#Sundown w #Spinnaker

@sailing@gup.pe @segeln @segelfreunde

Working on install docs for #spinnaker - still one of the MOST powerful CD tools out there. Running my DNS, home lab bakes, #terraform and a whole lot more on it... but the problem usually isn't spinnaker. It's documenting the DEPENDENCIES like kubernetes or AWS or similar.

Spinnaker Tower at Dawn

https://www.blipfoto.com/entry/3124244953937481591

#blip #blipfoto #gimp #RawTherapee #Portsmouth #hampshire #england #photography #dawn #spinnaker

Задумався змінити #Spinnaker на щось простіше. Це, безумовно, дуже крутий інструмент, але використовувати його без усяких canary деплойментів це оверхед. Треба щось просте, але щоб могло слідкувати за докер репо та стартовати деплої коли є нові образи. #ArgoCD не підходить, бо це #gitops, де потрібно у репо сберігати тегі докер зображень. #Jenkins теж не підходе, бо робити в пайплайні "kubectl patch" це рішення на коленці. Буду рад якщо щось порадите зі свого досвіду
#devops

Updated my reference pipeline for #canary deploys in #Kubernetes in #spinnaker:
https://github.com/jasonmcintosh/spinnaker-work/tree/main/pipelines/canary-prometheus-traefik

Using Deployment objects & Traefik for traffic shaping.

Thought i'd share how I manage #DNS for my home lab. I bought a domain via google domains, got a free cloudflare account to do DNS, and use Armory #spinnaker #terraform stage to auto update DNS in my local #homelab (I run this ALSO in my homelab on microk8s on an #ESXi server)

TF:
https://github.com/jasonmcintosh/spinnaker-work/blob/main/applications/tf-dns-internal/main.tf

Pipeline which runs hourly to make sure it's kept in sync with git:
https://github.com/jasonmcintosh/spinnaker-work/tree/main/pipelines/update-dns-hourly-using-terraform

I talk about #spinnaker a lot, but I DO like armory's new offering - https://www.armory.io/products/continuous-deployment-as-a-service/ - new features constantly and INCREDIBLY easy to do #continuousdelivery. Can do deploys from almost anything (Jenkins, a command line, gitlab, etc) with a true promotion process and automated #canary analysis!

#Canary analysis is AWESOME.
https://s.armory.io/yAuAQPny

Triggered via headers like:

curl -H "latencyToInject: 1000" http://demo-webapp.mcintosh.farm 0.03s user 0.05s system 24% cpu 0.331 total

Can see the results on the CLI and how the canary failed the deploy! #spinnaker pipeline: https://github.com/jasonmcintosh/spinnaker-work/tree/main/pipelines/canary-prometheus-traefik

Wrote up how to do automatic rollout restarts via a webhook using #spinnaker

https://www.armory.io/blog/spinnaker-tricks-restarting-a-deployment-easily-via-automation/

Today is a Postgres day for me! Let’s find out if Fiat (the authorization service in Spinnaker) can use more optimized queries or even simple ones like natural join. Or, let’s find out how the hell Postgres decides to use indices versus other lookup strategies and whether this schema is salvageable or needs wholesale replacement with a policy engine.

#postgresql #spinnaker #sql

I’ve been honestly amused by the idea that onboarding here is difficult. Of course it is! Have you ever worked on onboarding-related code before? I’ve literally spent more than the last year working on the onboarding aspect of #Spinnaker, another open source project, though the audience there is fairly technical. This is incredibly tedious and unsexy work, and the only reason I can even spend the time to do this is because it’s literally part of my paid job.

Would it be great if onboarding were easier here? Fuck yeah! Roll up those sleeves and start working out what that even looks like! No code contributions necessary! #OpenSource

I've done #terraform for 6+ YEARS. Challenges I've hit
* Provider/resource changes - eg 3 to 4 of AWS provider.
* Complex modules - the EKS module in particular does too much programming
* Keeping it sync'd - running it regularly to look for changes/diffs.
* Some of the weird quirks "circular dependencies, cross module deps, etc."
SOME of this is solvable (LOVE #armory #spinnaker TF integration on some), some is self-inflicted, but still a great tool. Still looking for better (crossplane?)

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.

https://github.com/spinnaker/spinnaker

#Spinnaker #tools #CiCd #CloudNative #infra #DevOps #Kubernetes

Three YAMLs for the Elven-kings under the sky,
Seven for the Dwarf-lords in their halls of stone,
Nine for Mortal Men doomed to die,
One for the Dark Lord on his dark throne
In the Land of #Spinnaker where the Shadows lie.

One YAML to rule them all, One YAML to find them,
One YAML to bring them all and in the darkness bind them

In the Land of Spinnaker where the SREs die.

#sre #devops

Three YAMLs for the Elven-kings under the sky,
Seven for the Dwarf-lords in their halls of stone,
Nine for Mortal Men doomed to die,
One for the Dark Lord on his dark throne
In the Land of #Spinnaker where the Shadows lie.

One YAML to rule them all, One YAML to find them,
One YAML to bring them all and in the darkness bind them

In the Land of Spinnaker where the SREs die.

#sre #devops

Finally finished my draft RFC to add RBAC to Spinnaker. “Wait, doesn’t Spinnaker support RBAC already?” Yes, in the same way a body of water supports an airplane. #ContinuousDelivery #Spinnaker #DevOps

Access control policy engine shootout time! Looking to overhaul how Spinnaker handles RBAC, and I’m comparing SpiceDB and OpenPolicyAgent. #authorization #oss #spinnaker