Alen Komljen

Doing DevOps the Cloud Native Way.

docker, tips

Stopping Docker Containers Gracefully

This is a post from my old blog, originally written in 2015. The old blog is gone, and I decided to repost it here to redirect old links. The content is just slightly adjusted. I started to work with Docker containers seven years ago. I made my first Docker playground with a bunch of different images. As I began to work on enterprise-level applications deployment, I found out that there were a lot of things I was doing wrong. One ...

kubernetes, addons, velero

Kubernetes Backup and Restore with Velero

Recently I migrated some Kubernetes clusters, managed by Amazon EKS. The clusters were running in public subnets, so I wanted to make them more secure by utilizing private and public subnets where needed. Changing networking settings is not possible once you create the service in AWS. Any service, not just EKS. Since I already had Velero installed for backups with S3 provider, the most natural thing was to use it to restore all resources on the new cluster as well. ...

terraform, aws, tips

Moving the Remote Terraform State Items

Due to recent refactoring, I figured out that I need to move some Terraform state items from one S3 path to another. And then to merge configurations with other stuff at the destination directory. Terraform can move state items around, but this feature doesn't work with remote states. Here is one way of doing it. Example Use CaseFirst, let's consider the following situation, this is configuration directory tree output: . ├── db │   └── test │   ├── main.tf (s3 key: aws/db/test/terraform.tfstate) ...

career, tips, wfh

Quick Working From Home Tips

You will see hundreds of new working from home tips blog posts in the coming months. Most tech companies shifted to working from home (WFH) because of a global pandemic. We are all different, and what works for me will not work for you. I wrote this post to tell you that working from home is not rocket science. All you need is some routine. Don't try to copy, or blindly follow the rules. Build your own. Here is my ...

kubernetes, monitoring, efk, alerting

Alerting on Kubernetes Events with EFK Stack

You probably care about gathering application logs only. Still, since the application is running on Kubernetes, you could get a lot of information about what is happening in the cluster by gathering events as well. Whatever happens inside the cluster, an event is recorded. You can check those events with kubectl events, but they are short-lived. To search or alert on a particular activity, you need to store them in a central place first. Now, let's see how to do ...

kubernetes, dashboard

Installing Kubernetes Dashboard per Namespace

Even though I'm not Kubernetes Dashboard user, I understand why for most people this is the easiest way to interact with their apps running on top of Kubernetes. If you are interacting with it daily or managing the cluster itself, you are probably more fine with CLI aka kubectl. Kubernetes Dashboard is easy to install, but you might want to have it per namespace to limit what users can do. Let's see how to install and configure it for this ...

kubernetes, aws, security, iam

Integrating AWS IAM and Kubernetes with kube2iam

Containers deployed on top of Kubernetes sometimes requires easy access to AWS services. You have a few options to configure this. Most common is providing AWS access credentials to a particular pod or updating existing worker nodes IAM role with additional access rules. Pods in the AWS environment, by default, have the same access rules as underlying nodes. However, both solutions are a terrible practice, because there are projects that resolve this issue more elegantly. Two most popular are kube2iam ...

github, tips

An Easy Way to Track New Releases on GitHub

As a software developer, you need to keep track of many projects/tools hosted on GitHub. While GitHub has a watch feature, I found it too noisy. I open GitHub notifications once in a year, or maybe less. If you like GitHub notifications, great, you can watch a repo only for releases; they made this possible two months ago. This blog post probably doesn't make any sense for you then. However, I don't want to get a notification on new ...

kubernetes, ingress, aws, alb

AWS ALB Ingress Controller for Kubernetes

More than one year ago CoreOS introduced AWS ALB (Application Load Balancer) support for Kubernetes. This project was born out of Ticketmaster's tight relationship with CoreOS. It was in an alpha state for a long time, so I waited for some beta/stable release to put my hands on it. The project is donated to Kubernetes SIG-AWS on June 1, 2018, and now there is a lot more activity. A few months ago the first stable version got released. Let's ...

year in review

10 Most Read Kubernetes Articles on My Blog in 2018

Let's start this year with some stats from the last one, 2018. Probably 99% of the articles on this blog are Kubernetes related. I wrote 28 articles in 2018 which is good, but my goal was 50 actually. I think that Kubernetes adoption in 2019 will grow, at least stats from my blog shows that and you will see the same in Google trends: Before listing 10 most read Kubernetes articles on my blog in 2018, I will share some ...

kubernetes, api

Kubernetes API Resources: Which Group and Version to Use?

Kubernetes uses declarative API which makes the system more robust. But, this means that we create an object using CLI or REST to represent what we want the system to do. For representation, we need to define things like API resource name, group, and version. But users get confused. The main reason for the confusion is that we as humans are not good at remembering things like this. In one deployment definition you could see this apiVersion: apps/v1beta2, and ...

kubernetes, devto

How to Run Dev.to on Kubernetes

Recently I was checking Dev.to community. I must say, I really like how the application looks, clean and simple. And more important I like the community there. I also started to republish some posts because I want to show Kubernetes to the larger audience, preferably developers. But, any time I check something new I get some new ideas. This time I saw that Dev.to is open source and thought, it would be pretty interesting for people to see ...