Ah yep, didn't know about `envFrom`. Use Kustomize with a `configMapGenerator ` to create a fair number of environment variables across a few different generated config maps, and we're currently loading them line by line.
@Techtips2002 күн бұрын
Please cover csi topics and troubleshooting as well
@DevOpsToolkit2 күн бұрын
Adding it to my to-do list...
@PrithviRajKC2 күн бұрын
Does the ephemeral storage uses the Node storage to store the data temporarily ?
@DevOpsToolkit2 күн бұрын
`emptyDir` (baked into Kubernetes) does use node storage. There are others that might use external storage for ephemeral volumes. Since storage is implemented through CNI drives, it can be anything and it depends on what your provider has (apart from those like `emptyDir` that are baked-in).
@kUdtiHaEX2 күн бұрын
Prvi!
@amoenus_dev2 күн бұрын
Really enjoyed this back-to-basics video would love to see more of those❤
@kirkturkey62782 күн бұрын
13:12 -- I have to say, I haven't laughed this hard in some time. LOL My team currently uses the Git Flow and yes, I can confirm, it is maddening. I'm doing what I can to change this. Thank you for such a great video!
@dmitriimrcat2 күн бұрын
Viktor, can we call a Kubernetes - cloud operating system?
@DevOpsToolkit2 күн бұрын
I would not call it like that. I think it's more of a base on top of which we or your vendor builds a platform. If you would make an analogy with operating systems, it would be more like a Kernel than an OS distribution. Kernel does not do much by itself but once you compile it and add a bunch of other things you get something like Ubuntu, RedHat OS, Suse, etc.
@JimBrännlund2 күн бұрын
What about using Helmfile for "bootstrapping" a cluster. eg, installing the initially needed tools/applications (incl. ArgoCD) so once it's bootstrapped, you can use ArgoCD for your own applications?
@DevOpsToolkit2 күн бұрын
That would be using helmfile only for the initial installation of argo CD which would deal with all other apps (including future updates of itself). In such a case, I'm not sure why bother with helmfile and not simply run helm install.
@jimbrannlund46772 күн бұрын
Thanks for the fast reply! The issue I’m struggling with is how to make it obvious what the preferred order of install/applies are. Also, since Helm can’t handle installing to different namespaces, the dependencies are split in different folders. But it’s possible I’m coming at this the wrong way. I prefer Jsonnet, but we don’t use that at my current job.
@DevOpsToolkit2 күн бұрын
Sync order can be problematic with gitops tools but mostly for Cards created by third party tools. You haven't mentioned that so I'm assuming that's not the your case. For most of other types of resources it should not matter. Kubernetes is asynchronous by nature and resources should get eventually consistent. Part of the reason we're using kubernetes is to avoid orchestration where we decide what is done first, what is second, and so on. The need to define the order of what is done and when it's done often happens when people try to apply the logic from before kubernetes to kubernetes.
@JimBrännlund2 күн бұрын
@@DevOpsToolkit I guess you mean "Charts" :) And I'm mentioning it now, haha. To be specific when we bootstrap a cluster it's for things like External DNS, Istio, Cert Manager, Metrics Server, ArgoCD etc. So essentially only third party charts. While what you're saying is true, there are some exceptions, specifically w.r.t CRDs. As an example, you can't create a ClusterIssuer until you've applied the Cert Manager chart as that CRD won't exist before it. There are some other examples, where things can get stuck in a bad state due to ill-designed reconciliation loops etc. Granted, those are likely bugs, but it still happens. :) What I like, after a very shallow examination, with Helmfile is that what constitutes (in our case) a bootstrap is very explicitly defined. The question is, is it worth introducing another tool and dependency just for that. :) I really appreciate you taking the time! Merry Christmas!
@DevOpsToolkit2 күн бұрын
Autocorrect keeps changing charts into cards... I honestly think that helmfile is a waste of time. It was great in the past and i used it a lot before we got argo CD and flux. Now it is only a distraction that will lead you to a wrong path. It is incompatible with gitops. Whatever you choose, don't choose to combine both.
@FakhriMrabet3 күн бұрын
You talk too much just get into it already
@vaishnokrithika44113 күн бұрын
I believe cross plane does work creating helm providers to run helm based packaging in EKS, unfortunately with GKE cluster helm providers doesn’t work because of Google policy of using cloud auth plugin with kubectl. Any insights
@DevOpsToolkit3 күн бұрын
I'm not sure I understood the question. Can you please elaborate?
@IvanRizzante4 күн бұрын
Thanks for another great video 🎉 I agree that having a clear and most of all tested backup strategy is vital. I don't think that it's a matter of Crossplane vs terraform because terraform can break as anything else and it's state, no matter where it's stored, is the only way you have to manage your resources.
@DryBones1114 күн бұрын
Spotify playlists 😄
@kishores85004 күн бұрын
@DevOpsToolkit Can it restore the cross plane composite resources too and I wanted to migrate my cross plane setup from one cluster to another cluster with xrds and the resources deployed it failed . Any best way you can suggest something
@DevOpsToolkit4 күн бұрын
Yes it can. That's what I used as one of the examples in the last video.
@seanmcconkey725 күн бұрын
Utter horse shit. Don't do it.
@ChrisGibbsAus5 күн бұрын
Thanks for the great Q&A! very informative! Several years ago, we originally picked Swarm for container workloads due to the quicker and easier onboarding experience and less steep learning curve for on-premise workloads that had incredibly simple use-cases. We are still on this platform today but out-growing some of the basic functionality, hearing that "it needs to die", would you care to dive deeper into this idea?
@ChrisGibbsAus5 күн бұрын
continued watching and funnily enough our exact question that we pondered all those years ago has been answered :)
@DevOpsToolkit5 күн бұрын
Nobody cares about swarm any more. Docker gave up on it and sold it to mirantis. Mirantis bought it mostly to milk it's users a bit longer but is not investing into it either. So, you're using a project that is on life support and that's fine if it's doing what you need it to do just as long as you are not putting any investment into it. Do not put a single hour into swarm since that would be an hour wasted. Use it as-is. P.S. I loved swarm and placed all my bets into it back when it was not sure who will win. However, i had to realize that i lost and move on.
@DryBones1115 күн бұрын
It's criminal that AWS doesn't have a good service for these developers who just want it to run, no fuss. Keeps me employed at least.
@markusjohansson49496 күн бұрын
Taskfile does not work as well as Makefile when trying to not do unnecessary work. Makefile uses file timestamp to detect if a target needs to be remade. Taskfile has some basic functionality but does it does not work well enough.
@hellok8s6 күн бұрын
Flux HelmRelease CRDsPolicy can manage CRDs, provided the helm chart have crds directory.
@laurentiusjudhianto66316 күн бұрын
Agree that Kubernetes should be and must be like Hypervisor. Kubernetes is not well understood by alot of dev, becoming an extra work. On top of that, databases (stateful), shared storage and "baking apps" into the containers adds another layer of process to deploy. Its great when jts being used within public cloud. However for onPrem, Kubernetes still runs on just a few physical nodes, kinda limited on the underlying infrastructure config (not really scaling, not really HA, not really redundant). CMIIW
@m19mesoto6 күн бұрын
I like your intro.. 🔥
@perarneng6 күн бұрын
Agree. Cloudrun is a tech that transparently runs k8s compatible deployments afaik. But in general the missing link here is WebAssembly because then we dont target containers. We build applications and then application orchestors will make more sense. It is coming but it takes some time for the industry to adjust.
@DevOpsToolkit6 күн бұрын
If you are referring to Goigle Cloud Run, it does not use kubernetes.
@perarneng6 күн бұрын
@DevOpsToolkit True. I remembered it incorrectly. It is knative compatible in its manifests as I understood it. So targeting it could be a good stepping stone to later deploy on k8s+knative 🤩
@DevOpsToolkit6 күн бұрын
Yeah. Knative API, no matter whether self hosted on kubernetes or in Google, is closest to the right abstraction when apps are concerned. It became a bit bloated over time and i still prefer creating my own API but for those looking for a ready-to-go option is is the best we have. The problem, however, are day 2 operations if it's running in kubernetes. Unlike in Google, one would need to know all the underlying tech when running in kubernetes.
@hubstrangers34506 күн бұрын
Thanks...agreed...it should be just part of the OS,
@AymenBenTanfous7 күн бұрын
Would it be possible to manage multiple resources that weren't create by Crossplane via Compositions? I have a large infrastructure composed by EKS clusters and its related AWS resources that I have created via Terraform, and I'm currently testing Crossplane and faced this usecase in order to avoid recreate the whole infra from scratch again and to avoid disruption to the end users.
@DevOpsToolkit7 күн бұрын
If you apply crossplane managed resources that match resources that already exist, crossplane will take control of them.
@DigisDen7 күн бұрын
Hi, thanks for the video. I am a great fan of postgres but sometimes need to tun mysql, do you have a recommendation for mysql?
@DevOpsToolkit7 күн бұрын
Have you tried Vitess?
@DigisDen7 күн бұрын
@@DevOpsToolkit I haven't tried any mysql in kubernetes, I would usually run the mysql outside of the cluster. I'll definitely take a look at that though, thanks. I have been running the cnpg now for a couple of months after watching your previous video and am very impressed by it so far.
@MattHudsonAtx4 күн бұрын
... Don't?
@guents7 күн бұрын
I think the point of the question wasn't if it is possible to run a db on k8s, but if any of the operators out there are reliable enough. My experience is that databases are not designed for such a dynamic environment and an abrupt event often brings the db into an inconsistent state. Is it possible to fix all these issues? Possibly. Has anyone done it... Debatable...
@DevOpsToolkit7 күн бұрын
have you tried cnpg?
@MattHudsonAtx4 күн бұрын
The Crunchy Data postgres operator is pretty solid too
@converter7 күн бұрын
Waterfoolish thing 🤣
@prolixalias7 күн бұрын
Hey there Viktor! I'm curious how you've managed to get around the error below with teller v2.0.7 and modern .teller.yml format that I borrowed from your crossplane-kubernetes repo: ```Error: Bad service account key: missing field `private_key` at line 9 column 1```
@DevOpsToolkit7 күн бұрын
I don't think I encountered that error. I had others that were caused by 2.x using a new yaml format. I can send you a sample yaml if that helps (it's for gcp).
@prolixalias7 күн бұрын
@@DevOpsToolkit Don't you ever sleep? It seems like you're always online... The one I borrowed is below, adjusted to my path/keys: providers: google_secrets_manager: kind: google_secretmanager maps: - id: secrets path: projects/vfarcic keys: upbound-account: UP_ACCOUNT upbound-token: UP_TOKEN aws-access-key-id: AWS_ACCESS_KEY_ID aws-secret-access-key: AWS_SECRET_ACCESS_KEY github-user: GITHUB_USER
@IvanRizzante8 күн бұрын
Thanks for another great video! I totally agree that running databases on k8s is a mind shifting process more than a challenge itself. Try what it means setting up Postgres + PgPool + Streaming Replication + TLS + Backup and so on by hand and add maintainance on the top, then try what it means writing few lines of yaml and getting the same result done for you by an operator. We're talking about the same difference that there is between going to any hyperscaler and ask "give me a database" and do the job yourself!
@ch4.hayabusa8 күн бұрын
Are there any NoSQL projects like CNPG? I have a hard time imagining Mongo Atlas releasing a competitor for free.
@DevOpsToolkit8 күн бұрын
Not sure... I tend to use mostly PostgreSQL and, occasionally, mySQL which both have Kubernetes-native versions.
@juanbreinlinger8 күн бұрын
I can't be more agree with you! Thanks for the video!
@prastamaha41308 күн бұрын
But we know that kubernetes has a version lifecycle every 3 months, wouldn't running statefulset like a database be a chellange? especially on services that are sensitive to downtime.
@DevOpsToolkit8 күн бұрын
That would indeed be an issue for DBs that do not run multiple replicas. Still, that is no different from running it outside kubernetes. If you cannot update your VMs for whatever reason you need to keep it as whichever version it is. If you move such a workload to kubernetes, you can still keep kubernetes version fixed. It's not great but it's not worse than without kubernetes.
@LampJustin8 күн бұрын
The release cadence is much more relaxed now. AWS and Azure (probably more) started to create LTS versions of kubernetes and just because there's a new kubernetes version, you don't have to upgrade directly. If you have a look into the version skew, you can see that the worker nodes can run 3 minor versions behind. So you could have everything else running v1.31.x and still keep your DB NG in version v1.28.X. When it's eol, just skip all those versions and repeat. To upgrade patch versions you don't even need to drain the whole node, it's enough to restart kubelet and kube-proxy in the new version.
@THEMithrandir098 күн бұрын
In my homelab I provide TrueNAS datsets as PVs/PVCs to k8s for minio and postgres both running in k8s. The nice thing about this is, that I have a git driven k8s cluster using flux and if I want to upgrade I just merge the dependabots PR and if something breaks I just revert the commit and rollback the dataset in TrueNAS Scale.
@gdelignieres2 күн бұрын
Homelab != production ready
@THEMithrandir092 күн бұрын
@gdelignieres never claimed that, just wanted to outline a very clean and simple way to do it.
@perarneng8 күн бұрын
There has always been the advantage to tap in to the enormous ecosystem around kubernetes such as security, monitoring, policy engines, distributed storage, networking etc. Anything serverside benefits from k8s and its ecosystem 🤩
@wladyx8 күн бұрын
On my homelab i never upgrade, but do a blue green deployment of clusters, exactly for the same pourpose :)
@SerghijB8 күн бұрын
Thank you for sharing your experience! Great and helpful thoughts.
@AlexScherbakov-u3s8 күн бұрын
I really appreciate the awesome videos! Do you happen to have any updates on when the next one will be ready?
@DevOpsToolkit8 күн бұрын
I'm waiting for one of the features to graduate to GA. Once that happens i will do a new chapter/video. Unfortunately, i don't know when that will be.
@ArmenRostamian8 күн бұрын
One year later -- would you still recommend Timoni? We're deeply invested into helmfile currently, but helmfile is absolutely excruciating to work with and to debug. It's also really messy if you try to utilize its more "advanced" features...so I'm looking for something else. After looking at KCL, PKL, CUE, YTT and a bunch of others...Tanka and Timoni seemed to stand out the most. What would you say about Timoni a year later? Do you think it's reached "critical mass" adoption, such that it won't slip into obscurity and become unmaintained/archived? Anything you'd recommend over it?
@SuyashSonawane8 күн бұрын
Was waiting for this one since your last video on Valero! Thanks for that insight into where Argo falls short. Destroying and re-building clusters rather than in-place upgrades sounds like great practice for DR!
@smthngsmthngsmthngdarkside9 күн бұрын
kubernetes api versions are the same as docker-compose.yml#version field not deps
@sunflash99 күн бұрын
I'm waiting for your up to date, end of the years "best tool for the job" recommendation.
@DevOpsToolkit8 күн бұрын
It's coming... It'll probably be released the first or the second week of January.
@smthngsmthngsmthngdarkside9 күн бұрын
k8s .... > it's as simple as it can get LMAO
@jirityr9 күн бұрын
Using Velero to backup and restore infrastructure resources created by Crossplane is not very useful. First of all, the backup might not contain the latest state of the resource as described in the video. Second thing is that order of restoration maters. You cannot restore claim together with XR and MR as Crossplane starts creating new XR and MR regardless they been already restored. The right order is to first restore MR, then XR and then the claim. I still think Crossplane is not the right tool for building infrastructure. Terraform is much more reliable and predictable and it keeps the state outside of the cluster (e.g. in a bucket).
@ShamilSattarov9 күн бұрын
Create new clusters instead upgrading existing ones - great thought!
@stef90199 күн бұрын
Just a sidenote it does keep blowing my mind that out of all tools f*cking Helm became the standard for the K8S landscape... Something about being first... Worst thing is that 80% of Helm users have gaslit themselves into thinking it's okay to work with.
@wladyx9 күн бұрын
Missed the live one, but very much enjoyed the recording, thank you Viktor and hope to see Scott again, good idea to bring him on as guest!
@DryBones1119 күн бұрын
The recovery of crossplane managed resources with non-deterministic external names is really a pain. I really want a better solution to this than Velero. I looked into using crossplane composition functions for this, there's an AWS importer function which kind of works. Need something better though.
@DevOpsToolkit9 күн бұрын
I'm not sure how that could be fixed. Crossplane needs to know what the external name is. Otherwise, it cannot find it. Alternative is to fetch the non-deterministic name from the cluster and add it as `external-name` annotation into the manifest in Git. From there on, Argo CD or Flux would work. However, that can be very time demanding. What could be nice is to have some kind of an operator that would react when MRs are changed and push `external-name` annotation (when it differs from `metadata.name`) to Git. The problem is that I don't see how such an operator could be generic since those would need to be added to Claims which could be based on any schema.
@dam98009 күн бұрын
@@DevOpsToolkit I think that the Syngit operator can solve this issue since it pushes the resource after the mutating webhooks execution. By creating a RemoteSyncer that just scope the Crossplane objects
@DevOpsToolkit9 күн бұрын
I have it on my to-do list but did not yet have time to check it out. I'll go through it soon.
@ginjiruu9 күн бұрын
Velero has been most useful for me when (as described in the video) I need to backup something that doesn't already have a better alternative in kubernetes. This is less relevant when using kubernetes in a business environment but pretty useful when using it in a homelab where plenty of stuff just uses sqlite and pvcs or their own weird database interpretation. Most of the time their own docs will just suggest copying the files out of the folder as a backup!
@RonnySharaby10 күн бұрын
Thank you for the video! While the challenge was well explained, I'm concerned that basing events on replica count might trigger tests on every scaling event. This doesn't seem like the optimal solution for handling such this challenge.
@DevOpsToolkit10 күн бұрын
I'm triggering it (in that video) on ReplicaSets which is not perfect, but still okay in most of the cases (at least when using Deployments). That being said, I don't think that Argo Events is the right tool, but that it is the best we have (among many bad options).
@Kats0unam110 күн бұрын
Does using the otel-collector makes sense if you already instrumented your app with Prometheus, Loki and Tempo ?
@DevOpsToolkit10 күн бұрын
Prometheus will fetch metrics from places where metrics exist (e.g. kubernetes API). Your app needs to be instrumented to provide those metrics so you do need to instrument it besides having those tools if you want app-specific metrics to be in Prometheus.
@parashar150510 күн бұрын
amazing video, and such a great content creation technique! You rock, sir!