Due to recent refactoring, I figured out that I need to move some Terraform state items from one S3 path to another. And then to merge configurations with other stuff at the destination directory. Terraform can move state items around, but this feature doesn’t work with remote states. Here is one way of doing it. Example Use Case First, let’s consider the following situation, this is configuration directory tree output: . ├── db │   └── test │   ├── main.tf (s3 key: aws/db/test/terraform.tfstate) │   └── rds.tf ├── test │   ├── main.tf (s3 key: aws/test/terraform.tfstate) │   ├── sqs.tf You want to merge db/test state items into aws/test/terraform.tfstateRead More →

More than one year ago CoreOS introduced AWS ALB (Application Load Balancer) support for Kubernetes. This project was born out of Ticketmaster’s tight relationship with CoreOS. It was in an alpha state for a long time, so I waited for some beta/stable release to put my hands on it. The project is donated to Kubernetes SIG-AWS on June 1, 2018, and now there is a lot more activity. A few months ago the first stable version got released. Let’s try the ALB ingress and see how it compares to Nginx ingress or more advanced Contour ingress that I wrote about in some previous posts. HowRead More →

Most users while starting to learn Kubernetes will get to the point of exposing some resources outside the cluster. This is like a Hello World example in the Kubernetes world. And in most cases the solution to this problem is the ingress controller. Think of ingress as a reverse proxy. Ingress sits between the Kubernetes service and Internet. It provides name-based routing, SSL termination, and other goodies. Often when approaching this problem users will choose Nginx. And the reason is simple, it is all over the place, almost every article about ingress refers to Nginx. The main reason for this is that Nginx was hereRead More →

I will say that “starting” a Kubernetes cluster is a relatively easy job. Deploying your application to work on top of Kubernetes requires more effort especially if you are new to containers. For people that worked with Docker this can also be a relatively easy job, but of course, you need to master new tools like Helm for example. Then, when you put all together and when you try to run your application in production you will find out there are a lot of missing pieces. Probably Kubernetes doesn’t do much, right? Well, Kubernetes is extensible, and there are some plugins or add-ons that willRead More →

Sometimes you just want to expose some services that don’t have any authentication mechanism. Many users have this issue, especially with Kubernetes, because it is damn easy to expose any service over ingress and also to have HTTPS by default with Let’s Encrypt. The missing piece could be authentication in the application you want to expose. In this case, we can always leverage external authentication from GitHub, Google, and many others via OAuth. This is where OAuth2 Proxy comes into place. It’s a reverse proxy that provides external authentication and it’s relatively easy to set up. Related posts: Package Kubernetes Applications with Helm AWS CostRead More →

A few months ago I wrote an article about Kubernetes Nginx Ingress Controller. That article is actually the second most popular post on this blog. It’s focused on using Kubernetes ingress for on-premises deployments. But, most of the users run Kubernetes on AWS and other public cloud providers. The problem is that for each service with LoadBalancer type, AWS will create the new ELB. And that can be pricey. With Kubernetes ingress you will need only one. How Does it Work? For easier understanding let me show some diagrams. Without an ingress controller you will have one ELB (Classic) per exposed service: With ingress, youRead More →

A few days ago I read a great post from Troy Hunt about HTTPS. The title “HTTPS is easy” is there for a good reason! HTTPS is easy, especially with the platforms like Kubernetes. Unfortunately, not all people agree with this. I understand that for some huge organizations moving all traffic to HTTPS is not trivial, but for all others saying how Google is evil with forcing it is just nonsense. You should use HTTPS for every external endpoint and with Kubernetes ingress and Let’s Encrypt this can be automatic. Meaning, just need to “switch on HTTPS” if you want. Plugins will take care ofRead More →

Make no mistake, running a production Kubernetes cluster is not that easy. And, unless you use cloud resources smart you will be spending a lot of money. You only want to use resources that are really needed. When you deploy Kubernetes cluster on AWS, you define min and max number of instances per autoscaling group. You want to watch Kubernetes cluster and on insufficient resources to scale up. Also to scale down when you have underutilized nodes. The piece of software that will help you with this is Cluster Autoscaler. In this post, I will show you how to use and configure Cluster Autoscaler onRead More →

Last week I wrote about getting Kubernetes cluster metrics with Prometheus. Metrics are only one part of the story. Logs are important as well and luckily we have a great set of tools that will help us to create simple and easy logging solution. In this post, I will show you how to start monitoring Kubernetes logs in 5 minutes with EFK stack (Elasticsearch, Fluent Bit, and Kibana) deployed with Helm and Elasticsearch operator. Fluentd vs Fluent Bit EFK stack usually refers to Elasticsearch, Fluentd and Kibana. But, I decided to go with Fluent Bit, which is much lighter and it has built-in Kubernetes support.Read More →

Having a Kubernetes cluster up and running is pretty easy these days. But, when you start to use the cluster and deploy some applications you might expect some issues over time. Kubernetes being a distributed system is not easy to troubleshoot. You need a good monitoring solution and because the Prometheus is CNCF project as Kubernetes it is probably the best fit. In this post, I will show you how to get the Prometheus running and start monitoring your Kubernetes cluster in 5 minutes. Prometheus Operator CoreOS introduced operators as a business logic in the first place. I wrote about Elasticsearch operator and how itRead More →