Categories
Development DevOps Weekly

Weekly: building CICD pipelines

The past week has been spent trying to build a centralized Gitlab CICD repository for all services to bootstrap and standardize on.

I’m happy to announce that it has been open sourced! https://gitlab.com/mycf.sg/central-cicd

What’s a centralized CI? It’s basically a template repository for CI pipelines. In this case, it’s for Gitlab because I’m familiar with it and it’s what I’m working with day in day out.

This idea started with my previous project team, but is slowly maturing as I figure out the various cases that it might be used/useful and tweak it accordingly. What it has currently is more of a MVP and POC that it can be used across various projects on Gitlab. You know that because the versioning currently only support patch and not minor/major bumps. It has something to do with how my current team does versioning but it’s the top of my list for things to improve.

Currently there are 4 repositories relying on the CCI, 2 of which are external but still within my control. Features will be incrementally added onto it, and I hope that this could really be something that would help people reduce the amount of time/complexity to build pipelines.

Categories
DevOps Keyboard Learning Weekly

Weekly: AWS and Keyboards

As I am helping another team part time to setup some infra on AWS, I felt my fundamental AWS knowledge being tested all over again. I’ve gotten so used to doing the more “tricky/complex” things that when starting from fresh, got tripped up by some basic setup.

  • Internet facing ELB must have public subnet associated
  • As long as the each AZ has a public subnet associated, the ELB will be able to route to the AZ
  • Public subnets must have IGW, NAT not counted
  • NAT instance must be created in a subnet which has IGW
  • ELB does not need to be in the same subnet as Target Group to route to it
  • ELB needs at least a /27 subnet
  • ELB reserves 8 IP in the subnet for autoscaling
  • NLB does not load balance cross-zone by default
  • ALB load balance cross-zone by default
  • Smallest subnet in AWS is /28
  • OpenVPN Access Server needs EIP
  • OpenVPN Access Server needs to setup through SSH first

While I wasn’t the one who setup the bulk on the networking, I wasn’t able to quickly pinpoint the exact reason why I was unable to get connectivity for the VPN that I was setting up. Just proves that there are some fundamental concepts that I need brushing up on.

On happier news, I finally bought/receive the lube for my future keyboard. Over the weekends I decided to try lubing my current Filco TKL keyboard without disassembly to see how it works/feels.

Categories
DevOps Learning Thoughts Weekly

Weekly: It has been a week?

The past week has been pretty hectic changing between roles as a dev and ops, helping out with other projects till 2-3am every day has really taken its toll and I feel old.

Unsurprisingly, I haven’t been able to really work on any of my own projects but I did learn something interesting that I wish to write about.

Recently facing an issue on Gitlab CI pipeline, where I want to run integration/regression tests on the latest docker build. However, since each image is meant to be production ready, it means that it will be ran as a non-root user. Which means that it will restrict what the user can do when the container starts. Here’s why this problem has caused me such a headache.

Beware, below is really more of a rant about the troubles I faced.