Serving a HTTPS enabled application on Kubernetes
tl;dr - It’s pretty easy if you have let’s encrypt certificates set up, and Kubernetes Ingress/DNS working properly (I’ve covered how I set these up in previous posts so check them out for reference). Skim through to see the final Kubernetes resource configuration that I use in production for Passcue.me So far we’ve gone through a lot of Kubernetes related posts, from setting up Kubernetes manually on a single machine, to getting regular non-authenticated HTTP apps running on Kubernetes, to setting up a database on kubernetes and setting up letsencrypt-powered TLS certificates.
Setting Up SSL Certs on Kubernetes
tl;dr - letsencrypt is awesome, ployst/docker-letsencrypt makes it easy to use with Kubernetes (feel free to check out the blog post that describes it). There are even easier ways to do it these days that I haven’t tried: kube-lego which looks pretty amazing. After going through figuring out how to run HTTP applications on Kubernetes, as well as how to run databases on Kubernetes, the next natural step is to figure out how to gear up to running HTTPS applications on Kubernetes.
Running a Database on Kubernetes
tl;dr - I thought I needed PersistentVolumes but I don’t (I do go through how to use/activate them though), they solve a different problem. All I needed was the combination of a Volume + StatefulSet + Node Affinity + Service in order to get my database running on a single node consistently, and accessible through DNS. I also go through setting up High Availability (HA)/clustered RethinkDB but it’s probably wrong/not axiomatic Kubernetes so check out the section on why I think it’s wrong.
Serving HTTP Applications on Kubernetes with Ingress
UPDATE This configuration previously contained LoadBalancer as the spec.type but it turns out that actually I don’t need to set it to LoadBalancer. Basically, LoadBalancers are for use in cloud provider environments, and create their own ingresses according to the documentation. This was pointed out to me by Thomas Barton who came across this post on HackerNews and I wanted to of course pass the information on. Check out the section with the configuration for the changes and a small explanation.
Fresh Dedicated Server to Single Node Kubernetes Cluster on CoreOS, Part 3: Setting up essential Kubernetes addons
This is the third in a series of blog posts centered around my explorations and experiments with using Kubernetes and CoreOS to power my own small slice of infrastructure. Check out the previous posts: Part 1 (Setting up the server with CoreOS) Part 2 (Getting Kubernetes running) Part 3 (Setting up essential Kubernetes addons) (this post) tl;dr - Kubernetes has some pretty important addons like DNS and Dashboard, here I go through deploying them, and my thought process as I debugged issues.
Fresh Dedicated Server to Single Node Kubernetes Cluster on CoreOS, Part 2: Getting Kubernetes Running
This is the seccond in a series of blog posts centered around my explorations and experiments with using Kubernetes and CoreOS to power my own small slice of infrastructure. Check out the previous post: Part 1 (Setting up the server with CoreOS) Part 2 (Getting Kubernetes running) (this post) Part 3 (Setting up essential Kubernetes extras) tl;dr - Read the step-by-step guide on the CoreOS site for setting up Kubernetes, it’s excellent.
Fresh Dedicated Server to Single Node Kubernetes cluster on CoreOS, Part 1
This is the first of a series of blog posts centered around my explorations and experiments with using Kubernetes to power my own small slice of infrastructure (1-3 servers, mix of VPS and dedicated hardware). This post is a bit of an introductory piece detailing some of my motivations and internal dialogue on switching to kubernetes and upgrading my infrastructure at all. This post will unfortunately be light in “how-to” and will mostly cover “why-I-chose-to”.
Static Binaries for Haskell: A Convoluted Approach
tl;dr - After a bunch of trial and error, I end up building a mostly static binary from a docker container. With hindsight it was only “mostly” static because after trying to get sendmail working from haskell code, the getProtocolByName system call was failing, pointing to the fact that there were a bunch of libraries NOT included in the executable I thought was fully static (GHC warned me) that needed to be present in the same form in the deployment container.
Graylog as a hslogger backend in Haskell
tl;dr - It’s pretty easy to use Graylog as a System.Logger backend, check out the code at the end, also if you’re interested in just regular crash-level logging with Servant, there’s some code you might like at the bottom too. On a recent contract I was introduced to Graylog – it’s a pretty awesome log aggregation tool, with a great rontend and I was drawn to the simplicity of use.
Ansible Is Awesome
tl;dr - There are lots of ways to get smarter about how you deploy. Ansible is one choice, it’s not the fanciest, but it’s amazing. NOTE This is not an introduction to ansible, please check out their official documentation if you want that. For most of my projects, I use a GNU Make Makefile based build process. I do that because it’s cross-platform, pretty well suppported/known (for people who build software), and easy to standardize on no matter what project I’m working on.