda when writing this post. That said, my intent here is to accurately describe the state of the Infrastructure as Code market, so will endeavour to be objective with my opinions. This is long. What’s the TL;DR? I made...
Published Aug 26, 2022 by Lee Briggs
#devops
#infrastructure-as-code
#pulumi
#terraform
#crossplane
#cloudformation
#arm
Note: If you read the title and thought ‘I know what declarative and imperative mean!’ note that I’m employing hyperbole as a comedic device and I’m aware lots of people know what the words mean Like all tech employees, I’ve had feedback and performance reviews my whole career which varied...
Published Jul 20, 2022 by Lee Briggs
#devops
#infrastructure-as-code
#declarative
#imperative
It’s probably difficult for most people to recall the first time they heard a word, but I remember hearing the word “DevOps” for the first time. I was having a beer with a colleague in 2013 who has taught me almost everything I knew at that point. I’d been lucky...
Published Jun 21, 2022 by Lee Briggs
#devops
Something I miss after emigrating from the UK to the USA is the using the name of a yeast extract based spread as an adjective. To describe something as “marmite” is to indicate that people either “love it” or “hate it”, and if you ask anyone from the UK, Australia...
Published May 9, 2022 by Lee Briggs
#infrastructure-as-code
#infrastructure-as-software
#pulumi
#yaml
It’s been over 3 years since I published my most successful blog post about the abject horror of templated yaml and in many ways, I feel the same way now as I did then, with the exception of falling out of love with jsonnet. Jsonnet seemed like a good tool...
Published May 4, 2022 by Lee Briggs
#infrastructure-as-code
#infrastructure-as-software
#pulumi
#yaml
Picture the scene. You’re configuring your automation pipelines, whether it’s deploying infrastructure, applications or any other piece of your CI/CD pipeline that needs to access a cloud provider. You want to do things properly, so you define a well scoped role with a minimum set of permissions that you need...
Published Jan 23, 2022 by Lee Briggs
#infrastructure-as-code
#infrastructure-as-software
#pulumi
#security
Engaging with the Pulumi community has been one of the most enjoyable parts of my time so far at Pulumi. If you’ve used the Pulumi Community Slack or asked about Pulumi on Twitter, Reddit or Stack Overflow there’s a reasonable chance interacted with me! In the 18 months I’ve been...
Published Nov 6, 2021 by Lee Briggs
#infrastructure-as-code
#infrastructure-as-software
#pulumi
Building reusable abstractions is one of the most important and rewarding parts of any infrastructure as code journey. Allowing users to be able to quickly define infrastructure from well defined, repeatable patterns can quickly help your community grow. The incumbent software in the IaC space like Terraform, CloudFormation and Azure...
Published May 17, 2021 by Lee Briggs
#infrastructure-as-code
#pulumi
If you’ve never written in-depth, production ready software in your programming language of choice, you might never have come across asynchronous programming. I managed to spend several years as an infrastructure type person and hadn’t ever really written any tool or software that took advantage of asynchronous concepts. This created...
Published May 9, 2021 by Lee Briggs
#async
#pulumi
#getting-started
While doing my usual mid-morning Twitter shill exercise for my employer last week, a twitter user slid into my replies and asked me an interesting question: This immediately struck a chord for me, because if I look back 5 years in my career, I would have considered myself a “non-programming...
Published Jan 27, 2021 by Lee Briggs
#tech
#pulumi
#getting-started
Note: This post is about Pulumi who is now my employer. If you don’t want to hear about that, look away now. Note: Some images have been redacted to protect the innocent I can remember the exact moment I first realized I didn’t want to be a software developer. It...
Published Dec 16, 2020 by Lee Briggs
#tech
#pulumi
The year is 2020, and the US election is a matter of days away. While the world deals with an unprecedented pandemic and Americans on both sides of the aisle fight for what they believe to be the very soul of their nation, conservative media is in a frenzy about...
Published Oct 29, 2020 by Lee Briggs
#politics
#tech
#why-am-i-having-to-write-this
If you’ve used Terraform before, migrating to Pulumi is often an exhilarating experience. Since I started working at Pulumi back in March, I’ve heard countless stories from users about how adopting Pulumi has changed the way their organizations work and allowed them to be more expressive and productive with their...
Published Jul 7, 2020 by Lee Briggs
#pulumi
#terraform
#cloud
Note: An advanced warning: I recently changed companies and now work for Pulumi, which I’ll be discussing here. If you don’t want to hear about that, look away now. Configuration complexity chases you This year marks my 10th anniversary as a (full time) system administrator. When I look back over...
Published Apr 8, 2020 by Lee Briggs
#pulumi
#kubernetes
#AWS
At $work, we have several Kubernetes clusters across different geographical and AWS regions. The reasons range from customer requirements, to our own desire to reduce operational “blast radius” issues that might come up. Our team has experience large outages before, and we try and build the smallest unit of deployment...
Published Dec 9, 2019 by Lee Briggs
#argocd
#jkcfg
#kubernetes
#AWS
I’ve been building a Kubernetes based platform at $work now for almost a year, and I’ve become a bit of a Kubernetes apologist. It’s true, I think the technology is fantastic. I am however under no illusions about how difficult it is to operate and maintain. I read posts like...
Published Apr 13, 2019 by Lee Briggs
#fargate
#kubernetes
#AWS
I was at cfgmgmtcamp 2019 in Ghent, and did a talk which I think was well received about the need for some Kubernetes configuration management as well as the solution we built for it at $work, kr8. I made a statement during the talk which ignited some fairly fierce discussion...
Published Feb 7, 2019 by Lee Briggs
#kubernetes
#configuration mgmt
#jsonnet
#helm
#kr8
TL;DR: - go here I often spend time in my day job wishing I could implement $newtech. I’m lucky enough to be working on projects right now that many people would find exciting, interesting and challenging, however it’s often the case that I see something I’d like to try, but...
Published Jan 26, 2019 by Lee Briggs
#kubernetes
#configuration mgmt
#homelab
#kr8
Previous visitors to this blog will remember I wrote about configuration mgmt for Kubernetes clusters, and how the space was lacking. For those not familiar, the problem statement is this: it’s really hard to maintain and manage configuration for components of multiple Kubernetes clusters. As the number of clusters you...
Published Nov 7, 2018 by Lee Briggs
#kubernetes
#configuration mgmt
#jsonnet
#kr8
Serverless computing is all the rage at the moment, and why wouldn’t it be? The idea of deploying code without having to worry about anything like servers, or that pesky infrastructure everyone complains about seems pretty appealing. If you’ve ever used AWS lamdba or one of its related cousins, you’ll...
Published Oct 16, 2018 by Lee Briggs
#kubernetes
#serverless
#kubeless
A few months back, I wrote an article which got a bit of interest around the issues configuring and maintaining multiple clusters, and keeping the components required to make them useful in sync. Essentially, the missing piece of the puzzle was that there was no cluster aware configuration management tool....
Published Sep 20, 2018 by Lee Briggs
#pulumi
#kubernetes
#configuration mgmt
It’s been over a year since my last blog post, and since then I’ve been working on Kubernetes almost exclusively for $employer. During that time, I’ve noticed a growing need for something that many people in the DevOps/SRE/Sysadmin world take for granted. I wanted to come out of my blog...
Published May 8, 2018 by Lee Briggs
#kubernetes
#configuration mgmt
Day 3 of Kubecon! Before I begin, I have to make it clear that this was another day of frustration for me. As it was yesterday, all of the talks I really wanted to see were completely overflowing, and this was despite me making efforts to get to the talks...
Published Mar 30, 2017 by Lee Briggs
#kubernetes
#conference
#recap
Day 2 of KubeCon was absolutely jam packed! There were lots of tracks, so I won’t be able to cover everything that happened, but hopefully I can recap some of the stuff I found interesting. One thing to note is that the Technical deep dive rooms were dramatically over subscribed,...
Published Mar 29, 2017 by Lee Briggs
#kubernetes
#conference
#recap
I was lucky enough to be able to attend CloudNativeCon/Kubecon in Berlin, Germany. This is my recap of the first half day of lightning talks, panels and project updates. Note - this is not an exhaustive recap. The stuff here is mainly what caught my eye during the first evening....
Published Mar 28, 2017 by Lee Briggs
#kubernetes
#conference
#recap
Kubernetes has a reputation for being great for stateless application deployment. If you don’t require any kind of local storage inside your containers, the barrier to entry for you to deploy on Kubernetes is probably very, very low. However, it’s a fact of life that some applications require some kind...
Published Mar 12, 2017 by Lee Briggs
#kubernetes
#volumes
#storage
#FlexVolume
In the previous post, I went over some basics of how Kubernetes networking works from a fundamental standpoint. The requirements are simple: every pod needs to have connectivity to every other pod. The only differentiation between the many options were how that was achieved. In this post, I’m going to...
Published Feb 18, 2017 by Lee Briggs
#kubernetes
#calico
I have some problems with Kubernetes. It’s a fantastic tool that is revolutionizing the way we do things at $work. However, because of its code complexity, and the vast number of features, plugins, addons and options, the documentation isn’t getting the job done. The other issue is that too many...
Published Feb 15, 2017 by Lee Briggs
#kubernetes
#flannel
#calico
One of the first tools I came across when I started out in the IT industry was SmokePing. It’s been around for years and solves the important job of graphing latency between two points in a reasonable way. As a company grows and scales out into multiple datacenters, latency can...
Published Jan 25, 2017 by Lee Briggs
#software
#golang
Every company that uses Puppet eventually gets to the stage in their development where they want to store “secrets” within Puppet. Usually (hopefully!) your Puppet manifests and data will be stored in version control in plaintext and therefore adding these secrets to your manifests has some clear security concerns which...
Published Nov 15, 2016 by Lee Briggs
#puppet
I love Gitlab. With every release they announce some amazing new features and it’s one of the few software suites I consider to be a joy to use. Since we adopted it at $job we’ve seen our release cycle within the OPS team improve dramatically and pushing new software seems...
Published Aug 22, 2016 by Lee Briggs
#gitlab
We’re finally beginning to build out our production Kubernetes infrastructure at work, after some extensive testing in dev. Kubernetes relies heavily on TLS for securing communications between all of the components (quite understandably) and while you can disable TLS on many components, obviously once you get to production, you don’t...
Published Aug 21, 2016 by Lee Briggs
#puppet
#kubernetes
So you’ve decided you want to use Configuration Management to control your infrastructure. You’ve read about all of the benefits of “infrastructure as code” and you’ve decided you’re going to Puppet as your chosen configuration management tool. I personally believe this to be a good choice. When making comparisons between...
Published Jun 9, 2016 by Lee Briggs
In my last post I wrote about service discover with my Puppetmasters using consul As part of this deployment, I deployed a healthcheck using Consul’s TCP Checks to check the puppetmasters was responding in its default port (8140). In Puppet, it looked like this: ::consul::check { 'puppetmaster_tcp': interval => '60',...
Published Feb 17, 2016 by Lee Briggs
I had a problem recently. I’m deploying services, and everything is Puppetized, but I have to manually tell other infrastructure that it exists. It’s frustrating. As an “ops guy” I focus on making my infrastructure services available, resiliant and distributed so that they can scale well and not fail catastrophically....
Published Feb 8, 2016 by Lee Briggs
In my last post, I discussed sensu aggregates and server side checks and how to use them in order to monitor clusters or machines. I now want to change tack a little bit, and discuss how sensu’s server side checks can be used to monitor remote services in a distributed...
Published Jan 31, 2016 by Lee Briggs
Sensu has really evolved into a first class monitoring tool, and the main reason for this is in part due to its flexibility and being able to solve monitoring problems in a way that suits you. Up until this point at $employer, we’ve mainly made use of sensu checks that...
Published Jan 29, 2016 by Lee Briggs
Sensu has a lot of cool features, but some of them are rarely used because either the documentation isn’t massively clear, or people deem it a “bit hard”. One of these cool features is redaction of passwords. You may have seen many a sensu check in the uchiwa dashboard with...
Published Jan 27, 2016 by Lee Briggs
At {place of work}, in order to reduce our outband bandwidth, we do the sensible thing and mirror the CentOS repos locally in order to not, y’know, pull down a couple gig of RPM’s every time we do a server build. Obviously, a lot of people do this, and there’s...
Published Dec 20, 2014 by Lee Briggs
#mrepo
#puppetlabs
For a long time, I ran a blog, wiki and static website on a VPS which I managed. As I finished education and started in the work force, I realised that managing a server in my spare time just wasn’t fun anymore, and the website and blog fell into disarray....
Published Dec 19, 2014 by Lee Briggs