Skip to content

Instantly share code, notes, and snippets.

@alexellis

alexellis/2020-07-12-insiders.md Secret

Last active Aug 22, 2020
Embed
What would you like to do?
Insiders Update: 12th July 2020 - is Kubernetes right for us? πŸ€” Spotlight on arkade & k3sup

Welcome to this week's Insiders Update! Insiders gain exclusive access to early previews, tutorials, updates, news, and events on my OSS work.

🐳 Become an Insider or Subscribe today from 10USD πŸ‘‰ through GitHub

Insiders Update: 12th July 2020 - is Kubernetes right for us? πŸ€” Spotlight on arkade & k3sup

You might not actually need Kubernetes, but also you may

You might not actually need Kubernetes, but also you may.

Feature: is Kubernetes right for us?

As part of my business I sometimes give away time for an initial consultation or conversation with a prospective consulting client. Other times I may be speaking with a friend or connection where it's unlikely to develop into paid work, but there may be some other insights we can both take away.

Last week I spent an hour with an old colleague and he told me about a SaaS product that he'd built which was now handling 200k clients. The code was written in Node.js and deployed to a single droplet using Dokku (an open-source Heroku clone). The idea is that the developers can push to git, and a container will be built and deployed for them, with a live endpoint up shortly after that. If you have been following my work, you'll know that OpenFaaS Cloud is very similar to this, but for Kubernetes.

My friend also had an application that was leaking memory and had to be restarted on a cron schedule. These kinds of issues are often difficult to track down and take up far more time than you could ever estimate.

When designing a solution, or thinking through a product - always start with a problem and any constraints you have in place.

It has no fail-over, scaling ceiling is quite low. He has no monitoring to measure latency and fail rate.

Constraints: must be easy to understand and onboard. Will require a Git-based pipeline (he already gets that from Dokku) Very limited budget for operations and tech, mainly for building new features

My main concerns were around fail-over, disaster recovery and the memory leak. So what did I tell him to do? To move to Kubernetes?

I actually wrote up a longer version of this summary as a Twitter thread, and it gained dozens and dozens of comments with the answers ranging from "Yes Kubernetes", to "just use Heroku", to "just use Fargate" to myriad of other "just use X" comments. But there were another set of comments that I felt had more insight: "tell your friend that he needs to invest in operations" - "there's a lack of DevOps knowledge, at some point you need to hire someone to manage this", "sell him OpenFaaS", and even "why doesn't he contract you to run this for him?"

As much as I espouse and evangelise, and build for Kubernetes, I'm not here to give a hard sell. I wrote a blog post outlining various other options ranging from making initial use of cloud VMs through to managed Serverless in my post Your team might not need Kubernetes

I also added to my thread just how much technology is required to deploy a simple endpoint. Now if you use OpenFaaS and arkade, you'll be able to automate most of this within a few commands, but when starting from scratch, the learning curve is unfair.

At this point you're looking at least a managed Kubernetes, Dockerfiles for each service, complex YAMLs for each primitive, a helm chart for versioning, a Docker registry, Nginx-Ingress, Cert-Manager, Prometheus, Grafana and a tool for CI, then Flux + HelmOperator for CD. Tweet

Project updates

arkade

The first commit for arkade was in Feb this year, but as many of you know, it started off life within the k3sup project as "k3sup app install"

commit 9b1c878af770da3e4af200007fc7e7bcef0920e3
Author: Alex Ellis <alexellis2@gmail.com>
Date:   Wed Feb 26 08:44:00 2020 +0000

    Initial commit

We now have 31 apps that you can install! 🍻 And you can install half a dozen Kubernetes-friendly CLIs too, and we're taking suggestions on GitHub and Slack for others. Try arkade get --help

And on GitHub: ⭐️ 722 stars on the project, 36 releases, 13 contributors and an active community around the project - ready to maintain the apps, add new ones and to help refactor the code.

Alistair hey recently added support for Loki, and at the same time refactored the code to make it easier to add and maintain apps.

If you write code in Go, or are interested in contributing, you can see the code here loki_app.go

We still need to do more to get the word out about arkade, it can save newcomers so much time and even old-timers like me and Alistair love using it. Can you help?

Write a tutorial about arkade and I'll ship you stickers βœ…πŸŽ!

It's nearly k3sup's birthday!

As you can see, k3sup's birthday is fast approaching, but I've not received a list yet. Perhaps we should get a card? "baby's first Kubernetes cluster provisioned with SSH"

commit 1dd518c4a29cc02671de687ac5a54349420b21a2
Author: Alex Ellis <alexellis2@gmail.com>
Date:   Thu Aug 15 13:44:26 2019 +0100

    Initial
    
    Signed-off-by: Alex Ellis <alexellis2@gmail.com>

k3sup

k3sup install k3s (Kubernetes) over SSH

As far as GitHub stars are concerned, k3sup is doing really well. We passed 2.1k stars and that number continues to rise, but here are two parts that I'm excited about:

  • k3sup has loads of blog posts and tutorials written about it
  • some people only know k3sup, not k3s, showing how useful has become
  • some of Rancher's staff prefer using k3sup to the k3s installer 🀯

If you are looking to contribute, we still have some work and I'd appreciate your help there.

OpenFaaS - "Profiles" are coming

A new change is coming to OpenFaaS which will mean you need administrative rights to install OpenFaaS on your cluster. This is because we are introducing a CRD (Custom Resource Definition) for Profiles.

Profiles mean you can customise the runtime environment of your functions, but why? Here's some of the requests we've had from the community:

  • isolate multi-tenant workloads with gvisor or kata containers
  • apply tolerations to allow functions to run on spot instances
  • access hardware such as a GPU
  • set specific users and groups to access mounted AWS secrets like IAM roles

Profiles will be set by the administrator of openfaas and then chosen by the developer at deploy time using an annotation. Lucas Roesler and myself are the primary developers for this feature.

And the timeline? There are no paying customers asking for this at the moment, so it will be as and when we can find the time around other commitments. If you are interested in seeing this land sooner, reach out to ask how you can help.

Also, don't miss Lucas' new blog post

inlets PRO

This weekend only I'm running a promotion for inlets PRO with 50% off a 12-month license. That's less than 12.50 GBP or about 15 USD / mo.

It's open to everyone and I've publicised it on Twitter since Friday, so that should have given you plenty of time to take advantage of the offer.

How does it work?

It all starts by creating a tunnel server on your favourite cloud, we automate that for you, or you can do it yourself. From there you get a public IP and a secure tunnel that can connect any private service behind NAT, a firewall, captive portal or even a HTTP proxy to the Internet.

Why buy?

  • Keep your home or work IP address private
  • Get static IPs that route directly to your private networks
  • Connect your RPi cluster, homelab, or laptop to the Internet, wherever you are
  • Free community support in #inlets on OpenFaaS Slack

I'm extending the offer until Tuesday night this week, only for Insiders, use your discount below. Your code is TUNNELS4ALL

Wrapping up

Last week I launched The Treasure Trove, a complete backlog of all the Insiders Updates I've ever written. I started with the first year's worth of material and have added another 10 editions this week.

What's in The Treasure Trove?

  • βœ… OSS & community building
  • βœ… Raspberry Pi hacks, build of materials & tips
  • βœ… K8s / k3s clusters & netbooting
  • βœ… Baremetal deep dive
  • βœ… My complete kit-list
  • βœ… OSS updates & features on all projects

You can access all the posts for free at any time, you just need to upgrade your tier on my sponsors page - if you ever need the link, you will find it there in the main description.

Trove

If we can get from 25 to 50 Insiders on this tier, then I'll add search and indexing, so that you can go back and find topics like Raspberry Pi netbooting and Open Source contribution tips, or what my kit-list is, so that you can upgrade your home setup. I think the work will set me back at least a week to implement the features, so I want to make sure it'll be used.

And finally: congrats to Rancher Labs on being acquired by SUSE. Rancher are our friends, the authors of k3s, and have a Platinum sponsorship on openfaas.com πŸ‘Œ

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment