Friday, October 15, 2021

DevOps Links for 15/10/2021

New GitHub Releases Public Beta

GitHub releases allows repository maintainers to release versions of their software. It accompanies notes, version of the software, contributors, etc. When I see releases page of some OSS projects, I feel like so many smart people contributed to this release and how much effort goes into writing these. This new version of GitHub Releases will help maintainers with auto-generated release notes, new UI refresh, using GitHub Actions using APIs you can integrate this feature and more. Go check out the preview. You will have to turn on this feature.

GitHub Advisory Database now powers npm audit


As a web developer, you would have come across npm. It is the package manager for your web projects. npm is command line tool which you can use to install, search, remove packages from your projects. npm audit allows you to scan project's dependencies for security vulnerabilities. GitHub Advisory Database stores all the security vulnerabilities and it is maintained by GitHub. With this new update npm audit feature will utilize GitHub Advisory database behind the scenes. Dependabot also uses this database. 



Reuse your workflows across multiple projects using composite actions


In GitHub Actions, you execute different actions to build/release/test your project. When you are working projects that use the same steps over and over again, you may want to build something that is reusable across multiple projects. Just like we extract repeatable code into its own function so it can be reused in multiple places. Composite actions accomplish exactly this but for actions. This post explains how you can create a composite action in one master repository and then use that composite action in multiple projects. It is cool. 


As part of your DevSecOps practices, you want to scan your code assets for known vulnerabilities. That includes your code, internal as well as external dependencies such as libraries, packages, and container images. In this post, I learned of so many things. tfsec is tool to do static analysis of your terraform code (post).  Trivy is tool you can use to scan vulnerabilities in your docker container. Another great post. You can check out the repository for more information.

Tip: You can follow me on twitter to get instant updates whenever I tweet about DevOps

Thursday, September 30, 2021

DevOps Links for 30/9/2021

GitHub CLI

Do you know that you can work with GitHub through the command line? But isn't it already the case when I do git commit? No that is Git CLI. GitHub - the website where you host repos and collaborate with developers to create pull requests and issues, also has a CLI. This post explains on how to get started with GitHub CLI. You can download the CLI from cli.github.com.

 Using scope with ARM templates to deploy across subscriptions.

Do you know ARM templates? Well ARM templates allow you to deploy your Azure resources using a JSON template. You can define resources using JSON and build templates that can be reused. This post explains how you can use scope with ARM templates to deploy resources across subscriptions. Normally when you learn about ARM, you deploy a template into a resource group. Well what if you want to deploy something across subscriptions? That's when you use scope. Go check out the article in more detail.

GitHub Codespaces

My first encounter with GitHub Codespaces was when I delivered a Microsoft Cloud Immersion workshop. Getting started with Codespaces was a breeze. Onboarding developers is fun and fast. Just point them to the repo and off they go. Codespaces are like a dev vm with everything setup for you to get developing.

DevOps Periodic Table

Lots of tools in the DevOps space and this one is a creative way to visualize them.

Getting started with Bicep

Bicep is the new language that you can use to deploy your resources into Azure. It has a CLI and during the deployment stage, the Bicep CLI converts the bicep file into an ARM template. It makes writing IAAC code little bit easier. 

Tip: You can follow me on twitter to get instant updates whenever I tweet about DevOps

Thursday, September 23, 2021

DevOps Links for 23/9/2021

DevOps Exercises

Everything that you can imagine related to DevOps can be found in this GitHub Repository. Most comprehensive list of DevOps exercises, questions and answers on DevOps. Enjoy.


State of the DevOps Report 2021


I created a twitter thread if you want to read more. Vast majority of the organizations are stuck in the middle of their DevOps journey. They haven't been able to bridge the gap between their organizational silos and achieve meaningful organizational change.


Mix of blockers for low-evolution DevOps teams include resistance to change, legacy architecture, shortage of skills, limited or lack of automation, and unclear goals or objectives.


Teams that are good at DevOps have strong identities, clear responsibilities with a high degree of autonomy over their own function and have well-defined interaction paradigms and communication channels with other teams. I think this is true of any high performing team.


High performing teams use Automation and Cloud to their advantage better than others.


Introduction to DevOps Dojo.


My favorite piece of information in the above Dojo article is the quote from Satya Nadella. 


"I want our best engineers to work on our engineering systems, so that we can later on come back and build all the new concepts we want." - Satya Nadella


As an engineer, when you recommend making improvements to your internal systems, then very few managers understand the importance of prioritizing that work. These improvements are either brushed off as - not enough time, not billable work, it doesn’t add any value, and it is not a high priority.  


GitHub Actions Tip: Create ACTIONS_STEP_DEBUG secret and set it to true to view debug logs when your action runs.


Ever wonder what's installed on your GitHub Action Runner?


GitHub Actions Runner is a virtual machine that runs your different actions in the pipeline. These actions typically depend upon some software to be installed on this machine. Out of the box it comes with a long list of pre-installed software. It has CLIs for major cloud providers, package managers, build tools, and more. When your GitHub Action executes, in the log you can find a link that points to a GitHub page that lists all the software that is installed on that particular VM. For a sample, you can check the Ubuntu 20.04.3 LTS list here.


Tip: You can follow me on twitter to get instant updates whenever I tweet about DevOps. 

Thursday, September 16, 2021

DevOps Links for 16/9/2021

Many people don't know the difference between Git and GitHub and it is a constant source of confusion for first timers. This post is a simple getting started post on Git and GitHub. 

 How to get started with GitHub and Git

SQL Injection is still there in the top 10 OWASP list. Broken Access Control is at the top of OWASP 2021 list which you can find below. 

Here is the OWASP Top 10 for 2021


A different take on branching strategy. In my opinion, you need a high degree of trust and keep changes small and adopt a strategy that works for your team.

Branching Strategy - Ship / Show / Ask


All the Azure DevOps features visualized using Mind Map.

Azure DevOps In a Nutshell Mind Map


I am trying to find interesting questions on GitHub Actions on Stackoverflow. This is one of the highly voted questions on GitHub Actions.

How to get current branch within GitHub actions


This post lists four key metrics - Deployment Frequency, Lead Time for Changes, Change Failure Rate, Time to Restore Service, that you need to track to measure your DevOps performance in your organization.

Use Four Keys metrics like change failure rate to measure your DevOps performance | Google Cloud Blog


Tip: You can follow me on twitter to get instant updates whenever I tweet about DevOps. 


Thursday, September 9, 2021

DevOps Links for 9/9/2021

If you are learning GitHub Actions, then this is a good place to start.

Introduction to GitHub Actions 


Currently, I am deploying different kinds of .NET application to Azure using GitHub Actions. You can find more information on how to deploy to Azure App Service below. 

An interesting post on GitHub Actions Limitations and Gotchas. The workflow_dispatch feature needs major improvements. If you don't know what that is, then you will keep guessing what this feature is and how to discover it. This feature is to manually trigger the GitHub Actions.

GitHub Actions Limitations and Gotchas 

Tip: You can follow me on twitter to get instant updates whenever I tweet about DevOps. 

Monday, April 27, 2020

What is Helm for Kubernetes?

In this post, I would like to talk about what is Helm and why do we need it, installing and uninstalling a chart and difference between a repo and a hub.

For this post, I am also assuming you are familiar with Kubernetes on a high level.

Before we dive into the details, first, let’s understand what does the word Helm mean in English.

“Helm is a lever or wheel controlling the rudder of a ship for steering.” – Merriam Webster

In a ship, you might have seen a wheel like mechanism used by the captain to steer the ship as shown below.


The logo for Helm (in Kubernetes context) as seen on Helm.sh website is shown below. We can now somewhat connect the dots with respect to logos.


If you want to setup wordpress inside a Kubernetes Cluster, then you will have to find relevant docker images for the wordpress front end and mysql database docker image and then setup networking, configuration, secrets, load balancing, etc., by installing multiple .yaml files.

After you have setup everything and everything is working, you will feel like you don’t want to touch your setup. But life doesn’t end there and eventually, you will have to worry about things listed below.

1. Delete deployments

2. Setup another wordpress instance for another customer

3. Update your images with new wordpress or mysql images

4. Rollback installation manually

and more.

Wouldn’t it be nice, if we didn’t had to worry about any of those .yaml files?

Wouldn’t it be nice, if we could leverage wordpress expert’s knowledge of installing and configuring wordpress into a cluster?

What if we could just execute few commands to install, uninstall and upgrade a software?

That’s what Helm does for Kubernetes. Helm helps you steer your software into your cluster.

You can execute helm commands against your K8S cluster such as

helm search hub bitnami/wordpress

helm install my-wordpress bitnami/wordpress

helm uninstall my-wordpress 

These commands would look familiar to you if you are familiar with apt-get or chocolatey or brew.

Helm is just like apt-get, chocolatey or brew, a Package Manager.

From the Helm website - “Helm is the package manager for Kubernetes. It is the best place to find, share and install software for Kubernetes”

It is the package manager for your Kubernetes Cluster and not for your machine.

You can install helm on your machine by following your operating system specific instructions as shown on the helm site - https://helm.sh/docs/intro/install/


Helm utilizes the same Kubernetes APIs to install software into K8S cluster.

A package manager is responsible for installing, uninstalling, and upgrading software packages into destination from a remote/local package repository.

Likewise, Helm works against a repository hosted locally or remotely. A repo can be hosted by anyone. For example, Google has its own helm repository. Bitnami hosts its own repository.

A repository contains many software packages. Each package has multiple versions.

Within helm context, a package is called a Chart. From now on we will refer packages as Charts.

By default, helm doesn’t know about any repository. If you want to use a particular repository, then you have to first add that repository to helm.

helm repo add bitnami https://charts.bitnami.com/bitnami

After you have done that, you can install any software from bitnami repository.

helm install my-wordpress bitnami/wordpress

When you execute the above command, you are telling helm to install the wordpress chart from the bitnami repository.

You can uninstall a chart by

helm uninstall my-wordpress

A small recap – Helm is a package manager that works against one or more repositories hosted by anyone to install/uninstall/upgrade a chart into a Kubernetes Cluster.

Are you with me so far? If yes, then let’s continue.

Since, repositories can be hosted by anyone (some of them could be private or public), how to find and search charts within these repositories?

Do we have to add every single repository out there?

How do we discover these repositories?

Helm Hub is a central location to easily find charts that are hosted outside the helm project.

When you execute the command helm search –help, you are presented with two options search hub or search repo. In the below comands, we are searching for wordpress chart against the hub and then against the repository.

helm search hub wordpress

helm search repo wordpress

What happens when you install a chart (remember we called it package initially)?

A Chart is nothing but collection of files that describe a related set of Kubernetes resources. For example, a wordpress chart will have all the .yaml files required to install wordpress. In addition to that it will have metadata information about the chart itself.

When you install a chart, it creates a new release into your K8S cluster. A release is like an instance of a resource. For example, when you install wordpress chart using the install command mentioned earlier, it will create a new release by the name my-wordpress. That release is unique to this cluster.

You can install a chart multiple times to create multiple releases. For example, if you can install wordpress chart 3 times, then you will have 3 wordpress instances configured—all with their own unique urls, usernames and passwords. By executing the below command, we will have 3 releases installed in our cluster.

helm install my-wordpress1 bitnami/wordpress

helm install my-wordpress2 bitnami/wordpress

helm install my-wordpress3 bitnami/wordpress

Clear?

Take two, let’s say you install mysql chart 3 times in your cluster, then you have 3 mysql database instances configured in your cluster.

You can execute helm list command to see what is installed in your cluster.

Finally, you can uninstall a release by executing the command helm uninstall my-wordpress

I hope this helped your understand helm a bit better.

Wednesday, July 17, 2019

Passing multiple parameters in an Angular Route using RouteLink

In Angular, let’s say you have a route defined like this.

{ path : 'user/:userId/building/:buildingid, component: UserScheduleDetailsComponent, pathMatch : 'full'}

and you want to navigate the user to this component by using this route. I couldn’t easily find a way to pass these parameters by using routelink.

So this is how you do it.

<a [routerLink]="[ '/user/', userId, 'building', buildingId]">I am a link</a>

The userid is public property in the .ts file of the controller. There is just one gotcha. In the middle, there are these hard coded strings, for eg. building, do not put ‘/’ in the beginning or at the end of ‘building’. Only the first part of this route can have ‘/’ in it.