DEV Community: Ashiqur Rahman The latest articles on DEV Community by Ashiqur Rahman (@ashiqursuperfly). https://dev.to/ashiqursuperfly https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F358290%2Fde58bd8d-d38f-47f8-84bd-9466937ee16a.png DEV Community: Ashiqur Rahman https://dev.to/ashiqursuperfly en Enforcing Kubernetes Probes with a Custom Admission Webhook Ashiqur Rahman Mon, 16 Jun 2025 13:17:31 +0000 https://dev.to/ashiqursuperfly/enforcing-kubernetes-probes-with-a-custom-admission-webhook-16o8 https://dev.to/ashiqursuperfly/enforcing-kubernetes-probes-with-a-custom-admission-webhook-16o8 <h2> Introduction </h2> <p>Container health checks via liveness and readiness probes are critical for resilient workloads in Kubernetes. However, it’s easy for teams to forget adding them, leading to issues that are only discovered in production.</p> <p>In this post, I’ll walk through building a custom Kubernetes Admission Controller that enforces the presence of liveness and readiness probes on all pods. We’ll cover everything: why, how, code, testing, and deployment.</p> <h2> Why Enforce Probes? </h2> <p>Resilience: Probes help Kubernetes automatically restart failing pods and avoid routing traffic to unhealthy ones.</p> <p>Standardization: Ensures organizational best practices are followed without relying on manual checks or code reviews.</p> <p>Automation: Moves policy enforcement to the cluster level, catching issues before they reach production.</p> <h2> Design Overview </h2> <p>Our Validating Admission Controller runs as a K8s deployment. It intercepts all pod creation requests in it's cluster and:</p> <ul> <li><p>Checks for startup, readinessProbe and livenessProbe on every container.</p></li> <li><p>Rejects pods missing atleast one required probe, with a clear error message. You can configure which probes you want to enforce by setting the environment variable <code>ENFORCE_PROBES</code> (default: liveness,readiness). You can also exclude some namespaces using the environment variable <code>EXCLUDE_NAMESPACES</code> (default: kube-system,kube-public)</p></li> </ul> <p>The flow:</p> <ul> <li>User creates/updates a pod.</li> <li>K8s API calls our webhook.</li> <li>Webhook inspects the pod spec.</li> </ul> <p>If probes are missing, request is denied. The pod creation fails with an error from our custom admission controller.</p> <h2> Demo </h2> <h3> Pod in <code>default</code> namespace with no probes </h3> <p>First, let's try to create a pod with no probes defined in the <code>default</code> namespace:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi0rb8jeu9w0kd2g9m5c5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi0rb8jeu9w0kd2g9m5c5.png" alt="k8s-pod-with-no-probes-default" width="800" height="47"></a><br> Looks like our admission webhook intercepted it and blocked the pod creation. Let's confirm that from the logs:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Far26dik3by3t2p36cv15.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Far26dik3by3t2p36cv15.png" alt="k8s-probe-enforcer-logs-fail" width="800" height="84"></a></p> <h3> Pod in <code>kube-system</code> namespace with no probes defined </h3> <p>Now, we try to create a pod with no probes defined in the <code>kube-system</code> namespace:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4886dqbbb2yenzuxuepr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4886dqbbb2yenzuxuepr.png" alt="k8s-pod-with-no-probes-kube-system" width="800" height="69"></a><br> Looks like the pod creation succeeded this time, which is the expected behaviour. This is because, we have excluded the <code>kube-system</code> namespace from the probe enforcer. Let's verify from the logs:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4gj014ajf6g74qwcv8zs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4gj014ajf6g74qwcv8zs.png" alt="k8s-probe-enforcer-logs-success-kube-system" width="800" height="56"></a></p> <h3> Pod in <code>default</code> namespace with both liveness and readiness probes defined </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbe5zpoah463rrsnddph4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbe5zpoah463rrsnddph4.png" alt="k8s-pod-with-probes" width="800" height="885"></a><br> The pod creation succeeded. Let's verify from the logs again:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm4gkab65j7raao6db2wf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm4gkab65j7raao6db2wf.png" alt="k8s-probe-enforcer-logs-pass" width="800" height="34"></a></p> <h2> Installation </h2> <h3> Pre-requisites </h3> <ul> <li>A Kubernetes cluster with <code>cert-manager</code> installed. <a href="https://cert-manager.io/docs/installation/#default-static-install" rel="noopener noreferrer">https://cert-manager.io/docs/installation/#default-static-install</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.18.0/cert-manager.yaml </code></pre> </div> <p>Now, apply the manifests required for installing the admission controller:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl kustomize https://github.com/ashiqursuperfly/k8s-probe-enforcer-ac/k8s | kubectl apply <span class="nt">-f</span> - </code></pre> </div> <p>Once all the manifests are applied, our custom admission webhook is ready to intercept all pod create/update requests. Try creating a pod with a liveness/readiness probe missing and see the magic!</p> <h2> Implementation </h2> <p>The complete source code is hosted on Github: <a href="https://github.com/ashiqursuperfly/k8s-probe-enforcer-ac" rel="noopener noreferrer">https://github.com/ashiqursuperfly/k8s-probe-enforcer-ac</a><br> Here's the core logic that validates an incoming pod create/update request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">if</span> <span class="n">cfg</span><span class="o">.</span><span class="n">ExcludeNamespaces</span><span class="p">[</span><span class="n">pod</span><span class="o">.</span><span class="n">Namespace</span><span class="p">]</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Namespace '%s' is excluded from validation. Allowing pod '%s'."</span><span class="p">,</span> <span class="n">pod</span><span class="o">.</span><span class="n">Namespace</span><span class="p">,</span> <span class="n">pod</span><span class="o">.</span><span class="n">Name</span><span class="p">)</span> <span class="n">respondAdmission</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">review</span><span class="p">,</span> <span class="no">true</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="n">containersMissingProbes</span> <span class="o">:=</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">][]</span><span class="kt">string</span><span class="p">{}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">c</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">pod</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Containers</span> <span class="p">{</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">probe</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">cfg</span><span class="o">.</span><span class="n">EnforceProbes</span> <span class="p">{</span> <span class="k">switch</span> <span class="n">probe</span> <span class="p">{</span> <span class="k">case</span> <span class="s">"readiness"</span><span class="o">:</span> <span class="k">if</span> <span class="n">c</span><span class="o">.</span><span class="n">ReadinessProbe</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">containersMissingProbes</span><span class="p">[</span><span class="n">c</span><span class="o">.</span><span class="n">Name</span><span class="p">]</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">containersMissingProbes</span><span class="p">[</span><span class="n">c</span><span class="o">.</span><span class="n">Name</span><span class="p">],</span> <span class="s">"readinessProbe"</span><span class="p">)</span> <span class="p">}</span> <span class="k">case</span> <span class="s">"liveness"</span><span class="o">:</span> <span class="k">if</span> <span class="n">c</span><span class="o">.</span><span class="n">LivenessProbe</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">containersMissingProbes</span><span class="p">[</span><span class="n">c</span><span class="o">.</span><span class="n">Name</span><span class="p">]</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">containersMissingProbes</span><span class="p">[</span><span class="n">c</span><span class="o">.</span><span class="n">Name</span><span class="p">],</span> <span class="s">"livenessProbe"</span><span class="p">)</span> <span class="p">}</span> <span class="k">case</span> <span class="s">"startup"</span><span class="o">:</span> <span class="k">if</span> <span class="n">c</span><span class="o">.</span><span class="n">StartupProbe</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">containersMissingProbes</span><span class="p">[</span><span class="n">c</span><span class="o">.</span><span class="n">Name</span><span class="p">]</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">containersMissingProbes</span><span class="p">[</span><span class="n">c</span><span class="o">.</span><span class="n">Name</span><span class="p">],</span> <span class="s">"startupProbe"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">containersMissingProbes</span><span class="p">)</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Pod '%s' passed validation. All required probes are present."</span><span class="p">,</span> <span class="n">pod</span><span class="o">.</span><span class="n">Name</span><span class="p">)</span> <span class="n">respondAdmission</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">review</span><span class="p">,</span> <span class="no">true</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="c">// Prepare detailed error message</span> <span class="k">var</span> <span class="n">failMsg</span> <span class="kt">string</span> <span class="k">for</span> <span class="n">container</span><span class="p">,</span> <span class="n">probes</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">containersMissingProbes</span> <span class="p">{</span> <span class="n">failMsg</span> <span class="o">+=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"Container '%s' missing: %v; "</span><span class="p">,</span> <span class="n">container</span><span class="p">,</span> <span class="n">probes</span><span class="p">)</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Pod '%s' rejected. %s"</span><span class="p">,</span> <span class="n">pod</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">failMsg</span><span class="p">)</span> <span class="n">respondAdmission</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">review</span><span class="p">,</span> <span class="no">false</span><span class="p">,</span> <span class="n">failMsg</span><span class="p">)</span> </code></pre> </div> <h2> Docs </h2> <p>Here are some of the official kubernetes documentation that helped me come up with my solution:</p> <ul> <li><a href="https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/" rel="noopener noreferrer">https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/</a></li> <li><a href="https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/" rel="noopener noreferrer">https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/</a></li> <li> <a href="https://github.com/ashiqursuperfly/k8s-probe-enforcer-ac" rel="noopener noreferrer">https://github.com/ashiqursuperfly/k8s-probe-enforcer-ac</a> (Please leave a star on the repo if you found this useful!)</li> </ul> kubernetes sre devops Handling mapping changes in Elasticsearch and reindexing Ashiqur Rahman Thu, 20 Mar 2025 00:34:16 +0000 https://dev.to/ashiqursuperfly/handling-mapping-changes-in-elasticsearch-and-reindexing-i91 https://dev.to/ashiqursuperfly/handling-mapping-changes-in-elasticsearch-and-reindexing-i91 <p>Elasticsearch is a powerful search engine that allows for flexible and efficient data indexing and searching. However, managing changes in the data schema, known as mappings, can be challenging. This guide will walk you through handling mapping changes and the reindexing process in Elasticsearch.</p> <h2> Understanding Mappings </h2> <p>Mappings in Elasticsearch define how documents and their fields are stored and indexed. They determine the data types (e.g., text, keyword, integer) and how fields should be analyzed. Properly managing mappings is crucial for ensuring efficient search operations and data integrity.</p> <h2> Why Mapping Changes Occur </h2> <p>Mapping changes might be necessary due to:</p> <ul> <li> <strong>Schema Evolution</strong>: As your application evolves, new fields might need to be added, or existing fields might require changes.</li> <li> <strong>Optimization</strong>: Improving search performance by changing field types or adding analyzers.</li> <li> <strong>Error Correction</strong>: Fixing mistakes in the initial mapping setup.</li> </ul> <h2> Challenges with Mapping Changes </h2> <p>Elasticsearch does not allow direct modification of existing field mappings. This limitation ensures data consistency and prevents potential conflicts. Therefore, any changes to mappings require careful planning and execution.</p> <h2> Steps to Handle Mapping Changes </h2> <ol> <li><p><strong>Plan the Changes</strong>: Identify the fields that need changes and determine the new mapping requirements. Consider the impact on existing data and search queries.</p></li> <li><p><strong>Create a New Index</strong>: Since mappings cannot be changed directly, you need to create a new index with the desired mappings. This new index will eventually replace the old one.</p></li> <li><p><strong>Reindex the Data</strong>: Reindexing involves copying data from the old index to the new index. Elasticsearch provides a <code>_reindex</code> API to facilitate this process.<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="err">POST</span><span class="w"> </span><span class="err">_reindex</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"source"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"index"</span><span class="p">:</span><span class="w"> </span><span class="s2">"old_index"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"dest"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"index"</span><span class="p">:</span><span class="w"> </span><span class="s2">"new_index"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <ol> <li> <strong>Update Aliases</strong>: Once reindexing is complete, update any aliases pointing to the old index to point to the new index. This step ensures that applications querying the index continue to function without changes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="err">POST</span><span class="w"> </span><span class="err">/_aliases</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"actions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"remove"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"index"</span><span class="p">:</span><span class="w"> </span><span class="s2">"old_index"</span><span class="p">,</span><span class="w"> </span><span class="nl">"alias"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my_index"</span><span class="w"> </span><span class="p">}},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"add"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"index"</span><span class="p">:</span><span class="w"> </span><span class="s2">"new_index"</span><span class="p">,</span><span class="w"> </span><span class="nl">"alias"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my_index"</span><span class="w"> </span><span class="p">}}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <ol> <li><p><strong>Verify Data Integrity</strong>: After reindexing, verify that the data in the new index is correct and that all mappings are as expected. Perform searches to ensure that the new mappings work as intended.</p></li> <li><p><strong>Delete the Old Index</strong>: Once you are confident that the new index is functioning correctly, you can safely delete the old index to free up resources.<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="err">DELETE</span><span class="w"> </span><span class="err">/old_index</span><span class="w"> </span></code></pre> </div> <h2> Best Practices </h2> <ul> <li> <strong>Backup Data</strong>: Always backup your data before making significant changes.</li> <li> <strong>Test Changes</strong>: Use a staging environment to test mapping changes and reindexing processes.</li> <li> <strong>Monitor Performance</strong>: After reindexing, monitor the performance of your Elasticsearch cluster to ensure that the changes have not introduced any issues.</li> </ul> <p>By following these steps and best practices, you can effectively manage mapping changes in Elasticsearch and ensure a smooth reindexing process.<br> The cover image in this post was taken from this OG <a href="https://www.reddit.com/r/elasticsearch/comments/dj7sql/meme_index_templates_and_a_nod_to_the_elk_guys/" rel="noopener noreferrer">reddit thread</a></p> elasticsearch devops A guide to debugging a Kubernetes deployment Ashiqur Rahman Sun, 16 Mar 2025 19:29:30 +0000 https://dev.to/ashiqursuperfly/a-guide-to-debugging-a-kubernetes-deployment-4663 https://dev.to/ashiqursuperfly/a-guide-to-debugging-a-kubernetes-deployment-4663 <h1> A Guide to Debugging a Kubernetes Deployment </h1> <p>Debugging a Kubernetes deployment can be a challenging task, especially for those new to container orchestration. After working extensively with all three major managed Kubernetes offerings (EKS, GKE and AKS) for the last three years, I aim to provide a structured approach to identifying and resolving issues within your Kubernetes deployments in this post. These are just the things I check out quickly, whenever an alert pops up on PagerDuty. These proved to be sufficient in my experience to get to the root cause of a failing deployment quickly. As the technologies built in and around Kubernetes evolve, I plan to update this post as needed.</p> <h2> Table of Contents </h2> <ol> <li>Understanding the Basics</li> <li>Common Issues and Solutions</li> <li>Tools and Commands</li> <li>Best Practices</li> <li>Conclusion</li> </ol> <h2> Understanding the Basics </h2> <p>Before diving into debugging, it's essential to understand the basic components of a Kubernetes deployment:</p> <ul> <li> <strong>Pods</strong>: The smallest deployable units in Kubernetes.</li> <li> <strong>Deployments</strong>: Controllers that manage the desired state of pods.</li> <li> <strong>Services</strong>: Abstract ways to expose an application running on a set of pods.</li> <li> <strong>ConfigMaps and Secrets</strong>: Methods for managing configuration data and sensitive information.</li> </ul> <p>Understanding these components will help you pinpoint where issues may arise.</p> <h2> Common Issues and Solutions </h2> <h3> 1. Pods Not Starting </h3> <ul> <li> <strong>Check Pod Status</strong>: Use <code>kubectl get pods</code> to check the status of your pods. Look for pods in <code>Pending</code> or <code>CrashLoopBackOff</code> states.</li> <li> <strong>Inspect Events</strong>: Use <code>kubectl describe pod &lt;pod-name&gt;</code> to view events and error messages that can provide clues.</li> </ul> <h3> 2. Image Pull Failures </h3> <ul> <li> <strong>Verify Image Name</strong>: Ensure the image name in your deployment is correct.</li> <li> <strong>Check Image Registry</strong>: Make sure the image is available in the specified registry and that your Kubernetes nodes have access to it.</li> </ul> <h3> 3. Configuration Errors </h3> <ul> <li> <strong>Validate ConfigMaps and Secrets</strong>: Use <code>kubectl describe configmap &lt;name&gt;</code> and <code>kubectl describe secret &lt;name&gt;</code> to ensure they are correctly configured.</li> <li> <strong>Check Environment Variables</strong>: Ensure that the environment variables in your deployment manifest are correctly set.</li> </ul> <h3> 4. Networking Issues </h3> <ul> <li> <strong>Service Discovery</strong>: Verify that services are correctly defined and that DNS resolution is working.</li> <li> <strong>Network Policies</strong>: Check if network policies are blocking traffic between pods.</li> </ul> <h2> Tools and Commands </h2> <ul> <li> <strong>kubectl logs</strong>: Retrieve logs from a pod to diagnose issues. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl logs &lt;pod-name&gt; </code></pre> </div> <ul> <li> <strong>kubectl exec</strong>: Execute commands inside a running pod for troubleshooting. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl <span class="nb">exec</span> <span class="nt">-it</span> &lt;pod-name&gt; <span class="nt">--</span> /bin/sh </code></pre> </div> <ul> <li> <strong>kubectl describe</strong>: Provides detailed information about a resource. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl describe pod &lt;pod-name&gt; </code></pre> </div> <ul> <li> <strong>kubectl get events</strong>: Check for events that might indicate issues. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl get events </code></pre> </div> <h2> Best Practices </h2> <ul> <li> <strong>Resource Requests and Limits</strong>: Define resource requests and limits to ensure pods have the necessary resources and to prevent resource exhaustion.</li> <li> <strong>Health Checks</strong>: Implement liveness and readiness probes to automatically handle unhealthy pods.</li> <li> <strong>Logging and Monitoring</strong>: Use centralized logging and monitoring tools like Prometheus and Grafana for better visibility.</li> </ul> <h2> Conclusion </h2> <p>Debugging Kubernetes deployments requires a systematic approach and familiarity with Kubernetes components and tools. By following this guide, you can effectively troubleshoot and resolve common issues, ensuring your applications run smoothly in a Kubernetes environment.</p> <p>Remember, practice makes perfect. The more you work with Kubernetes, the more adept you'll become at identifying and solving deployment issues.</p> kubernetes devops How to deploy and manage a RabbitMQ cluster on Amazon EKS using Terraform and Helm Ashiqur Rahman Tue, 16 Jan 2024 15:14:51 +0000 https://dev.to/ashiqursuperfly/how-to-deploy-and-manage-a-rabbitmq-cluster-on-amazon-eks-using-terraform-and-helm-2g3g https://dev.to/ashiqursuperfly/how-to-deploy-and-manage-a-rabbitmq-cluster-on-amazon-eks-using-terraform-and-helm-2g3g <p>In this blog post, we will dive into deploying and managing RabbitMQ on Kubernetes with the powerful combination of Terraform and Helm. As businesses increasingly embrace microservices architecture, efficient message queuing becomes paramount, and RabbitMQ emerges as a robust solution. In this guide, we'll walk you through the step-by-step process of setting up RabbitMQ on a Kubernetes cluster, leveraging the infrastructure-as-code capabilities of Terraform and the Kubernetes package manager Helm.</p> <h2> When should you consider deploying RabbitMQ on Kubernetes </h2> <p>There are a few different ways you can leverage RabbitMQ for </p> <h3> You can deploy RabbitMQ on a single cloud VM (e.g: on an EC2 machine) </h3> <ul> <li>This option can be suitable for you in some cases but it has the obvious disadvantage of having to patch, secure, and monitor RabbitMQ all by yourself. </li> <li>Also, a single-node RabbitMQ may not be the most optimal solution for you since, it will not be highly available, fault-tolerant, or scalable. </li> <li>Furthermore, you would probably need a few RabbitMQ instances for different services. Let's say you need ten independent RabbitMQ instances for ten independent services in your microservices. What if this number (10) can change quite rapidly? In these sorts of circumstances, it would be increasingly difficult to operate these instances for your DevOps team.</li> </ul> <h3> Use a cloud provider-managed RabbitMQ e.g. <a href="https://aws.amazon.com/amazon-mq/" rel="noopener noreferrer">AmazonMQ</a>. </h3> <p>While AmazonMQ does most of the heavy lifting for you out of the box, you might want to avoid it due to reasons such as </p> <ul> <li>cost </li> <li>avoiding a vendor lock-in</li> </ul> <h3> Deploy it on Kubernetes! </h3> <p>This is exactly what we are going to do today and we will see how effectively this solution deals with most of the problems we discussed in the other two options we discussed.</p> <h2> Challenges with deploying RabbitMQ on a Kubernetes cluster: </h2> <h4> How should we persist RabbitMQ state? </h4> <p>We are gonna be using Kubernetes <a href="https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/" rel="noopener noreferrer">StatefulSets</a> and <a href="https://kubernetes.io/docs/concepts/storage/persistent-volumes/" rel="noopener noreferrer">PersistentVolumes</a> to solve this problem. When a StatefulSet creates a pod, it automatically creates a PVC (persistent volume claim) for that pod based on the template defined in the StatefulSet's volumeClaimTemplates field. The PVC ensures that the pod has access to persistent storage, and the associated PV is dynamically provisioned or statically bound based on the storage class and other specifications. The StatefulSet ensures that each pod receives a unique identifier in the form of an ordinal index, and this identifier is used to create a unique PVC for each pod. Furthermore, StatefulSets provides stable network identities for pods. This is essential for stateful applications that might rely on predictable network addresses or hostnames. The stable network identity allows for services, applications, or other components to consistently locate and communicate with stateful pods, even if they are rescheduled or re-created.</p> <h4> How should the different nodes in a RabbitMQ cluster communicate with each other inside Kubernetes? </h4> <p>StatefulSets explained above already solves half of the problem and the other half is gonna be solved by <a href="https://kubernetes.io/docs/concepts/services-networking/service/#headless-services" rel="noopener noreferrer">Headless-Services</a>. A headless service is a service without a cluster IP, and it is used to create DNS records for the pods it selects. Each selected pod gets its unique DNS record based on the service name. The RabbitMQ pods can directly communicate with each pod using its unique DNS name to register and de-register pods in the cluster.</p> <p>Log lines when the process takes place:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> 2024-01-16 13:11:18.176142+00:00 [warning] &lt;0.731.0&gt; Peer discovery: node rabbit@dev-my-service-a-rabbitmq-1.dev-my-service-a-rabbitmq-headless.rabbitmq.svc.cluster.local is unreachable 2024-01-16 13:11:28.194766+00:00 [info] &lt;0.544.0&gt; node 'rabbit@dev-my-service-a-rabbitmq-1.dev-my-service-a-rabbitmq-headless.rabbitmq.svc.cluster.local' up 2024-01-16 13:11:33.074253+00:00 [info] &lt;0.544.0&gt; rabbit on node 'rabbit@dev-my-service-a-rabbitmq-1.dev-my-service-a-rabbitmq-headless.rabbitmq.svc.cluster.local' up </code></pre> </div> <h4> How should we automate the provisioning of as many RabbitMQ instances as our applications need? </h4> <ul> <li>We will write a Terraform module that will take a list of configurations for each required RabbitMQ instance. Luckily for us, we don't have to write the Kubernetes yaml configurations since the <a href="https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq" rel="noopener noreferrer">helm charts by Bitnami</a> does a great job of doing all the things we discussed above. All we need to do is leverage <a href="https://registry.terraform.io/providers/hashicorp/helm/latest/docs" rel="noopener noreferrer">Terraform Helm Provider</a> and deploy the chart with the required values for our use case.</li> </ul> <h2> Terraform module to provision a list of RabbitMQ instances </h2> <ul> <li>Defining the list of RabbitMQ instances each of our applications needs in a yaml file. Here's how it might look like:</li> </ul> <h4> instances.yaml </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">nlb_subnets</span><span class="pi">:</span> <span class="s2">"</span><span class="s">subnet-0123456789a</span><span class="se">\\</span><span class="s">,</span><span class="nv"> </span><span class="s">subnet-0123456789b</span><span class="se">\\</span><span class="s">,</span><span class="nv"> </span><span class="s">subnet-0123456789c"</span> <span class="na">instances</span><span class="pi">:</span> <span class="na">my-service-a-rabbit</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">service-a-admin</span> <span class="na">password</span><span class="pi">:</span> <span class="s">aws-kms-encrypted-super-secret-password-a</span> <span class="na">image_registry</span><span class="pi">:</span> <span class="s">docker.io</span> <span class="na">image_repository</span><span class="pi">:</span> <span class="s">bitnami/rabbitmq</span> <span class="na">image_version</span><span class="pi">:</span> <span class="s">3.12.12</span> <span class="na">replica_count</span><span class="pi">:</span> <span class="m">3</span> <span class="na">my-service-b-rabbit</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">service-b-admin</span> <span class="na">password</span><span class="pi">:</span> <span class="s">aws-kms-encrypted-super-secret-password-b</span> <span class="na">replica_count</span><span class="pi">:</span> <span class="m">2</span> <span class="na">my-service-c-rabbit</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">service-a-admin</span> <span class="na">password</span><span class="pi">:</span> <span class="s">aws-kms-encrypted-super-secret-password-c</span> <span class="na">replica_count</span><span class="pi">:</span> <span class="m">2</span> <span class="na">my-service-d-rabbit</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">service-b-admin</span> <span class="na">password</span><span class="pi">:</span> <span class="s">aws-kms-encrypted-super-secret-password-d</span> <span class="na">replica_count</span><span class="pi">:</span> <span class="m">4</span> </code></pre> </div> <p>Here, <code>nlb_subnets</code> is a list of subnet IDs that we would require to create a Network Load Balancer. These can be public or private subnets depending on your load balancer's scheme. Here, we are using a Network Load Balancer as an access point for each RabbitMQ instance on the list. You might ask why we need a Network Load Balancer (not an Application Load Balancer)? Well, RabbitMQ clients communicate with RabbitMQ servers using the <code>amqp://</code> protocol, and Application Load Balancers can only balance <code>HTTP</code> or <code>HTTPS</code> traffic. NLBs can load balance traffic at the TCP layer which does not depend on layer 7 protocols. Please note, we are using <a href="https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/" rel="noopener noreferrer">AWS Load Balancer Controller</a> to provision the AWS load balancers.</p> <ul> <li>Now, we need to make sure our Terraform module can read the yaml file name as a variable and parse it accordingly to set different values Helm would require.</li> </ul> <h4> variables.tf </h4> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="nx">variable</span> <span class="s2">"config_file"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"yaml file containing configuration for all rabbitmq instances"</span> <span class="p">}</span> </code></pre> </div> <h4> main.tf </h4> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="nx">locals</span> <span class="p">{</span> <span class="nx">config</span> <span class="p">=</span> <span class="nx">yamldecode</span><span class="p">(</span><span class="nx">file</span><span class="p">(</span><span class="s2">"${path.root}/conf/${var.config_file}"</span><span class="p">))</span> <span class="nx">instances</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">config</span><span class="p">[</span><span class="s2">"instances"</span><span class="p">]</span> <span class="nx">subnets</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">config</span><span class="p">[</span><span class="s2">"nlb_subnets"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">data</span> <span class="s2">"aws_kms_secrets"</span> <span class="s2">"decrypt_password"</span> <span class="p">{</span> <span class="nx">for_each</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">instances</span> <span class="nx">secret</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"master_password"</span> <span class="nx">payload</span> <span class="p">=</span> <span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">password</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"helm_release"</span> <span class="s2">"rabbit"</span> <span class="p">{</span> <span class="nx">for_each</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">instances</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">each</span><span class="p">.</span><span class="nx">key</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="nx">lookup</span><span class="p">(</span><span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="s2">"namespace"</span><span class="p">,</span> <span class="s2">"rabbitmq"</span><span class="p">)</span> <span class="nx">create_namespace</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">timeout</span> <span class="p">=</span> <span class="mi">600</span> <span class="nx">repository</span> <span class="p">=</span> <span class="nx">lookup</span><span class="p">(</span><span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="s2">"chart_repository"</span><span class="p">,</span> <span class="s2">"oci://registry-1.docker.io/bitnamicharts"</span><span class="p">)</span> <span class="nx">chart</span> <span class="p">=</span> <span class="s2">"rabbitmq"</span> <span class="nx">version</span> <span class="p">=</span> <span class="nx">lookup</span><span class="p">(</span><span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="s2">"chart_version"</span><span class="p">,</span> <span class="s2">"12.6.2"</span><span class="p">)</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"auth.username"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">lookup</span><span class="p">(</span><span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="s2">"username"</span><span class="p">,</span> <span class="s2">"rabbit"</span><span class="p">)</span> <span class="p">}</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"auth.password"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">lookup</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">aws_kms_secrets</span><span class="p">.</span><span class="nx">decrypt_password</span><span class="p">,</span> <span class="nx">each</span><span class="p">.</span><span class="nx">key</span><span class="p">,</span> <span class="kc">null</span><span class="p">)</span> <span class="err">!</span><span class="p">=</span> <span class="kc">null</span> <span class="err">?</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_kms_secrets</span><span class="p">.</span><span class="nx">decrypt_password</span><span class="p">[</span><span class="nx">each</span><span class="p">.</span><span class="nx">key</span><span class="p">].</span><span class="nx">plaintext</span><span class="p">[</span><span class="s2">"master_password"</span><span class="p">]</span> <span class="err">:</span> <span class="kc">null</span> <span class="p">}</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"auth.erlangCookie"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">each</span><span class="p">.</span><span class="nx">key</span> <span class="p">}</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"image.registry"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">lookup</span><span class="p">(</span><span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="s2">"image_registry"</span><span class="p">,</span> <span class="s2">"docker.io"</span><span class="p">)</span> <span class="p">}</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"image.repository"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">lookup</span><span class="p">(</span><span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="s2">"image_repository"</span><span class="p">,</span> <span class="s2">"bitnami/rabbitmq"</span><span class="p">)</span> <span class="p">}</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"image.tag"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">lookup</span><span class="p">(</span><span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="s2">"image_version"</span><span class="p">,</span> <span class="s2">"3.12.12"</span><span class="p">)</span> <span class="p">}</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"replicaCount"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">lookup</span><span class="p">(</span><span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="s2">"replica_count"</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="p">}</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"service.type"</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"LoadBalancer"</span> <span class="p">}</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"service.annotations.service</span><span class="err">\\</span><span class="s2">.beta</span><span class="err">\\</span><span class="s2">.kubernetes</span><span class="err">\\</span><span class="s2">.io/aws-load-balancer-type"</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"external"</span> <span class="p">}</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"service.annotations.service</span><span class="err">\\</span><span class="s2">.beta</span><span class="err">\\</span><span class="s2">.kubernetes</span><span class="err">\\</span><span class="s2">.io/aws-load-balancer-nlb-target-type"</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"ip"</span> <span class="p">}</span> <span class="nx">set</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"service.annotations.service</span><span class="err">\\</span><span class="s2">.beta</span><span class="err">\\</span><span class="s2">.kubernetes</span><span class="err">\\</span><span class="s2">.io/aws-load-balancer-subnets"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">subnets</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Similarly, override any other values you might need from here: <a href="https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml" rel="noopener noreferrer">https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml</a><br> Consider reading about the <a href="https://www.rabbitmq.com/clustering.html#erlang-cookie" rel="noopener noreferrer">ErlangCookie</a> which is very important for clustered RabbitMQ environments.</p> <ul> <li>Now, we just need to invoke our module like so, ```hcl </li> </ul> <p>module "rabbit" {<br> source = "../modules/rabbitmq-k8s" # make sure you keep the module files accordingly<br> config_file = "instances.yaml"<br> }</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> - Now, we just need to run Terraform plan and apply! ```bash terraform plan -out=plan.out terraform apply plan.out </code></pre> </div> <p>Once the Terraform apply is complete our application clients can start communicating with the RabbitMQ instances using one of the following approaches:<br> I) The ClusterIP service DNS name (only works if your applications are also inside the same cluster)<br> II) The NLB hostname<br> III) If you don't prefer using the NLB hostnames, consider using <a href="https://kubernetes-sigs.github.io/external-dns/v0.14.0/" rel="noopener noreferrer">External-DNS</a> to attach a custom domain name</p> <p>And that's all folks! <em>Feel free to comment if you have any questions.</em> If you found this post helpful, CLICK BELOW πŸ‘‡ <a href="https://www.buymeacoffee.com/ashiqurrahman" rel="noopener noreferrer"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.buymeacoffee.com%2Fassets%2Fimg%2Fcustom_images%2Forange_img.png" alt="Buy Me A Beer"></a></p> rabbitmq kubernetes helm terraform Optimize EC2 cost by scheduling instances using EventBridge scheduler and Lambda Ashiqur Rahman Mon, 03 Jul 2023 09:26:23 +0000 https://dev.to/ashiqursuperfly/optimize-ec2-cost-by-scheduling-instances-using-eventbridge-scheduler-and-lambda-50fo https://dev.to/ashiqursuperfly/optimize-ec2-cost-by-scheduling-instances-using-eventbridge-scheduler-and-lambda-50fo <p>Scheduling EC2 instances is a crucial step in AWS cost optimization. Because EC2 instances are invoiced by the hour or second depending on their usage, running instances constantly even when they are not in use can quickly add up to excessive costs. Organizations can connect their use of EC2 instances with actual business needs by putting in place a well-thought-out scheduling strategy, ensuring that instances are only operational during necessary times. By minimizing idling time, eliminating pointless fees, and increasing the effective use of computing resources, this strategy enables significant cost reductions. Companies can successfully control their AWS spending while still meeting operational expectations by dynamically scheduling instances to turn on and off at precise times.</p> <p>In one of my side hustles, I stumbled upon a situation where we need to provision some new EC2 instances for an accounting software. We already purchased some reserved instances for our web applications that need to be running 24/7 and did not want to buy any more of them. Since, the accounting software will only be used during 9-5 work hours, we decided to schedule the EC2 instances to run only during the active hours. In this post, I'll show you the easiest way (imo) to achieve this behaviour.</p> <p>If you look it up on Google, you might find this <a href="https://docs.aws.amazon.com/solutions/latest/instance-scheduler-on-aws/solution-overview.html">cloudformation-template</a>. However, when i really took a deeper dive into this, I felt like this is quite overkill for something so simple as stopping instances for specific hours in the day. So, i decided to write my own solution using just <code>lambda</code> and <code>EventBridge-Scheduler</code>.</p> <h2> Step 1: Lambda </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">json</span> <span class="kn">import</span> <span class="nn">boto3</span> <span class="kn">from</span> <span class="nn">datetime</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="c1"># operating hours are specified in Asia/BD GMT+6 time </span><span class="n">config</span> <span class="o">=</span> <span class="p">{</span> <span class="s">"frontend"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"instance_id"</span><span class="p">:</span> <span class="s">"i-0b395375beefed021b"</span><span class="p">,</span> <span class="s">"non_operating_hours"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"start"</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="s">"end"</span><span class="p">:</span> <span class="mi">6</span> <span class="p">}</span> <span class="p">},</span> <span class="s">"backend"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"instance_id"</span><span class="p">:</span> <span class="s">"i-054281d348bbf103165"</span><span class="p">,</span> <span class="s">"non_operating_hours"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"start"</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="s">"end"</span><span class="p">:</span> <span class="mi">6</span> <span class="p">}</span> <span class="p">},</span> <span class="s">"accounts"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"instance_id"</span><span class="p">:</span> <span class="s">"i-0fb10809264e10342"</span><span class="p">,</span> <span class="s">"non_operating_hours"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"start"</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="s">"end"</span><span class="p">:</span> <span class="mi">9</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">get_instance_state</span><span class="p">(</span><span class="n">instance_id</span><span class="p">):</span> <span class="n">ec2_client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="n">client</span><span class="p">(</span><span class="s">'ec2'</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">ec2_client</span><span class="p">.</span><span class="n">describe_instances</span><span class="p">(</span><span class="n">InstanceIds</span><span class="o">=</span><span class="p">[</span><span class="n">instance_id</span><span class="p">])</span> <span class="n">reservations</span> <span class="o">=</span> <span class="n">response</span><span class="p">[</span><span class="s">'Reservations'</span><span class="p">]</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">reservations</span><span class="p">:</span> <span class="k">print</span><span class="p">(</span><span class="s">"No reservations found for the provided instance ID."</span><span class="p">)</span> <span class="k">return</span> <span class="n">instances</span> <span class="o">=</span> <span class="n">reservations</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="s">'Instances'</span><span class="p">]</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">instances</span><span class="p">:</span> <span class="k">print</span><span class="p">(</span><span class="s">"No instances found for the provided instance ID."</span><span class="p">)</span> <span class="k">return</span> <span class="k">return</span> <span class="n">instances</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="s">'State'</span><span class="p">][</span><span class="s">'Name'</span><span class="p">]</span> <span class="k">def</span> <span class="nf">start_instance</span><span class="p">(</span><span class="n">instance_id</span><span class="p">):</span> <span class="n">ec2_client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="n">client</span><span class="p">(</span><span class="s">'ec2'</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">ec2_client</span><span class="p">.</span><span class="n">start_instances</span><span class="p">(</span><span class="n">InstanceIds</span><span class="o">=</span><span class="p">[</span><span class="n">instance_id</span><span class="p">])</span> <span class="k">return</span> <span class="n">response</span> <span class="k">def</span> <span class="nf">stop_instance</span><span class="p">(</span><span class="n">instance_id</span><span class="p">):</span> <span class="n">ec2_client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="n">client</span><span class="p">(</span><span class="s">'ec2'</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">ec2_client</span><span class="p">.</span><span class="n">stop_instances</span><span class="p">(</span><span class="n">InstanceIds</span><span class="o">=</span><span class="p">[</span><span class="n">instance_id</span><span class="p">])</span> <span class="k">return</span> <span class="n">response</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">current_hour</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="n">now</span><span class="p">().</span><span class="n">hour</span> <span class="k">print</span><span class="p">(</span><span class="sa">f</span><span class="s">'Executing on BD hour </span><span class="si">{</span><span class="n">current_hour</span><span class="si">}</span><span class="s">'</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">instance_name</span><span class="p">,</span> <span class="n">conf</span> <span class="ow">in</span> <span class="n">config</span><span class="p">.</span><span class="n">items</span><span class="p">():</span> <span class="n">instance_id</span> <span class="o">=</span> <span class="n">conf</span><span class="p">[</span><span class="s">'instance_id'</span><span class="p">]</span> <span class="n">instance_state</span> <span class="o">=</span> <span class="n">get_instance_state</span><span class="p">(</span><span class="n">instance_id</span><span class="p">)</span> <span class="n">start</span> <span class="o">=</span> <span class="n">conf</span><span class="p">[</span><span class="s">'non_operating_hours'</span><span class="p">][</span><span class="s">'start'</span><span class="p">]</span> <span class="n">end</span> <span class="o">=</span> <span class="n">conf</span><span class="p">[</span><span class="s">'non_operating_hours'</span><span class="p">][</span><span class="s">'end'</span><span class="p">]</span> <span class="k">if</span> <span class="n">current_hour</span> <span class="o">&gt;=</span> <span class="n">start</span> <span class="ow">and</span> <span class="n">current_hour</span> <span class="o">&lt;=</span> <span class="n">end</span><span class="p">:</span> <span class="n">is_stopped</span> <span class="o">=</span> <span class="s">'stop'</span> <span class="ow">in</span> <span class="n">instance_state</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">is_stopped</span><span class="p">:</span> <span class="n">res</span> <span class="o">=</span> <span class="n">stop_instance</span><span class="p">(</span><span class="n">instance_id</span><span class="p">)</span> <span class="n">results</span><span class="p">.</span><span class="n">append</span><span class="p">(</span> <span class="p">{</span> <span class="s">'action'</span><span class="p">:</span> <span class="s">"Stop"</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">is_stopped</span> <span class="k">else</span> <span class="sa">f</span><span class="s">"Already </span><span class="si">{</span><span class="n">instance_state</span><span class="si">}</span><span class="s">"</span><span class="p">,</span> <span class="s">'conf'</span><span class="p">:</span> <span class="n">conf</span> <span class="p">}</span> <span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">is_running</span> <span class="o">=</span> <span class="s">'run'</span> <span class="ow">in</span> <span class="n">instance_state</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">is_running</span><span class="p">:</span> <span class="n">res</span> <span class="o">=</span> <span class="n">start_instance</span><span class="p">(</span><span class="n">instance_id</span><span class="p">)</span> <span class="n">results</span><span class="p">.</span><span class="n">append</span><span class="p">(</span> <span class="p">{</span> <span class="s">'action'</span><span class="p">:</span> <span class="s">"Start"</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">is_running</span> <span class="k">else</span> <span class="sa">f</span><span class="s">"Already </span><span class="si">{</span><span class="n">instance_state</span><span class="si">}</span><span class="s">"</span><span class="p">,</span> <span class="s">'conf'</span><span class="p">:</span> <span class="n">conf</span> <span class="p">}</span> <span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="n">dumps</span><span class="p">(</span><span class="n">results</span><span class="p">)</span> <span class="k">print</span><span class="p">(</span><span class="n">response</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="s">'statusCode'</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="s">'body'</span><span class="p">:</span> <span class="n">response</span> <span class="p">}</span> </code></pre> </div> <p>Please note that, this lambda code may or may not be a basic chatgpt dump 🀐 and there is huge room for improvement :) Feel free to improve it yourself as needed.</p> <h2> Step 2: Create EventBridge schedule </h2> <p>AWS EventBridge supports cron expression based schedulers which happens to be just perfect for this use case. So, we decided to use it.<br> We can create the schedule either using Terraform, AWS CLI or AWS console.<br> For example, the terraform code will look sth like this,<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"eventbridge"</span> <span class="p">{</span> <span class="nx">create_bus</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">rules</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">crons</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Trigger for EC2StartStop Lambda"</span> <span class="nx">schedule_expression</span> <span class="p">=</span> <span class="s2">"rate(1 hours)"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">targets</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">crons</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"EC2StartStopLambda-Target-Cron"</span> <span class="nx">arn</span> <span class="p">=</span> <span class="nx">your_lambda_function_arn</span> <span class="nx">input</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="err">(</span><span class="p">{</span> <span class="s2">"job"</span> <span class="err">:</span> <span class="s2">"cron-by-rate"</span> <span class="p">}</span><span class="err">)</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p>Now, every 1 hour our scheduler will trigger the lambda function and our lambda function will determine whether an instance should be up during that hour or not. This solution takes about 5minutes to setup but has the potential to reduce your compute bills by a significant margin (in my case, we reduced about 600 USD per month).</p> <p>If you found this post helpful, CLICK BELOW πŸ‘‡ <a href="https://www.buymeacoffee.com/ashiqurrahman"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--oG7WSZ_n--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png" alt="Buy Me A Beer" width="170" height="37"></a></p> aws lambda devops Automate Jenkins Job builds with Python Ashiqur Rahman Fri, 16 Jun 2023 09:36:12 +0000 https://dev.to/ashiqursuperfly/automate-jenkins-job-builds-with-python-5ee9 https://dev.to/ashiqursuperfly/automate-jenkins-job-builds-with-python-5ee9 <p>We often come across a situation when we have to manually run a Jenkins job many times each possibly having different parameters. One way to do it is using the Jenkins UI and pressing the <code>build with parameters</code> button each time and passing on the parameter values each time. This can be quite tiresome and repetitive. Fortunately, I am too Lazy to do it like that xD. So, I found another way, we can trigger the Jenkins jobs using the Jenkins REST API. In this post, we will demonstrate how to design our Jenkins jobs effectively for this purpose and use <code>python</code> to make use of the Jenkins API to automate triggering a huge number of jobs and then take a chill pill :)</p> <h2> Step 1: Enable Triggering Jenkins jobs from remote scripts </h2> <p>Navigate to your Jenkins Job configuration page and scroll down to the <code>Build Triggers</code> option. Enable the <code>Trigger builds remotely (e.g., from scripts)</code> flag and put some secret string in the <code>Authentication Token</code> field.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fikv3ijrrqpfaxopoz8fk.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fikv3ijrrqpfaxopoz8fk.png" alt="Trigger builds remotely in Jenkins"></a></p> <h2> Step 2: Parameterize Job -&gt; GIT SCM (BRANCH, REPO ETC.) </h2> <p>We need to make our Job bash script read from parameters we passed in to the Job so that we can easily control these parameters from our python script. Furthermore, if there's a git repo/branch our Job needs to checkout we can easily control that from python as well.<br> Enable the <code>This project is parameterized</code> flag from the Jenkins job configuration page and add the required parameters like below,<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv23sq235trbyiylkv4wf.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv23sq235trbyiylkv4wf.png" alt="Jenkins Job Parameterize project"></a></p> <p>Jenkins supports various different types of parameters including Strings, Boolean, Choices, File etc. Make sure you are choosing them appropriately for your choice. In my case for example, I had to deploy a bunch of <code>Ansible</code> playbooks to a <code>Kubernetes</code> cluster so, I needed the following parameters:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> PLAYBOOK - name of the yaml ansible playbook file GIT_REPO_ID - git repo to checkout GIT_BRANCH_NAME - branch name of the repo (particularly useful when you are testing/reviewing something on a feature branch) HELM_REPOSITORY - helm repository name that my ansible playbooks needs </code></pre> </div> <p>Now, access these parameters wherever you need inside the Jenkins config using the <code>${PARAM_NAME}</code> syntax.</p> <p>For example my job <code>bash</code> script looks like the one just below where, I am utilizing the <code>PLAYBOOK</code> and <code>HELM_REPOSITORY</code> parameters.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-xe</span> pip3 <span class="nb">install</span> <span class="nt">--quiet</span> <span class="nt">-r</span> requirements.txt <span class="nb">cd </span>ansible <span class="nv">ANSIBLE_FORCE_COLOR</span><span class="o">=</span><span class="nb">true </span>ansible-playbook <span class="nt">-e</span> <span class="s2">"helm_repository=</span><span class="k">${</span><span class="nv">HELM_REPOSITORY</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> playbooks/<span class="k">${</span><span class="nv">PLAYBOOK</span><span class="k">}</span> <span class="nt">-vvvv</span> </code></pre> </div> <p>Here's another example where I am utilizing the GIT SCM parameters,</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8jg8u8hzh7qdiv806ptj.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8jg8u8hzh7qdiv806ptj.png" alt="Jenkins GIT SCM plugin parameters"></a></p> <h2> Step 3: Generate Jenkins Crumb </h2> <p>Jenkins API will need us to pass in a <code>Jenkins-Crumb</code> header to our requests. Therefore, we need to generate this crumb value from the Jenkins CrumbIssuer before making the actual build trigger requests. Here's how we can generate the Jenkins Crumb using python:</p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="k">def</span> <span class="nf">jenkins_crumb</span><span class="p">():</span> <span class="n">session</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">session</span><span class="p">.</span><span class="n">auth</span> <span class="o">=</span> <span class="p">(</span><span class="sh">"</span><span class="s">&lt;JENKINS_USERNAME&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">&lt;JENKINS_USER_PASSWORD&gt;</span><span class="sh">"</span><span class="p">)</span> <span class="n">crumb</span> <span class="o">=</span> <span class="n">session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://&lt;YOUR_JENKINS_BASE_URL&gt;/crumbIssuer/api/json</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">crumb</span><span class="p">.</span><span class="n">request</span><span class="p">.</span><span class="n">headers</span><span class="p">[</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">],</span> <span class="n">crumb</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">crumb</span><span class="sh">"</span><span class="p">]</span> </code></pre> </div> <h2> Step 4: Trigger Jenkins Job from Python </h2> <p>Now, we can finally trigger our job from python scripts. Here's an example,</p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="n">TOKEN</span> <span class="o">=</span> <span class="sh">"</span><span class="s">&lt;YOUR_AUTH_TOKEN&gt;</span><span class="sh">"</span> <span class="c1"># the token value you set in STEP-1 </span> <span class="k">def</span> <span class="nf">deploy_service</span><span class="p">(</span> <span class="n">service_name</span><span class="p">,</span> <span class="n">playbook</span><span class="p">,</span> <span class="n">branch</span><span class="o">=</span><span class="sh">"</span><span class="s">master</span><span class="sh">"</span><span class="p">,</span> <span class="n">repo</span><span class="o">=</span><span class="sh">"</span><span class="s">ashiqursuperfly/jenkins-job-config</span><span class="sh">"</span><span class="p">,</span> <span class="n">chart_repo</span><span class="o">=</span><span class="sh">"</span><span class="s">ashiqursuperfly-portfolio-dev</span><span class="sh">"</span> <span class="p">):</span> <span class="n">JOB_URL</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">https://&lt;YOUR_JENKINS_BASE_URL&gt;/job/&lt;YOUR_JENKINS_JOBNAME&gt;/buildWithParameters?token=</span><span class="si">{</span><span class="n">TOKEN</span><span class="si">}</span><span class="sh">"</span> <span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">JOB_URL</span><span class="si">}</span><span class="s">&amp;PLAYBOOK=</span><span class="si">{</span><span class="n">playbook</span><span class="si">}</span><span class="s">&amp;GIT_BRANCH_NAME=</span><span class="si">{</span><span class="n">branch</span><span class="si">}</span><span class="s">&amp;GIT_REPO_ID=</span><span class="si">{</span><span class="n">repo</span><span class="si">}</span><span class="s">&amp;HELM_REPOSITORY=</span><span class="si">{</span><span class="n">chart_repo</span><span class="si">}</span><span class="sh">"</span> <span class="n">cookie</span><span class="p">,</span> <span class="n">crumb</span> <span class="o">=</span> <span class="nf">jenkins_crumb</span><span class="p">()</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">Jenkins-Crumb</span><span class="sh">"</span><span class="p">:</span> <span class="n">crumb</span><span class="p">}</span> <span class="n">session</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">session</span><span class="p">.</span><span class="n">auth</span> <span class="o">=</span> <span class="p">(</span><span class="sh">"</span><span class="s">&lt;JENKINS_USERNAME&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">&lt;JENKINS_USER_PASSWORD&gt;</span><span class="sh">"</span><span class="p">)</span> <span class="n">res</span> <span class="o">=</span> <span class="n">session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">url</span><span class="o">=</span><span class="n">url</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">)</span> <span class="k">if</span> <span class="n">res</span><span class="p">.</span><span class="n">ok</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Started deploy job for service </span><span class="si">{</span><span class="n">service_name</span><span class="si">}</span><span class="s"> with playbook </span><span class="si">{</span><span class="n">playbook</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Error deploy job for service </span><span class="si">{</span><span class="n">service_name</span><span class="si">}</span><span class="s"> with playbook </span><span class="si">{</span><span class="n">playbook</span><span class="si">}</span><span class="se">\n</span><span class="si">{</span><span class="n">res</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span> <span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="n">list_of_service</span> <span class="o">=</span> <span class="nf">list_services</span><span class="p">()</span> <span class="k">for</span> <span class="n">service</span> <span class="ow">in</span> <span class="n">list_of_service</span><span class="p">:</span> <span class="n">res</span><span class="p">,</span> <span class="n">playbook</span> <span class="o">=</span> <span class="nf">get_playbook_name</span><span class="p">(</span><span class="n">service</span><span class="p">)</span> <span class="nf">deploy_service</span><span class="p">(</span><span class="n">service</span><span class="p">,</span> <span class="n">playbook</span><span class="p">)</span> <span class="nf">sleep</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span> </code></pre> </div> <p>Now, we can invoke the following method as many times as we want. In my case, I just looped through my list of services to deploy and invoked this method for each service and just watched Jenkins complete all the tedious work for me as I sipped my coffee, basked in the brightness of my monitor's light, and wondered why life is so simple when you can't stop thinking automation πŸ€“</p> <p>If you found this post helpful, CLICK BELOW πŸ‘‡ <a href="https://www.buymeacoffee.com/ashiqurrahman" rel="noopener noreferrer"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.buymeacoffee.com%2Fassets%2Fimg%2Fcustom_images%2Forange_img.png" alt="Buy Me A Beer"></a></p> jenkins python automation ansible EKS multiple Kubernetes version upgrade using Terraform Ashiqur Rahman Sun, 04 Jun 2023 12:01:16 +0000 https://dev.to/ashiqursuperfly/eks-multiple-kubernetes-version-jump-using-terraform-lp7 https://dev.to/ashiqursuperfly/eks-multiple-kubernetes-version-jump-using-terraform-lp7 <p>Recently, We found ourselves using Kubernetes <code>1.22</code> for our EKS clusters at work. As of <em>June 4</em>, K8s <code>1.22</code> will be deprecated for EKS and AWS recommends migrating to atleast <code>1.23</code>. Since, we seem to be forced to upgrade every few months, we decided we should explore upgrading to K8s <code>1.26</code> if possible in one go. <br> However, there's one big issue we need to solve in order to migrate to <code>1.26</code> directly. Clusters managed by EKS can only be upgraded one minor version at a time, so if you are currently at <code>1.22</code>, you can upgrade to <code>1.23</code>. If you are on a lower version like <code>1.20</code>, you could upgrade to <code>1.21</code>, then <code>1.22</code>, then <code>1.23</code>. </p> <p>In this post, I'll discuss how we attempted to gracefully navigate this problem.</p> <p>First of all, we manage our EKS cluster configuration using Terraform. <br> Our terraform configuration for EKS module looks sth like this,<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"eks"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"terraform-aws-modules/eks/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"19.5.1"</span> <span class="nx">cluster_name</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">cluster_name</span> <span class="nx">cluster_version</span> <span class="p">=</span> <span class="s2">"1.21"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">vpc_id</span> <span class="nx">subnet_ids</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">private_subnets</span> <span class="nx">cluster_endpoint_public_access</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">eks_managed_node_groups</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">one</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"node-group-1"</span> <span class="nx">asg_desired_capacity</span> <span class="p">=</span> <span class="mi">2</span> <span class="nx">asg_min_size</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">asg_max_size</span> <span class="p">=</span> <span class="mi">4</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="nx">m6a</span><span class="p">.</span><span class="nx">large</span> <span class="nx">ami_id</span> <span class="p">=</span> <span class="s2">"Select EKS-Optimized-AMI-here: https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html"</span> <span class="p">}</span> <span class="nx">two</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"node-group-2"</span> <span class="nx">asg_desired_capacity</span> <span class="p">=</span> <span class="mi">2</span> <span class="nx">asg_min_size</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">asg_max_size</span> <span class="p">=</span> <span class="mi">4</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="nx">m6a</span><span class="p">.</span><span class="nx">xlarge</span> <span class="nx">ami_id</span> <span class="p">=</span> <span class="s2">"Select EKS-Optimized-AMI-here: https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Typically the upgrade steps look something like this, </h3> <ol> <li> <p>Update the <code>version</code> and <code>linux_ami</code> to the version you want to upgrade</p> <p>a. <code>linux_ami</code> for the version can be found <a href="https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html" rel="noopener noreferrer">here</a>. Choose the k8s version and x86 AMI.<br> b. Apply the changes in terraform, this can take 1hour or longer.</p> </li> <li> <p>Run an <a href="https://console.aws.amazon.com/ec2autoscaling/home?region=us-east-1#/details" rel="noopener noreferrer">instance refresh</a> for the autoscaling group the k8s belongs to. You can start the instance refresh either from AWS console or if you would want to automate this step for each of the ASGs. You can do sth like this,<br> </p> <pre class="highlight shell"><code><span class="k">for </span>line <span class="k">in</span> <span class="si">$(</span>aws autoscaling describe-auto-scaling-groups <span class="nt">--auto-scaling-group-names</span> | <span class="nb">grep </span>AutoScalingGroupName | <span class="nb">sed</span> <span class="s1">'s/\\"AutoScalingGroupName\\": //'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/^\\s+//'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/\\"//'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/\\"//'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/\\,//'</span> | <span class="nb">grep </span>spot-group<span class="si">)</span><span class="p">;</span> <span class="k">do </span>aws autoscaling start-instance-refresh <span class="se">\\</span> <span class="nt">--auto-scaling-group-name</span> <span class="nv">$line</span> <span class="se">\\</span> <span class="nt">--preferences</span> <span class="s1">'{"MinHealthyPercentage": 99, "InstanceWarmup": 300, "SkipMatching": false}'</span> <span class="k">done</span> </code></pre> </li> <li><p>Upgrade CoreDNS, Kubeproxy, Amazon VPC CNI and other related deployments</p></li> <li><p>Upgrade Helm <a href="https://helm.sh/docs/topics/version_skew/#:&lt;/sub&gt;:text=It%20is%20not%20recommended%20to,it%20at%20your%20own%20risk" rel="noopener noreferrer">(Helm Releases)</a></p></li> <li><p>Upgrade Kubectl <a href="https://kubernetes.io/releases/version-skew-policy/#kubectl" rel="noopener noreferrer">(Kubectl Version Policy)</a> and python Kubernetes client <a href="https://github.com/kubernetes-client/python#compatibility" rel="noopener noreferrer">(Python Kubernetes Compatibility)</a></p></li> </ol> <blockquote> <p>For ASGs that have a large number of nodes the instance refresh takes quite long therefore, that's the step that takes the longest time. Furthermore, we run our instance refreshes with <code>"MinHealthyPercentage": 99</code> to ensure zero to minimal downtime during the upgrade. This comes at the cost of the instance refresh taking even longer.</p> </blockquote> <p>However, <em>as long as the instance refresh is not running the autoscaling groups will not replace the older version nodes which means your deployments will keep on working perfectly in between the cluster version upgrades.</em> </p> <p>Which leads us to the solution,</p> <blockquote> <p>If we have to make multiple version jumps we can do it quite quickly by running the instance refresh only once after upgrading the cluster to latest version.</p> </blockquote> <p>Here's a sample of what the process might look like:</p> <ol> <li>Upgrade to K8s 1.23 and update node AMI. Apply using Terraform.</li> <li>Upgrade to K8s 1.24 and update node AMI. Apply using Terraform.</li> <li>Repeat untill you reach desired version</li> <li>Run Instance Refresh</li> <li>Upgrade kubeproxy, coredns and other related deployments/add-ons to the latest compatible versions</li> <li>Upgrade Helm, Kubectl and python kubernetes client to latest compatible versions</li> </ol> <p>Voila!</p> <p>If you found this post helpful, CLICK BELOW πŸ‘‡ <a href="https://www.buymeacoffee.com/ashiqurrahman" rel="noopener noreferrer"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.buymeacoffee.com%2Fassets%2Fimg%2Fcustom_images%2Forange_img.png" alt="Buy Me A Beer" width="170" height="37"></a></p> aws terraform kubernetes Python script to find unused EC2 subnets Ashiqur Rahman Sun, 04 Jun 2023 10:57:47 +0000 https://dev.to/ashiqursuperfly/python-script-to-find-unused-ec2-subnets-4l23 https://dev.to/ashiqursuperfly/python-script-to-find-unused-ec2-subnets-4l23 <p>Recently, I was working on managing all VPC related resources using Terraform for all our AWS accounts. For one of the accounts, I stumbled upon a rather unpleasant situation where I saw a few hundred subnets in a region and I was left wondering whether all these subnets are actually in use. </p> <p>Since, I am too lazy to go through them one by one manually, I wrote a python script to check which of these subnets are actually serving a purpose i.e has an ENI attached to it.</p> <h3> Step 1: List all subnets in our VPC </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">subprocess</span> <span class="kn">import</span> <span class="nn">json</span> <span class="k">def</span> <span class="nf">list_subnets</span><span class="p">(</span><span class="n">vpc_id</span><span class="p">):</span> <span class="n">subnets</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="n">loads</span><span class="p">(</span><span class="n">subprocess</span><span class="p">.</span><span class="n">getoutput</span><span class="p">(</span><span class="s">'aws ec2 describe-subnets'</span><span class="p">))[</span><span class="s">'Subnets'</span><span class="p">]</span> <span class="k">def</span> <span class="nf">_filter</span><span class="p">(</span><span class="n">subnet</span><span class="p">):</span> <span class="k">if</span> <span class="n">subnet</span><span class="p">[</span><span class="s">'VpcId'</span><span class="p">]</span> <span class="o">==</span> <span class="n">vpc_id</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">def</span> <span class="nf">_map</span><span class="p">(</span><span class="n">subnet</span><span class="p">):</span> <span class="n">tags</span> <span class="o">=</span> <span class="n">subnet</span><span class="p">[</span><span class="s">'Tags'</span><span class="p">]</span> <span class="n">name</span> <span class="o">=</span> <span class="s">''</span> <span class="k">for</span> <span class="n">tag</span> <span class="ow">in</span> <span class="n">tags</span><span class="p">:</span> <span class="k">if</span> <span class="n">tag</span><span class="p">[</span><span class="s">'Key'</span><span class="p">]</span> <span class="o">==</span> <span class="s">'Name'</span><span class="p">:</span> <span class="n">name</span> <span class="o">=</span> <span class="n">tag</span><span class="p">[</span><span class="s">'Value'</span><span class="p">]</span> <span class="k">return</span> <span class="p">{</span> <span class="n">subnet</span><span class="p">[</span><span class="s">'SubnetId'</span><span class="p">]:</span> <span class="p">(</span><span class="n">name</span><span class="p">,</span> <span class="n">subnet</span><span class="p">[</span><span class="s">'CidrBlock'</span><span class="p">],</span> <span class="n">subnet</span><span class="p">[</span><span class="s">'AvailabilityZone'</span><span class="p">],</span> <span class="n">subnet</span><span class="p">[</span><span class="s">'MapPublicIpOnLaunch'</span><span class="p">])</span> <span class="p">}</span> <span class="k">return</span> <span class="nb">list</span><span class="p">(</span><span class="nb">map</span><span class="p">(</span><span class="n">_map</span><span class="p">,</span> <span class="nb">filter</span><span class="p">(</span><span class="n">_filter</span><span class="p">,</span><span class="n">subnets</span><span class="p">)))</span> </code></pre> </div> <h3> Step 2: Check if a subnet has an ENI attached </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">check_if_subnet_has_enis_attached</span><span class="p">(</span><span class="n">subnet_id</span><span class="p">):</span> <span class="n">cmd</span> <span class="o">=</span> <span class="sa">f</span><span class="s">"aws ec2 describe-network-interfaces --filters Name=subnet-id,Values=</span><span class="si">{</span><span class="n">subnet_id</span><span class="si">}</span><span class="s"> --query 'NetworkInterfaces[*].Description'"</span> <span class="n">enis</span> <span class="o">=</span> <span class="nb">list</span><span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="n">loads</span><span class="p">(</span><span class="n">subprocess</span><span class="p">.</span><span class="n">getoutput</span><span class="p">(</span><span class="n">cmd</span><span class="p">)))</span> <span class="k">for</span> <span class="n">eni</span> <span class="ow">in</span> <span class="n">enis</span><span class="p">:</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="nb">str</span><span class="p">(</span><span class="n">eni</span><span class="p">).</span><span class="n">strip</span><span class="p">())</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span> <span class="n">enis</span><span class="p">.</span><span class="n">remove</span><span class="p">(</span><span class="n">eni</span><span class="p">)</span> <span class="k">return</span> <span class="n">enis</span> </code></pre> </div> <h3> Step 3: Find list of all unused subnets </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="s">'__main__'</span><span class="p">:</span> <span class="n">subnets</span> <span class="o">=</span> <span class="n">list_subnets</span><span class="p">()</span> <span class="n">unused</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">subnet</span> <span class="ow">in</span> <span class="n">subnets</span><span class="p">:</span> <span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">subnet</span><span class="p">.</span><span class="n">items</span><span class="p">():</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">check_if_subnet_has_enis_attached</span><span class="p">(</span><span class="n">k</span><span class="p">))</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span> <span class="n">unused</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="n">subnet</span><span class="p">)</span> <span class="k">print</span><span class="p">(</span><span class="n">unused</span><span class="p">)</span> </code></pre> </div> <p>If you found this post helpful, CLICK BELOW πŸ‘‡ <a href="https://www.buymeacoffee.com/ashiqurrahman"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--oG7WSZ_n--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png" alt="Buy Me A Beer" width="170" height="37"></a></p> python aws This AWS CLI command can run instance refresh for auto scaling groups Ashiqur Rahman Wed, 31 May 2023 21:49:39 +0000 https://dev.to/ashiqursuperfly/this-aws-cli-command-can-run-instance-refresh-for-auto-scaling-groups-21j7 https://dev.to/ashiqursuperfly/this-aws-cli-command-can-run-instance-refresh-for-auto-scaling-groups-21j7 <p>Recently, I was working on upgrading Kubernetes versions for all our EKS clusters. The upgrade process is simple, We upgrade the K8s version and instance AMIs from Terraform. Then, we upgrade chart/image version of the different tools we deploy e.g: CoreDNS, ExternalDNS, kubernetes-dashboard, kube-proxy etc. <br> All these steps can be automated ofcourse since we use Terraform. Especially when you have to upgrade a large number of clusters automation becomes absolutely essential. One step that always bothered me is that, you need to run an instance refresh for the autoscaling groups that your K8s worker nodes belong to. Otherwise, your EKS cluster will still be using the older worker nodes (using the older K8s version). Previously, I always did this using the AWS console manually. So, this was always a unwanted manual step in this workflow.<br> Recently, I discovered this AWS CLI command that turns out to be exactly what i was looking for.</p> <p>First you can fetch the autoscaling groups in your account</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> aws autoscaling describe-auto-scaling-groups <span class="nt">--auto-scaling-group-names</span> | <span class="nb">grep </span>AutoScalingGroupName | <span class="nb">sed</span> <span class="s1">'s/\"AutoScalingGroupName\": //'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/^\s+//'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/\"//'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/\"//'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/\,//'</span> | <span class="nb">grep </span>worker </code></pre> </div> <p>Now, we can run the instance refresh for each item in the list using the following command</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="k">for </span>line <span class="k">in</span> <span class="si">$(</span>aws autoscaling describe-auto-scaling-groups <span class="nt">--auto-scaling-group-names</span> | <span class="nb">grep </span>AutoScalingGroupName | <span class="nb">sed</span> <span class="s1">'s/\"AutoScalingGroupName\": //'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/^\s+//'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/\"//'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/\"//'</span> | <span class="nb">sed</span> <span class="nt">-E</span> <span class="s1">'s/\,//'</span> | <span class="nb">grep </span>spot-group<span class="si">)</span><span class="p">;</span> <span class="k">do </span>aws autoscaling start-instance-refresh <span class="se">\</span> <span class="nt">--auto-scaling-group-name</span> <span class="nv">$line</span> <span class="se">\</span> <span class="nt">--preferences</span> <span class="s1">'{"MinHealthyPercentage": 99, "InstanceWarmup": 300, "SkipMatching": false}'</span> <span class="k">done</span> </code></pre> </div> <p>If you found this post helpful, CLICK BELOW πŸ‘‡ <a href="https://www.buymeacoffee.com/ashiqurrahman" rel="noopener noreferrer"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.buymeacoffee.com%2Fassets%2Fimg%2Fcustom_images%2Forange_img.png" alt="Buy Me A Beer"></a></p> aws kubernetes Terraform Unimport : The Terraform command that does not exist ! Ashiqur Rahman Thu, 25 May 2023 20:23:56 +0000 https://dev.to/ashiqursuperfly/terraform-unimport-1inh https://dev.to/ashiqursuperfly/terraform-unimport-1inh <p>Terraform import is a great feature to import existing resources into terraform state. But, what if we accidentally imported some resource into terraform state and we want to unimport them again. <br> Well, terraform does not really have a command/feature that does exactly that but here's one cool trick you can use to quickly unimport some resources from Terraform state.</p> <h3> terraform state rm </h3> <p>While running the terraform command to remove a resource from the state, make sure you quote(<code>'</code>) the resource id appropriately like so,<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform state rm 'module.s3.module.s3_bucket["my-s3-bucket-name"].aws_s3_bucket.this[0]' </code></pre> </div> <p>Terraform state list can often be very long. If you need to remove a group of resources sharing a common name you can use the following bash oneliner,<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform state rm $(terraform state list | grep production-files) </code></pre> </div> <p>For example, the command above will remove a aws_s3_bucket, aws_s3_bucket_policy, aws_s3_bucket_cors_configuration and so on. </p> <h3> Bonus </h3> <p>Utilize the <code>-dry-run</code> flag before performing a potentially destructive operation like this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform state rm 'resource_id' -dry-run </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Acquiring state lock. This may take a few moments... Would remove module.s3.module.s3_bucket["production-files"].aws_s3_bucket.this[0] Releasing state lock. This may take a few moments... </code></pre> </div> <p>Happy Terraforming !</p> <p>Note: This <a href="https://stackoverflow.com/a/75071263/10498418">SO</a> answer i posted recently inspired me to share this here !</p> <p>If you found this post helpful, CLICK BELOW πŸ‘‡ <a href="https://www.buymeacoffee.com/ashiqurrahman"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--oG7WSZ_n--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png" alt="Buy Me A Beer" width="170" height="37"></a></p> terraform devops Quickest way to make vanilla React.js app SEO friendly Ashiqur Rahman Sat, 23 Jul 2022 19:00:46 +0000 https://dev.to/ashiqursuperfly/quickest-way-to-make-vanilla-reactjs-app-seo-friendly-5717 https://dev.to/ashiqursuperfly/quickest-way-to-make-vanilla-reactjs-app-seo-friendly-5717 <p>Have you ever been put up in a situation where you have to make a huge <strong>React.js</strong> app SEO-friendly but you dont have much time in your hand to migrate the app to a framework like <strong>Next.js</strong> or <strong>Gatsby.js</strong> that supports server-side-rendering?<br> This solution im gonna discuss today can really help you server-side-render your react application in just a few minutes using a tool like <strong>Selenium</strong> and a <strong>webserver</strong>.</p> <p><strong>NOTE</strong>: There seems to be a common misinformation on the internet that the library <a href="https://www.npmjs.com/package/react-helmet">React-Helmet</a> is the SEO solution for React. But, <strong>ITS NOT</strong>, atleast not all by it's own. Its important to understand that, React Helmet uses javascript to insert the <code>&lt;meta&gt;</code> tags into the DOM. However, when the google or facebook bot comes to crawl your website, they <strong>don't execute javascript</strong>. Therefore, the page the bots see when they come to your website does not contain the <code>&lt;meta&gt;</code> tags and the bots can't learn much about your site. Another library that works the same way as React-Helmet is <a href="https://www.npmjs.com/package/react-meta-tags">React-Meta-Tags</a>. We would still need a library like this but that will only work after we implement the ideas discussed farther down this post.</p> <p>In my case, the REST API that the React front end was consuming was built using python. So, Im gonna be using the python <a href="https://pypi.org/project/selenium/">Selenium</a> package. But, you can use the idea regardless of which backend technology your project uses. Another thing i want to mention is that, my React app was being served by a Nginx webserver. But again, you should be able to apply the idea which basically just requires you to update the config of whatever webserver you are using. </p> <h3> Solution </h3> <h4> Step 1: Update React App webserver config </h4> <p>As mentioned earlier, the React app i was working on was being served through Nginx. Here's what i changed in the existing Nginx config,<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> location / { set $server_side_render 0; set $server_side_render_host_path api.mydomain.com/v1/ssr/; if ($http_user_agent ~* "googlebot|bingbot|yandex|baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest\/0\.|pinterestbot|slackbot|vkShare|W3C_Validator|whatsapp") { set $server_side_render 1; } if ($uri !~ "^(.*)/(product|category|other_endpoints_i_want_to_be_seo_friendly)(.*)"){ set $server_side_render 0; } if ($server_side_render = 1) { proxy_pass https://$server_side_render_host_path$request_uri; } try_files $uri $uri/ /index.html; } </code></pre> </div> <p>The idea behind the change is that, we want to check when one of the bots of a popular site like Facebook or Google comes to our site, and then delegate those requests to a specific endpoint on our backend API. We are calling this endpoint <code>api.mydomain.com/v1/ssr/</code>. You might be wondering why just send the bots to this endpoint? Why not send everyone? I would not recommend doing it because, obviously it would be super slow for an actual user of your website to go through all this just to receive a response from your site. Luckily, google bot and the other bots have a long enough timeout, so its still fast enough for the bots but not as fast for the real users. If you want to serve server-side-rendered html to all of your users, you should consider migrating to a framework like <strong>Next.js</strong> or <strong>Gatsby.js</strong>. But, thats gonna take a good amount of time too if your React app is large enough which is exactly why i think the aprroach i am discussing in this post is relevant.</p> <h4> Step 2: Add backend API /ssr/ endpoint </h4> <p>Now, that we have sent the bots to this endpoint, we need to serve them javascript rendered html files for their request_uri. This is where Selenium comes in, we can use it just to render html on the backend. Here's how it works,<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">render_html</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">path</span><span class="p">):</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">method</span> <span class="o">!=</span> <span class="s">'GET'</span><span class="p">:</span> <span class="k">return</span> <span class="n">HttpResponse</span><span class="p">(</span><span class="n">status</span><span class="o">=</span><span class="mi">405</span><span class="p">)</span> <span class="c1"># start after 3 letters (s-s-r) </span> <span class="n">idx</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">get_full_path</span><span class="p">().</span><span class="n">find</span><span class="p">(</span><span class="s">'ssr/'</span><span class="p">)</span> <span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="s">"https://www.mydomain.com</span><span class="si">{</span><span class="n">request</span><span class="p">.</span><span class="n">get_full_path</span><span class="p">()[</span><span class="n">idx</span> <span class="o">+</span> <span class="mi">3</span><span class="si">:</span><span class="p">]</span><span class="si">}</span><span class="s">"</span> <span class="n">chrome_options</span> <span class="o">=</span> <span class="n">Options</span><span class="p">()</span> <span class="n">chrome_options</span><span class="p">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s">"--disable-extensions"</span><span class="p">)</span> <span class="n">chrome_options</span><span class="p">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s">"--enable-javascript"</span><span class="p">)</span> <span class="n">chrome_options</span><span class="p">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s">"--headless"</span><span class="p">)</span> <span class="n">chrome_options</span><span class="p">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s">"--no-sandbox"</span><span class="p">)</span> <span class="n">chrome_options</span><span class="p">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s">"--disable-dev-shm-usage"</span><span class="p">)</span> <span class="n">chrome_options</span><span class="p">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s">'--ignore-ssl-errors=yes'</span><span class="p">)</span> <span class="n">chrome_options</span><span class="p">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s">'--ignore-certificate-errors'</span><span class="p">)</span> <span class="n">chrome_options</span><span class="p">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s">'--disable-web-security'</span><span class="p">)</span> <span class="n">chrome_options</span><span class="p">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s">'--enable-logging=stderr --v=1'</span><span class="p">)</span> <span class="c1"># chrome_options.add_experimental_option('w3c', False) </span> <span class="n">chrome_options</span><span class="p">.</span><span class="n">add_argument</span><span class="p">(</span><span class="s">'user-agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36'</span><span class="p">)</span> <span class="n">d</span> <span class="o">=</span> <span class="n">DesiredCapabilities</span><span class="p">.</span><span class="n">CHROME</span> <span class="n">d</span><span class="p">[</span><span class="s">'goog:loggingPrefs'</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span><span class="s">'browser'</span><span class="p">:</span> <span class="s">'ALL'</span><span class="p">}</span> <span class="n">driver</span> <span class="o">=</span> <span class="n">webdriver</span><span class="p">.</span><span class="n">Chrome</span><span class="p">(</span><span class="n">chrome_options</span><span class="o">=</span><span class="n">chrome_options</span><span class="p">,</span> <span class="n">desired_capabilities</span><span class="o">=</span><span class="n">d</span><span class="p">)</span> <span class="n">driver</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="n">url</span><span class="p">)</span> <span class="n">soup</span> <span class="o">=</span> <span class="n">BeautifulSoup</span><span class="p">(</span><span class="n">driver</span><span class="p">.</span><span class="n">page_source</span><span class="p">,</span> <span class="s">'html.parser'</span><span class="p">)</span> <span class="k">for</span> <span class="n">entry</span> <span class="ow">in</span> <span class="n">driver</span><span class="p">.</span><span class="n">get_log</span><span class="p">(</span><span class="s">'browser'</span><span class="p">):</span> <span class="k">print</span><span class="p">(</span><span class="s">'Selenium-Log:'</span><span class="p">,</span> <span class="n">entry</span><span class="p">)</span> <span class="n">meta</span> <span class="o">=</span> <span class="n">soup</span><span class="p">.</span><span class="n">html</span><span class="p">.</span><span class="n">findAll</span><span class="p">(</span><span class="s">'meta'</span><span class="p">)</span> <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">meta</span><span class="p">:</span> <span class="k">print</span><span class="p">(</span><span class="n">item</span><span class="p">)</span> <span class="n">driver</span><span class="p">.</span><span class="n">quit</span><span class="p">()</span> <span class="k">return</span> <span class="n">HttpResponse</span><span class="p">(</span><span class="n">soup</span><span class="p">.</span><span class="n">html</span><span class="p">,</span> <span class="n">content_type</span><span class="o">=</span><span class="s">"text/html"</span><span class="p">)</span> </code></pre> </div> <p>We use chrome webdriver and use the option <code>--enable-javascript</code> to find a javascript rendered html string of the website. This html string will contain the appropriate<code>&lt;meta&gt;</code> tags added by libraries like <code>React-Helmet</code>. Thus, we are sending a server-side-rendered html to the bots that come to our site.</p> <h4> Step 3: Add appropriate tags to the react pages </h4> <p>Now, we can use a library like React-Helmet or React-Meta-Tags to inject the tags for each page.</p> <h4> Step 4: Testing </h4> <p>We can test if the system we designed is working using a tool like <a href="https://developers.facebook.com/tools/debug/">Facebook-Sharing-Debugger</a> to check what the facebook bot sees when it hits one of the SSR enabled endpoints in our website.</p> <p>Voila ! We have successfully tricked the bots into seeing a server-side-rendered html of our site which contains the appropriate <code>&lt;meta&gt;</code> tags used for SEO and SMO.</p> <p>BTW, consider caching these server-side-rendered htmls to make the bots πŸ€– πŸ€– πŸ€– even happier xD </p> react seo Jenkins controller-agent (master-slave) setup in 10 minutes using Docker Ashiqur Rahman Sat, 23 Jul 2022 09:16:00 +0000 https://dev.to/ashiqursuperfly/jenkins-controller-agent-master-slave-setup-in-10-minutes-using-docker-2a78 https://dev.to/ashiqursuperfly/jenkins-controller-agent-master-slave-setup-in-10-minutes-using-docker-2a78 <p>Automation lies at the heart of DevOps. Various automation tools and techniques have truly enabled the concept of continuous integration and continuous delivery. These tools have evolved over the years rapidly but one name that seems to be here forever is <a href="https://www.jenkins.io" rel="noopener noreferrer">Jenkins</a>. </p> <p>We will neither discuss introductory concepts of CI-CD in this post nor waste time showing Jenkins installation steps. If you are new to Jenkins, you can check out the <a href="https://www.jenkins.io/doc/book/installing/" rel="noopener noreferrer">Offical Installation Docs</a> to get started with Jenkins. Therefore, the purpose of this post is to discuss how to setup Jenkins controller-agent architecture (aka master-slave architecture) and address some of the issues that arise when doing it. This is because, the process can be tedious and if you haven't done it in a while, you may end up wasting a few hours.</p> <h3> Why Jenkins Controller-Agent Architecture? </h3> <p>The controller(master) node is Jenkin's brain, it's where the Jenkins application runs. If we do too much work on the controller node (or it crashes), the entire application may become unavailable. Therefore, we want the master to be as available as possible. This can be done by delegating work to agent nodes (slave nodes). So in a Jenkins Controller-Agent architecture, the jobs are scheduled and assigned to agents by the controller. The controller also keeps track of whether the slaves are online, retrieve their responses of the build results, and outputs the build results on the console. Thus, the master node is more available and hence the overall performance of our Jenkins server is improved using this design.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvky0g07uaucmnft6nxtd.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvky0g07uaucmnft6nxtd.png" alt="Image description"></a></p> <p>Another advantage of this architecture is that we can only install a minimum set of tools on the controller node and we can install the heavier tools (required by the jobs) on the agent nodes. This keeps the controller lightweight and also allows us to organize our jobs based on the agents that should execute them. In the above example, we have a Jenkins controller along with 4 agents. Each of the agents can serve a specific purpose.</p> <ul> <li>For example, if we need to run tests and build jobs of javascript-based applications we can restrict these jobs to be executed on the agent on the far left.</li> <li>Similarly, if we need to build some .NET applications we can setup a Jenkins agent with a windows host and restrict these jobs to be executed on the far right.</li> <li>Furthermore, we can improve performance by balancing the loads based on our system's requirements. Let's say, we are setting up CI-CD of a system that has hundreds of microservices among which, there are twice as many services written using python based stack as any other stack. In this situation, we can setup two Jenkins agents with python based tools installed and the Jenkins controller can balance the load between these two agents.</li> </ul> <h3> Setup </h3> <h4> Step 1: Spin up a Jenkins Controller(master) Container </h4> <p>We can use the official jenkins docker container. Here's an example docker-compose file that you can use.</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.8'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">jenkins_controller</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">jenkins/jenkins:lts-jdk11</span> <span class="na">privileged</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">user</span><span class="pi">:</span> <span class="s">root</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">$CONTAINER_NAME</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">50001:8080</span> <span class="pi">-</span> <span class="s">50002:50000</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">$JENKINS_HOME:/var/jenkins_home</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock</span> </code></pre> </div> <p>Now, we need to spin up the container and we need to install the required tools for the Jenkins controller node. We can write a simple bash script to achieve that.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-o</span> nounset <span class="nv">JENKINS_CONTAINER_NAME</span><span class="o">=</span><span class="nv">$1</span> <span class="nv">JENKINS_HOME</span><span class="o">=</span><span class="sb">`</span><span class="nb">pwd</span><span class="sb">`</span>/jenkins/jenkins_home <span class="nb">echo</span> <span class="s2">"JENKINS HOME: </span><span class="nv">$JENKINS_HOME</span><span class="s2">"</span> <span class="nv">CONTAINER_NAME</span><span class="o">=</span><span class="nv">$JENKINS_CONTAINER_NAME</span> <span class="nv">JENKINS_HOME</span><span class="o">=</span><span class="nv">$JENKINS_HOME</span> docker-compose <span class="nt">-f</span> docker-compose-controller.yaml up <span class="nt">--build</span> <span class="nt">-d</span> <span class="nb">sleep </span>10 <span class="c"># Here we have just installed git for our controller node, install as many tools as you require</span> docker <span class="nb">exec</span> <span class="nv">$JENKINS_CONTAINER_NAME</span> bash <span class="nt">-c</span> <span class="s2">"apt-get update -y -q &amp;&amp; apt-get upgrade -y -q &amp;&amp; apt-get install -y -q git"</span> </code></pre> </div> <ul> <li>Jenkins uses apache jetty which uses port 8080 by default, We mapped our host machine's port 50001 with the container's 8080. So, entering <a href="http://host:50001" rel="noopener noreferrer">http://host:50001</a> should take you to the Jenkins web dashboard.</li> <li>Check container logs for the first time admin password and create a new admin user. </li> </ul> <h4> Step 2: Set up a Jenkins Agent (slave) </h4> <p>We can now setup our agent(s). Since, our Jenkins controller will communicate with the agents using SSH, we need to generate the SSH keys. In this case, the Jenkins master node will act as the SSH client and the agent(s) will act as SSH servers. So, we need to set it up accordingly.</p> <ol> <li>Generate Keys ``` </li> </ol> <p>ssh-keygen -t rsa -f jenkins_agent_1</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> 2. Goto *Jenkins Dashboard* &gt; *Manage Jenkins* &gt; *Manage Credentials* &gt; Add 'System' scoped Credential for enabling SSH into a Jenkins Agent *System Credential vs Global Credential* *System*: Only available on Jenkins server (not visible by jenkins job) *Global*: Accessible everywhere including jenkins job **Fill up the form with the appropriate values. Here's an example,** *Username*: jenkins # we want to ssh into the agent as 'jenkins' user which already exists by default in the jenkins-agent container we will be using *ID*: An Unique ID for the credential that can be used to refer to the credential *Private Key*: SSH Private Key file contents (e.g: jenkins_agent_1) #### Step 3: Spin up a Jenkins Agent(slave) Container We can use the official jenkins-ssh-agent docker container. Here's an example docker-compose file that you can use. ```yaml version: '3.8' services: jenkins_agent: image: jenkins/ssh-agent:jdk11 privileged: true user: root container_name: $CONTAINER_NAME expose: - 22 environment: - JENKINS_AGENT_SSH_PUBKEY=$JENKINS_AGENT_SSH_PUBKEY </code></pre> </div> <p>Notice that, we must set the environment variable <code>JENKINS_AGENT_SSH_PUBKEY</code> which in this case we are doing from a bash variable. We also need to install the required tools in our Jenkins agent. We can achieve all that using a simple bash script like the one below,</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <p><span class="c">#!/bin/bash</span><br> <span class="nb">set</span> <span class="nt">-o</span> nounset</p> <p><span class="nv">JENKINS_CONTAINER_NAME</span><span class="o">=</span><span class="nv">$1</span><br> <span class="nv">JENKINS_AGENT_SSH_PUBKEY</span><span class="o">=</span><span class="nv">$2</span></p> <p><span class="nv">CONTAINER_NAME</span><span class="o">=</span><span class="nv">$JENKINS_CONTAINER_NAME</span> <span class="nv">JENKINS_AGENT_SSH_PUBKEY</span><span class="o">=</span><span class="nv">$JENKINS_AGENT_SSH_PUBKEY</span> docker-compose <span class="nt">-f</span> docker-compose-agent.yaml up <span class="nt">--build</span> <span class="nt">-d</span></p> <p><span class="nb">sleep </span>10</p> <p><span class="c"># Here we have just installed tools that help us create a python virtual environment for our agent node, install as many tools as you require</span><br> docker <span class="nb">exec</span> <span class="nv">$JENKINS_CONTAINER_NAME</span> bash <span class="nt">-c</span> <span class="s2">"apt-get update -y -q &amp;&amp; apt-get upgrade -y -q &amp;&amp; apt-get install -y -q git python3 python3-venv"</span></p> </code></pre> </div> <h4> <br> <br> <br> Step 4: Configure an Agent from the Jenkins Controller<br> </h4> <p>Goto <em>Jenkins Dashboard</em> &gt; <em>Manage Jenkins</em> &gt; <em>Manage Nodes and Clouds</em> &gt; <em>New Node</em></p> <p><strong>Fill up the form using the appropriate values. Here's an example,</strong><br> <em>Name</em>: JenkinsAgent1</p> <p><em>NumberOfExecutors</em>: 1-2</p> <p><em>RemoteRootDirectory</em>: /home/jenkins/agent</p> <p><em>Labels</em>: linux, python # Space separated values, Can be useful to restrict jobs to run on a particular agent</p> <p><em>Usage</em>: Use this node as much as possible</p> <p><em>Launch Method</em>: Launch agents via SSH</p> <p><em>Host</em>: jenkins_agent # Agent's Hostname or IP to connect. (docker-compose service name if controller and agent is on the same machine) </p> <p><em>Credentials</em>: Select the Credential created in Step 2</p> <p><em>HostKeyVerificationStrategy</em>: Non verifying Verification Strategy</p> <p>Launch Method &gt; Advanced</p> <p><em>ConnectionTimeoutInSeconds</em>: 60<br> <em>MaximumNumberOfRetries</em>: 10<br> <em>SecondsToWaitBetweenRetries</em>: 15</p> <p>There are some other options you might wanna look into, but the ones i discussed should help you get started. </p> <p>We can create as many agents as we require using the process discussed above.</p> <h4> Step 5: Create jobs and run </h4> <p>Now, our agent should be discovered by the controller and we can start delegating our jobs to the agents. We can restrict a job to run on a particular agent by using the labels we assigned when creating an agent.</p> <p>That's done :D. Let me know, if missed anything. You can also find the source files here: <a href="https://github.com/ashiqursuperfly/Jenkins-Controller-Agent-Setup" rel="noopener noreferrer">ashiqursuperfly/Jenkins-Controller-Agent-Setup</a></p> <p>If you found this post helpful, CLICK BELOW πŸ‘‡ <a href="https://www.buymeacoffee.com/ashiqurrahman" rel="noopener noreferrer"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.buymeacoffee.com%2Fassets%2Fimg%2Fcustom_images%2Forange_img.png" alt="Buy Me A Beer"></a></p> jenkins docker