What is a ConfigMap in Kubernetes?

Question
What is a ConfigMap in Kubernetes?

Answer
A ConfigMap is a mapping of configuration originally in YAML format that resides in etcd (partially taken from this external posting). A .yaml file will define the version of the Kubernetes API (e.g., version 1), data, and the "kind:" key will be set to "ConfigMap".

The content of the ConfigMap is consumed by an application in Kubernetes. The values in the ConfigMap are "passed to containers as either environment variables or as files in a volume" (page 198 Kubernetes in Action by Luksa).

A deployment .yaml file may refer to a ConfigMap (page 198 Kubernetes in Action by Luksa).

You can create a ConfigMap with a text editor or with two successive commands like these: 

kubectl create -f foobar.conf
kubectl create configmap foobar --from-file=foobar.conf

For detailed analysis, you may want to by Kubernetes in Action by Luksa and read page 200. The index for the book shows there are many pages that refer to the "ConfigMap" concept.

Where Can You Find a Complete List of the Reserved Words for Declarative Pipeline Syntax?

Problem scenario
You want to create a Jenksinfile for a pipeline. Where can you find a complete list of the reserved words for Declarative pipeline syntax?

Answer
This external page has something close. It does not go into into how "sh" works. Using "sh" you can run Linux commands. There are "bat" and "powershell" options too. Here is an example (taken from Jenkins' website) :

pipeline {
     agent any
     stages {
         stage('Build') {
             steps {
                 sh 'echo "Hello World"'
                 sh '''
                     echo "Multiline shell steps works too"
                     ls -lah
                 '''
             }
         }
     }
 }

What is an HPA in Kubernetes?

Question
What is an HPA in Kubernetes?

Answer
HPA stands for HorizontalPodAutoscaler. It is a concept and resource that allows clusters to scale out upon a certain condition being met. HPA can support a pod to scale based on certain amounts of CPU utilization. It natively supports granular CPU requests down to a single millicore. A .yaml file in Kubernetes has the key "kind"; if you want to read more about these files, see this posting. The value associated with this "kind" definition can be "HorizontalPodAutoscaler".

The above was paraphrased from pages 443 and 447 of Kubernetes in Action by Luksa. (Pages 438 through 451 of Kubernetes in Action by Luksa have a fair amount on horizontal autoscaling of pods.)

Once Horizontal pod autocaling has been configured, the Horizontal controller scales pod replicas (ultimately based on metrics collected from cAdvisor). To learn more about the Horizontal controller, you can view these links:
https://github.com/kubernetes/kubernetes/blob/3a51aaf8b4baff1242ea30b08d599d913fe7a127/pkg/controller/podautoscaler/horizontal.go
https://www.magalix.com/blog/kubernetes-automatic-scaling
https://argoproj.github.io/argo-cd/roadmap/
https://programmer.group/source-code-analysis-of-kubernetes-hpa-controller.html

How Do You Use the Docker Pipeline Plugin with Jenkins?

Problem scenario
You want to use the Docker Pipline (with the Jenkins ID of "docker-workflow"). What do you do?

Solution
Prerequisites
 Jenkins needs to be installed. If you need assistance, see this posting if you are using a CentOS/RHEL/Fedora server; if you want to install Jenkins on a Debian/Ubuntu server, see this posting. With modern versions of Jenkins (as of 9/24/19), we find that the Docker pipeline has been installed. (If you have an older version of Jenkins install the Docker Pipeline plugin manually.)

Procedures
1.a. Run this command from the back-end: sudo usermod -a -G docker jenkins
1.b. Restart the Jenkins service (e.g., with sudo systemctl restart jenkins).
1.c. Open a web browser. Log into the web UI for Jenkins as an administrator.

2.a. If you see "New Item" do 2.b, otherwise do 2.c.
2.b. Click on "New Item".
2.c. Click on "Dashboard" if you do not see "New Item." Then click "New Item".

3. Enter a name in the field and the top, then click on "Pipeline". Then click "OK".

4.a. Scroll down to the "Pipeline" section.
4.b. Enter this text:

pipeline {
     agent {
         docker { image 'node:7-alpine' }
     }
     stages {
         stage('Test') {
             steps {
                 sh 'node --version'
             }
         }
     }
 }

What is Operational Readiness in I.T.?

Question
How would a DevOps engineer define operational readiness or what is operational readiness in I.T.?

Answer
“All things are ready, if our mind be so.” -William Shakespeare

While some people would say it is more of a state*, others may say it is more of a journey**. Operational readiness is having sufficient staff and automation to maintain the minimum level of service that the business requires for a given product or service. Each business has different SLAs based on market conditions.

To crystallize these needs, we provide the following requirements to achieve operational readiness:

  1. There should be well-defined requirements of the service level agreement. You should have details on what availability you must maintain (e.g., for the SaaS product you support). To do this, you must define SLIs and SLOs.
  2. You should have available a list of the stakeholders for your product(s) or service(s). Communication with them could be critical to the business' objective. Downtime can be mitigated with proper communication to customers and/or clients.
  3. While full stack developers and DevOps generalists are recommended as being under-valued, there still should be clearly defined roles of employees and/or companies that supply talent or services. If the budget is large enough, you should have 24/7 staff. If constant staff are not available, some people should be on-call. They must know what to expect and how soon they must respond. Escalation procedures should be clear and available even if several key servers are unavailable. The DevOps Handbook says that 80% of outages happen from a change someone made (page 203).
  4. There should be a list of resources, assets and/or components that are necessary to maintain operations as defined in the service level agreement itself. Know who owns any external dependencies too (e.g., internet hosting facilities and outsourced functions). Information may be important, but physical assets and contracts with other businesses should be available in catastrophic situations.
  5. There should be backups and a business continuity process in place. The disaster recovery plan should be physically printed out and available in different geographic regions. It should give you the tools to consistently recreate your environment from just the backed up media. Ideally the file media backups and/or data center colocations will be in different floodplains and in different fault lines too. As tedious and costly as it may be, the business would be well-served by testing the installation media with people who are not acquainted with your business. Rudy Guiliani recommends people prepare relentlessly. To backup Windows workstations you may want to try Acronis. For backing up Windows servers, you may want to click the advertisement at the bottom of this article.
  6. The Twelve-Factor App lists "Dev/prod parity" as the tenth factor. The DevOps Handbook says (on page 117) that failures in code migrations are more commonly attributed to differences between the source and destination environments than problems with the code itself (e.g., a lack of robustnesses or sufficient exception handling). There should be thorough testing in lower environments before code is ready for production. We believe that operational readiness would normally include having development and quality assurance environments be substantially similar in terms of hardware with production.
  7. For a greenfield environment that is about to go live, the underlying systems (e.g., components of microservices) should be stable with enough resources to resiliently handle spikes in demands (network traffic and server workloads). There are many load-testing tools for web applications. To generate artificial traffic to a website, you could try Gatling. A complementary tool to generate network traffic, try Ostinato.
  8. "As a good practice, after you have deployed your application in the production environment, run a set of predefined tests to ensure your application is functioning as required." (This quote was taken from Chapter 7 of Learning AWS by Packt Publishing, July 2015, 9781784394639.) While it is ideal to know your environment is ready before you go live, there are things you must do on an ongoing basis to maintain operational readiness. For many companies and uses cases there should either be ongoing testing of production or an exceptional reason why this would be a bad idea. It is our opinion that operational readiness is a journey. Chaos engineering is the practice of robustly testing resilience and high availability. The term comes from what NetFlix designed and used called "chaos monkey." This program deliberately corrupts random servers on an ongoing basis. This tests the monitoring and alerting and it guarantees people on their toes. The professionals do not necessarily know if the problem arose from chaos monkey or from human operations. Management could manually trigger some chaos to see if protocols are followed correctly.
  9. There should be sufficient logging (e.g., of system authentications, data access, data changes, system start ups and shut downs). Postmortems for diagnosis can be valuable. Having centralized logging (or telemetry) can help if there is disk failure. For performance improvement, security investigations, satisfying audits, and disaster recovery goals, adequate logging is critical to being ready.
  10. There should be sufficient monitoring to maintain any service level agreements. The monitored components should be relevant to a necessary component. Some metrics should have corresponding thresholds to trigger an alert. The thresholds ideally will alert someone to a future problem before the undesired contingency happens. The monitoring system should be monitored itself with potential alerts.
  11. Security (including confidentiality, integrity and availability) pre-mortems are important. There should be security mechanisms in place (e.g., firewalls, intrusion detection systems) that are separate and complementary. If one security component is compromised, other devices may be able to protect your network. There should be approval from a penetration testing consulting company that your network and servers are ready for potential hackers. Cutting edge security protocols, practices, and devices should be analyzed on an ongoing basis. The website us-cert.gov is useful as well as Bruce Schneier's website. To secure individual containers, we recommend this posting "How do you secure a docker container, a docker host and their network." If you want to buy some books on security (which are more trustworthy than random websites), click here for a list of a wide-range of I.T. security topics.
  12. Have proper communication in place so the documentation, definitions, and lists associated with maintaining or restoring operational readiness is something that cannot be institutionally forgotten. The onboarding of professionals should be methodical so new hires know what to expect. Some environments have a culture of "move fast and break stuff." If policies and infrastructure permit rapid development, groups in an organization will want to leverage it. Alternatively if people are not supposed to download files from the internet or they are expected to manually configure PuTTy logging on their own desktops, you cannot expect new hires to know the procedures without telling them. Make sure you have a bug tracking system (such as Jira or ServiceNow) and a Confluence or SharePoint repository for documentation. Excessive communication and meetings can impair performance, resilience and morale of an organization. Beware of having insufficient communication too.
  13. Manual processes are prone to error. Maintaining products and services is more efficient by utilizing automation.
  14. Every enterprise network environment has its own idiosyncrasies, strengths and needs. Therefore in normal situations you will have other specific requirements -- not listed above -- for true operational readiness. Some businesses do premortems which involve planning for responding to catastrophic failures before they happen. Operational readiness may include a multitude of such considerations.

* The Project Management Institute defines (or defined) operational readiness as a state.

** The conclusion of this paper says operational excellence (something closely related to operational readiness) says it is an "ongoing effort."

What is an Ingress Resource in Kubernetes?

Question
What is an Ingress resource in Kubernetes?

Answer
It is a Kubernetes technique of exposing services via an individual IP address (page 135 of Kubernetes in Action by Luksa). In TCP/IP networking, the Ingress port allows inbound traffic to route somewhere. Kubernetes supports other IP address to service mapping methods (e.g., NodePort or LoadBalancer). NodePort operates on layer 4 of the OSI seven-layer model (according to this posting). The Ingress resource operates at layer 7 of the OSI model (page 135 of Kubernetes in Action by Luksa).

The ingress service supports networking rules based on the requestor's originating IP address (page 402 of Kubernetes in Action by Luksa).

How Do You Install Splunk in a Docker Container?

Problem scenario
You want to run Splunk from a Docker container. What do you do?

Solution
Prerequisites
Install Docker. If you need assistance, see this posting.

Procedures
1. Run this command: docker pull splunk/splunk:latest

2. Run this command, but replace "simpleword" with the password that you want the administrator account for the web UI to have:

docker run -d -p 8000:8000 -e 'SPLUNK_START_ARGS=--accept-license' -e 'SPLUNK_PASSWORD=simpleword' splunk/splunk:latest

3. Run this command, but replace abcd1234 with the container ID that was created above: docker ps -a -f id=abcd1234

4. Open a web browser and go to this URL, but replace x.x.x.x with the external IP address of the Docker host above: http://x.x.x.x:8000

In Python Are Dictionaries Much Slower in Performance Compared to Lists or Tuples?

Problem scenario
You want to know how dictionaries perform as iterables in Python. In Python for printing the values of every key-value pair in a dictionary, is it faster or slower than printing every item in a list? How does it compare to a tuple?

Solution
For this example we use integer keys in the dictionary. Keys can be strings or other objects. But for this example, we use whole numbers.

We found that one program that tests all three could not scientific. The order in which the tests are run skew the results. We want a control group. Therefore we have a program generate a file to be used as input for each of the three programs. This way we are using the same input to be somewhat scientific. Ideally the programs would run on a Linux server that is not doing anything else but allowing you to log in and run Python programs. We have three other programs test the input as a dictionary, list and tuple respectively.

Here is the file generation program (file_generator.py):

import random
import string
import sys
import datetime
import time

CONSTANT = 990
def randomword(length):
   letters = string.ascii_lowercase
   return ''.join(random.choice(letters) for i in range(length))

def dictcreator(counter, webstera):
  webstera[counter] = randomword(2)
  if (counter < CONSTANT):
    counter = counter + 1
    return dictcreator(counter, webstera )
  else:
    print("processing...")
    return webstera

def checker(counter, iterable_item, match_counter):
    if (counter < CONSTANT):
        counter = counter + 1
        if iterable_item[counter] == 'az':
            match_counter = match_counter + 1
        return checker(counter, iterable_item, match_counter)
    else:
        print(type(iterable_item))
        return match_counter

adict = dictcreator(0, {})  # This generates a dictionary.

file = open("contint3.txt","w")
for item in adict:
    file.write(str(item))
    file.write(' ')
    file.write(str(adict[item]))
    file.write('\n')
file.close()

Here is the dictionary_tester.py program:

import random
import string
import sys
import datetime
import time
import re

CONSTANT = 990
def checker(counter, iterable_item, match_counter):
    if (counter < CONSTANT):
        counter = counter + 1
        if iterable_item[counter] == 'az':
            match_counter = match_counter + 1
        return checker(counter, iterable_item, match_counter)
    else:
        print(type(iterable_item))
        return match_counter

adict = {}
aa = open("contint3.txt") #.read().replace('{', '')

for line in aa:
    (key, val) = line.split()
    adict[int(key)] = val

listoftimes = []
for x in (1, 2, 3, 4, 5, 6, 7, 8, 9, 10):
    t1 = datetime.datetime.now()
    dict_result = checker(0, adict, 0)  # adict is a dictionary
    t2 = datetime.datetime.now()
    dict_duration = t2 - t1
    listoftimes.append(dict_duration)
    print("The search operation with the dictionary took ", dict_duration)
    t3 = t2 - t2

total_duration = t3
for item in listoftimes:
    total_duration = item + total_duration

avg_duration = total_duration/10

print("The average duration of 10 runs with a dictionary was ", avg_duration)

Here is the tuple_tester.py program:

import random
import string
import sys
import datetime
import time
import re

CONSTANT = 990
def checker(counter, iterable_item, match_counter):
    if (counter < CONSTANT):
        counter = counter + 1
        if counter < len(iterable_item):
            if iterable_item[counter] == 'az':
                match_counter = match_counter + 1
        return checker(counter, iterable_item, match_counter)
    else:
        print(type(iterable_item))
        return match_counter

atuple = ()
aa = open("contint3.txt")
for line in aa:
    (key, val) = line.split()

listoftimes = []
for x in (1, 2, 3, 4, 5, 6, 7, 8, 9, 10):
    t1 = datetime.datetime.now()
    tuple_result= checker(0, atuple, 0)  # atuple is a tuple
    t2 = datetime.datetime.now()
    tuple_duration = t2 - t1
    listoftimes.append(tuple_duration)
    print("The search operation with the tuple took ", tuple_duration)
    t3 = t2 - t2

total_duration = t3
for item in listoftimes:
    total_duration = item + total_duration

avg_duration = total_duration/10

print("The average duration of 10 runs with a tuple was ", avg_duration)

Here is the list_tester.py program:

import random
import string
import sys
import datetime
import time
import re

CONSTANT = 990
def checker(counter, iterable_item, match_counter):
    if (counter < CONSTANT):
        counter = counter + 1
        if counter < len(iterable_item):
            if iterable_item[counter] == 'az':
                match_counter = match_counter + 1
        return checker(counter, iterable_item, match_counter)
    else:
        print(type(iterable_item))
        return match_counter

alist = []
aa = open("contint3.txt")

for line in aa:
    (key, val) = line.split()

listoftimes = []
for x in (1, 2, 3, 4, 5, 6, 7, 8, 9, 10):
    t1 = datetime.datetime.now()
    list_result = checker(0, alist, 0)  # alist is a list
    t2 = datetime.datetime.now()
    list_duration = t2 - t1
    listoftimes.append(list_duration)
    print("The search operation with the list took ", list_duration)
    t3 = t2 - t2

total_duration = t3
for item in listoftimes:
    total_duration = item + total_duration

avg_duration = total_duration/10

print("The average duration of 10 runs with a list was ", avg_duration)

When doing the tests, we found the list [built-in] iterable to be slightly faster than the tuple [built-in] iterable. Dictionary [built-in] iterables performed slightly worse. If you want to study Python closely, you can view a list of books here.

What is a Deployment in Kubernetes?

Question
What is a deployment in Kubernetes?

Answer
A deployment is a resource that is designed for "deploying applications and updating them declaratively" (page 261 of Kubernetes in Action by Luksa). You may hear the phrase "Deployment controller." This is a reference to a component of the Controller Manager in the Kubernetes Control Plane (page 262 of Kubernetes in Action by Luksa). When the Deployment controller runs, it can be referred to as the rollout or the deployment process (page 273 of Kubernetes in Action by Luksa).

A deployment controller manages the creation of ReplicaSets (according to this posting).

A Deployment is "composed of a label selector, a desired replica count, and a pod template" (page 262 of Kubernetes in Action by Luksa).

A .yaml file in Kubernetes is declarative; to learn more about the file, see this posting. They support a key named "kind". The value associated with this "kind" key can be "Deployment" (which Kubernetes will recognize).

A deployment is something that is scalable in Kubernetes -- either manually or automatically according to page 443 of Kubernetes in Action by Luksa.

Once the deployment is complete, the pods are managed by the ReplicaSets (not the Deployment itself) (page 261 of Kubernetes in Action by Luksa). Here is how the process works (looking at it chronologically): Deployment -> ReplicaSet -> Pods
(This was adapted from page 261 of Kubernetes in Action by Luksa).

To learn more about Kubernetes deployments, see this.

How Do You Install the Angular CLI on a Linux Server?

Problem scenario
You want to test out the Angular CLI on a Linux server. What should you do?

Solution

Prerequisite
Install node and npm. If you nsee assistance, see this posting How Do You Install node and npm on Any Distribution of Linux Server?.

Procedure
Run this command: sudo npm install -g @angular/cli