Forem: Julia Furst Morgado

Setting Up a Kubernetes Cluster on AWS EKS With Eksctl and Deploying an App

Julia Furst Morgado — Sat, 30 Mar 2024 16:34:46 +0000

It might come as a surprise, but not too long ago, configuring a Kubernetes cluster on Amazon EKS was quite challenging since you had to create all the components manually by yourself. This changed with the introduction of eksctl, a tool written in Go by the community and sponsored by weaveworks that acts as the official AWS CLI for EKS management. eksctl allows for the creation and administration of clusters through YAML files, while leveraging CloudFormation stacks behind the scenes to handle the required resources. In this blog post you'll see that using eksctl simplifies the creation and deployment of Kubernetes clusters on Amazon EKS.

Installation

Like other binaries written in Go, installation is super simple:

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version

Here's a breakdown of what the code snippet does:

Downloads and extracts the eksctl binary:
- The curl command fetches the latest eksctl binary from its GitHub releases page. This binary is compressed in a .tar.gz file for efficient transfer.
- --silent --location: These options ensure that the download process is not only quiet (no progress output) but also follows any redirects, which is crucial for reaching the final download link.
- The URL contains a dynamic part, $(uname -s)_amd64, which automatically adjusts the download link based on your operating system (uname -s outputs your OS name, such as Linux or Darwin) and assumes an amd64 architecture.
- The downloaded file is piped (|) into the tar command, which extracts the binary into the /tmp directory. This is a temporary location, safe for staging files before moving them to a more permanent location.
Moves the binary to /usr/local/bin:
- The sudo mv /tmp/eksctl /usr/local/bin command moves the extracted eksctl binary from /tmp to /usr/local/bin. This directory is commonly used for manually installed binaries and is typically included in the system's PATH. Placing eksctl here allows you to run it from any terminal without specifying its full path.
- Using sudo is necessary because /usr/local/bin is a system directory, and modifying its contents requires administrative privileges.
Verifies the installation
- Finally, running eksctl version checks the installed version of eksctl. This not only confirms that eksctl is correctly installed and accessible but also lets you know the exact version you have. It's a good practice to verify installations to ensure everything is set up as expected.

Configuring an AWS account

Do not use your root account for cluster creation. In fact, avoid using your root account for anything other than creating other accounts or managing very specific AWS resources.

If it's your personal account, create another user. Now, if it's a corporate account, I suggest enabling AWS Organizations.

Create a new user in IAM with the following policies attached to it:

AmazonEC2FullAccess
AWSCloudFormationFullAccess
EksFullAccess
IamLimitedAccess

The first two are AWS-managed policies, so you don't need to create them. The last two will have the following content:

EksAllAccess

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "eks:*",
            "Resource": "*"
        },
        {
            "Action": [
                "ssm:GetParameter",
                "ssm:GetParameters"
            ],
            "Resource": [
                "arn:aws:ssm:*:<account_id>:parameter/aws/*",
                "arn:aws:ssm:*::parameter/aws/*"
            ],
            "Effect": "Allow"
        },
        {
             "Action": [
               "kms:CreateGrant",
               "kms:DescribeKey"
             ],
             "Resource": "*",
             "Effect": "Allow"
        },
        {
             "Action": [
               "logs:PutRetentionPolicy"
             ],
             "Resource": "*",
             "Effect": "Allow"
        }        
    ]
}

IamLimitedAccess

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateInstanceProfile",
                "iam:DeleteInstanceProfile",
                "iam:GetInstanceProfile",
                "iam:RemoveRoleFromInstanceProfile",
                "iam:GetRole",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:AttachRolePolicy",
                "iam:PutRolePolicy",
                "iam:ListInstanceProfiles",
                "iam:AddRoleToInstanceProfile",
                "iam:ListInstanceProfilesForRole",
                "iam:PassRole",
                "iam:DetachRolePolicy",
                "iam:DeleteRolePolicy",
                "iam:GetRolePolicy",
                "iam:GetOpenIDConnectProvider",
                "iam:CreateOpenIDConnectProvider",
                "iam:DeleteOpenIDConnectProvider",
                "iam:TagOpenIDConnectProvider",
                "iam:ListAttachedRolePolicies",
                "iam:TagRole",
                "iam:GetPolicy",
                "iam:CreatePolicy",
                "iam:DeletePolicy",
                "iam:ListPolicyVersions"
            ],
            "Resource": [
                "arn:aws:iam::<account_id>:instance-profile/eksctl-*",
                "arn:aws:iam::<account_id>:role/eksctl-*",
                "arn:aws:iam::<account_id>:policy/eksctl-*",
                "arn:aws:iam::<account_id>:oidc-provider/*",
                "arn:aws:iam::<account_id>:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup",
                "arn:aws:iam::<account_id>:role/eksctl-managed-*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:GetRole"
            ],
            "Resource": [
                "arn:aws:iam::<account_id>:role/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceLinkedRole"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": [
                        "eks.amazonaws.com",
                        "eks-nodegroup.amazonaws.com",
                        "eks-fargate.amazonaws.com"
                    ]
                }
            }
        }
    ]
}

Replace with your AWS account ID.

Now generate credentials for the user and keep the access key ID and secret key. eksctl requires the AWS CLI to be installed. If you don't have it installed, run:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws configure

You'll be prompted for details like the default AWS region (e.g., us-east-1), access key ID, and secret key to create the default profile. Now, if you already have the AWS CLI installed and configured, you can manually create the new profile by editing the ~/.aws/credentials file.

Attention: when you have multiple profiles within your ~/.aws/credentials file, specify which one you want to use by setting the value of the AWS_PROFILE variable with the command export AWS_PROFILE=my_profile and replacing my_profile with the name of the AWS profile you want to use. This ensures that any subsequent AWS CLI commands will use the credentials and configuration associated with the specified profile.

Creating the cluster

By default, eksctl will create the cluster in a separate VPC using m5.large instances. This has some implications:

By default quota, you can have a maximum of five VPCs per account;
If you're using a study, lab, or test environment, this type of instance can be considered somewhat expensive;
If you need the applications in the cluster to communicate with AWS resources - an instance in RDS, for example - located in another VPC, VPC Peering configuration and routes are necessary for this to happen.

Our cluster will have the following characteristics:

It will be called demo-eks and will be located in us-east-1 (Northern Virginia);
Four subnets will be created in the new VPC, two public and two private. By default, eksctl allocates the cluster nodes in the private subnets;
A nodegroup called ng-01 will be created with an auto scaling group, with a minimum of one instance and a maximum of 5 of type t3.medium;
IAM policies for external-dns, auto-scaling, cert-manager, ebs, and efs. We'll talk more about them shortly.

Save the file below as demo-eks.yaml and then execute eksctl create cluster -f demo-eks.yaml --kubeconfig=demo-eks-kubeconfig and let the magic happen. eksctl will generate the stack (or stacks) within CloudFormation and create all the necessary resources, which will take about fifteen to twenty minutes (yes, it's a bit slow) and voilà, you'll have a Kubernetes cluster for use in AWS EKS, with credentials for access to it in the demo-eks-kubeconfig.yaml file.

---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
  name: demo-eks
  region: us-east-1

managedNodeGroups:
  - name: ng-01
    instanceType: t3.medium
    desiredCapacity: 2
    minSize: 1
    maxSize: 5
    iam:
      withAddonPolicies:
        autoScaler: true
        externalDNS: true
        certManager: true
        ebs: true
        efs: true

Important: If the --kubeconfig option is omitted, eksctl will generate the access file in ~/.kube/config, which can be a problem if you already have other clusters configured. If that's the case, you can create a directory called ~/.kube/configs to store the files and switch between them by setting the KUBECONFIG variable pointing to the desired file path (e.g., export KUBECONFIG=${HOME}/.kube/configs/demo-eks-kubeconfig). This step is essential for kubectl to be able to connect to the cluster.

If you're still getting an error suggesting that kubectl is trying to connect to a Kubernetes cluster on your local machine (localhost, IP address 127.0.0.1) instead of connecting to your Amazon EKS cluster, run the command export KUBECONFIG=demo-eks-kubeconfig.

Helm Installation

You've probably heard of Helm, but if not, don't worry. Helm is, in essence, a package manager for Kubernetes. These packages are provided in the form of charts, and with Helm, we can create manifests for our applications in a more dynamic, organized, parameterizable way, and then host them in repositories for deployment.

You can quickly install it using curland bash:

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

Here's what the command does:

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3: This part of the command uses curl, a command-line tool for transferring data using various network protocols. Here, it's used to download the installation script for Helm 3 from its official GitHub repository. The URL points to the raw version of the get-helm-3 script, which is intended to be executed directly.
| bash: This pipe (|) takes the output of the curl command (which is the Helm 3 installation script) and feeds it directly into bash, the Bourne Again SHell. Running a script in this manner executes the script's contents.

Here's what happens when you run the command:

The get-helm-3 script is fetched from the Helm GitHub repository using curl.
The script is then immediately executed in your shell (bash) without needing to be saved to a file on your disk.
The script performs several actions to install Helm 3:
- It checks your system to ensure it meets the prerequisites for installing Helm.
- It determines the latest version of Helm 3 if not specified.
- It downloads the correct Helm 3 binary for your operating system and architecture.
- It places the Helm binary in a location on your system where executable files are typically stored, making it accessible from anywhere in your terminal.
- It might also perform some additional setup tasks, such as setting up autocomplete features for Helm commands.

Or, if you're using a Debian-like distribution and want to use a package you can install it with the following commands:

curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
sudo apt-get install apt-transport-https --yes
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm

Add-ons Installation

Metrics Server

The Metrics Server is a necessary resource for using HPAs (Horizontal Pod Autoscalers). HPAs are extremely useful when we want to scale our applications horizontally when they need more resources.

helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/
helm upgrade --install --create-namespace -n metrics-server metrics-server metrics-server/metrics-server

Prometheus

Prometheus is a monitoring solution. If you use Lens or another dashboard for monitoring your clusters, it will provide CPU, memory, network, and disk usage graphs for the cluster, nodes, controllers, and pods. Prometheus is commonly used alongside Grafana.

helm repo add bitnami https://charts.bitnami.com/bitnami
helm install --create-namespace -n kube-prometheus prometheus bitnami/kube-prometheus

ExternalDNS

ExternalDNS synchronizes Kubernetes resources with external DNS records hosted on providers like AWS Route 53, Google Cloud DNS, AzureDNS, etc. With it, we don't need to manually create DNS entries every time we deploy a new application to our cluster. Cool, right?

helm install external-dns stable/external-dns \
  --create-namespace \
  --namespace external-dns \
  --set provider=aws \
  --set aws.zoneType=public \
  --set txtOwnerId=<ZONE_ID>
  --set policy=sync
  --set registry=txt
  --set interval=20s
  --set domainFilters[0]=<DOMAIN>

Replace <ZONE_ID> with your AWS Route 53 zone ID and <DOMAIN> with your domain in the format domain.com.

cert-manager

cert-manager is a CRD (Custom Resource Definition) that dynamically generates TLS/SSL certificates for our applications using Let's Encrypt (although it also supports other issuers).

helm repo add bitnami https://charts.bitnami.com/bitnami
helm install --create-namespace -n cert-manager cert-manager bitnami/cert-manager \
  --create-namespace \
  --namespace cert-manager \
  --set installCRDs=true

With the chart installed, it's necessary to create two CRDs, each representing a different issuer from Let's Encrypt, one for production and one for staging. The difference between them is the request limit we can make. In a test environment, prefer to use the staging environment.

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <meu_email>
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            class: nginx

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: <meu_email>
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            class: nginx

Note: Replace <my_email> with your email address. If you're using an Ingress other than Nginx, you need to change the manifests above by setting the appropriate class.

Run the command kubectl apply -f cert-manager-staging.yaml -f cert-manager-prod.yaml to create them in the cluster.

NGINX Ingress Controller

We allow access to our applications through the NGINX Ingress Controller. You can think of an Ingress as a reverse proxy.

helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  --namespace ingress-nginx \
  --create-namespace

Auto Scaling Group

One of the coolest features of cloud computing is elasticity. Imagine that throughout the year, we have a relatively constant demand, but at certain times - like Black Friday - it can increase considerably, and soon you'll need more nodes within your nodegroups to meet the needs of your pods. So that we don't have to do this manually, let's add automatic scaling functionality to our nodegroup.

helm repo add autoscaler https://kubernetes.github.io/autoscaler
helm install --create-namespace -n cluster-autoscaler autoscaler/cluster-autoscaler \
  --set 'autoDiscovery.clusterName=<cluster_name>'

Note: Replace <cluster_name> with the name of your cluster (in this case, demo-eks).

To test, after deploying any application, increase the number of replicas to a number not met by the resources available in your nodegroup. The cluster-autoscaler will provide new nodes up to the maximum number set in the nodegroup. When the number of pods consumes less than 50% of the resources of a node for more than 10 minutes, this node will be removed from the nodegroup. Cool, right?

Deploying an Application

With our cluster set up and the add-ons installed, it's time to launch a test application. Below are the manifests within a single file named hello-kubernetes.yaml:

apiVersion: v1
kind: Namespace
metadata:
  name: hello-kubernetes
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: hello-kubernetes
  name: hello-kubernetes
spec:
  replicas: 2
  selector:
    matchLabels:
      app: hello-kubernetes
  template:
    metadata:
      labels:
        app: hello-kubernetes
    spec:
      containers:
      - name: hello-kubernetes
        image: paulbouwer/hello-kubernetes:1.5
        ports:
        - containerPort: 8080
        resources:
          requests:
            memory: "128Mi"
            cpu: "250m"
          limits:
            memory: "256Mi"
            cpu: "500m"
---
apiVersion: v1
kind: Service
metadata:
  namespace: hello-kubernetes
  name: hello-kubernetes
spec:
  type: ClusterIP
  selector:
    app: hello-kubernetes
  ports:
  - port: 80
    targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: hello-kubernetes
  name: hello-kubernetes-ingress
  annotations:
    nginx.ingress.kubernetes.io/ingress-class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
    external-dns.alpha.kubernetes.io/hostname: <app.DOMAIN>
spec:
  tls:
    - hosts:
        - <app.DOMAIN>
      secretName: <app.DOMAIN>
  rules:
    - host: <app.DOMAIN>
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: hello-kubernetes
              port: 
                number: 80

Note: Replace with the domain you want to use for your application, something like app.juliaK8s.net.

Once you've created the manifest and saved it, deploy the YAML file using kubectl apply:

kubectl apply -f hello-kubernetes.yaml

This command will create the resources defined in the YAML file (Namespace, Deployment, Service, Ingress) in your Kubernetes cluster.

After applying the YAML file, you can verify that the resources have been created successfully by running the command kubectl get all -n hello-kubernetes.

If everything goes well, here's what should happen:

Entries will be created in your DNS zone inside AWS Route 53 according to what was configured in your ingress and the settings of your ExternalDNS, and within a few minutes, you will be able to access your application by that name. You can monitor the propagation using the dig tool;
A certificate will be automatically generated for your application. This can take some time for new applications;
We allocate two replicas for the application, and here's a very important caveat: Kubernetes will by default perform round-robin load balancing between the pods. In most of today's web applications, we work with sessions and, as a result, there may be scenarios where a user authenticates on one pod, and the next request, is redirected to another where the session does not exist. As a consequence, strange behaviors are presented to the user, such as redirection to the login screen, "Unauthorized" messages, intermittent access, etc. To prevent this, we usually use some service like Redis, memcached (which may or may not be on AWS ElastiCache), or the sticky-sessions feature, where a user is consistently sent to the same pod.

Deleting Cluster

If you want to delete the cluster and resources you've just created, run the following command:

eksctl delete cluster --name demo-eks --region us-east-1

Conclusion

Kubernetes is an extremely extensive and complex subject with a myriad of possibilities. I presented some of them here that can be used not only in AWS EKS but also in on-premises installations (except for the cluster-autoscaler, unless you are using OpenStack in your company). There is also a series of security improvements that can be made to the cluster setup in this article. I hope you enjoyed it!

References

If you liked this article, follow me on Twitter (where I share my tech journey daily), connect with me on LinkedIn, check out my IG, and make sure to subscribe to my Youtube channel for more amazing content!!

My Adventure at KubeConEU 2024

Julia Furst Morgado — Mon, 25 Mar 2024 07:08:18 +0000

Well well well, it looks like I made it back from another epic KubeCon + CloudNativeCon adventure in Paris, France! This conference was non-stop learning, networking and fun as always. I'm here to share my adventure, hoping to bring you along for the ride, at least in spirit.

Before the Conference Officially Starts

My KubeCon journey kicked off a bit early at Rejekts on Monday, a fantastic event that happens right before the main event (keep an eye out for my upcoming Rejekts video on YouTube). It's a place where you can catch some really interesting talks and chat with folks you might not have the opportunity to talk to during the bigger conference. Michael Cade and Anais Urlichs talked about data protection and data recovery - The Bang! - When bad things happen to your data - you can watch all Rejekts Day 2 talks here.

Although I didn't get the fancier KubeCon ticket that lets you into the co-located talks, on Tuesday I went over to the conference venue early to pick up my badge and ended up meeting a bunch of people hanging around there. The best part of my day was seeing all the KubeCon lanyards with the Veeam logo.

There was a Happy Hour organized for the KCD organizers and community meetup organizers. It was the first time I saw the other NYC KCD organizers!

Day 1: Jumping Right In

I was staying a bit far from where KubeCon was happening (and closer to Rejekts), so I got up super early, hopped on the subway, and moved to a hotel closer to the action. After checking in and dropping off my bags, I joined the CNCF Ambassadors for breakfast. It's something I really look forward to because it's a chill way to meet other ambassadors and chat without the hustle and bustle of the conference. Then, we all headed over to the opening keynote together.

Every day of KubeCon starts with Keynotes. The keynotes are always held in a big hall, and it's a nice way to start the day.
Priyanka Sharma, the CNCF head always opens the keynote on the first day. She went into some detail about running an LLM (Large Language Model) on Kubernetes and showed a few mechanics that are used in it. If you want to try it our for yourself, the demo project was: https://github.com/cncf/llm-in-action.

Also, some technologies that were named were:

Mistral.ai A company that builds some LLM models (with Timothee Lacroix on stage)
Ollama Tooling to run LLM's. Don't know if it has a model already built in, but yes, I should look into this. By the way, they have the cutest Logo of a Lama 😍. (with Jeffrey Morgan on stage)
Google Deepmind, the team behind Gemini and working on generative AI. (with Paige Bailey on stage)

After that... to be honest... I lost interest a bit and quickly went to search for coffee. Because... coffee is a hard requirement for me running around on a day like this.

After that I went to the show floor, because I was a sponsor I could get in earlier and wanted to see if anyone at Veeam needed some help. Once the show floor opened I went to the project pavilion just next to our booth to talk to some project maintainers. It's crazy how the sponsor's booths get on day 1, everyone wants swag so there's always a huge line to talk to those companies.

Lunch was grab-and-go bags, which were okay, but not great (with a selection of poultry, beef, fish, or vegetarian lunch items).

A highlight of my day was getting three books signed by my good friends Aurélie Vache, Mauricio Salatino, and Chad M. Crowell.

At the end of the day I went to a party hosted by Veeam, Red Hat, and Nutanix at the Mama Shelter Hotel (the one I was staying at) so it was perfect for me. Didn't stay until late cause I knew I had day 2 coming up.

Day 2: More Discoveries

Second day I woke up around 7:30 and took the time to stop by a boulangerie (french bakery) to have some freshly baked croissants (it's a must in France... if you don't eat a croissant in the morning the police will come and talk with you to see what's up).

After the Keynote, the talks started and you could schedule them ahead so you don't get lost to what's next. The Sched platform is great for that. You can leave checks on the events you think are interesting and can filter your view to show only those. I usually select a few in the same time slot and decide between those just before the events.

I got my KubeCon t-shirt and because I'm a CNCF ambassador I got a voucher to spend some $$ at the CNCF store so I bought a few items. I went to a few booths, got a few pairs of socks, and entered to win some raffles (but do you think I ever win anything like that? NO.)

At the end of the day I left earlier at 3 PM to head to the Eiffel Tower to do a Veeam live stream with Matt Bator to talk about KubeCon, you can check it out here. After that started a party there and I stayed having some AMAZING food.

Day 3: Wrapping Up

On Wednesday I went again to the keynote that Chris Aniszczyk (CNCF CTO) opened. And believe it or not, he showed a tweet that I had posted the day before on his main slide!! I couldn't believe my eyes! He was talking about a new program Kubestronaut, for people who have passed the CKA, CKAD, CKS, KCNA and KCSA to join this program and win a jacket. He also mentioned the 10-year Kubernetes anniversary the #kuberTENes read more here. And the contributor cards, check yours here

I took time to meet with the people I hadn't met the previous days but most people had left already or were leaving. The show floor closed at 2:30 PM. After that, I went for lunch with some Brazilian friends to a French brasserie and stayed there until 11 PM!

Key Takeaways

📈 Huge Growth and Strong Community

Kubernetes has a huge community, with a 190k member Slack group and over 3.2k people actively contributing on Github.
There are more than 100 official Kubernetes versions and over 200,000 people certified to use Kubernetes!

🎯 What's Next:

As Kubernetes approaches its 10th year, experts think the next big focuses will be on AI, making things eco-friendly, improving security, and working on edge computing.

👫 Working Together for the Future:

There’s a big push to listen to what users need and want, making sure Kubernetes keeps improving in the right ways.

🏳️‍🌈 Making a Welcoming Community:

Talks emphasized making sure everyone, no matter their background, feels included. An interesting fact I learned is that sign language is different around the world.

💹 Tech and Innovations:

AI and machine learning on Kubernetes were big topics, with special efforts like Dynamic Resource Allocation (DRA) making it easier to manage resources, especially for apps that need a lot of power, like those using GPUs.
A new project called Spin is exciting because it can greatly reduce how much memory apps use (from 423 MB down to just 2.4 MB!).
Contributions to upstream repositories and the strategic use of labels for project tracking were highlighted a lot, underscoring the community's commitment to open-source collaboration.
There’s a lot of excitement about Observability (Open Telemetry) and eBPF technology, with a tool called Cilium standing out as really promising, even for complex network tasks like service mesh.

🌐 Platform Engineering:

Treating platforms as products is becoming popular, with success stories from Spotify to Natwest Bank. This includes applying a product mindset to all levels, including portals and infrastructure.
Highlighting the value of developer experience remains a challenge, especially to leadership. Utilizing DORA/SPACE metrics and promoting cross-organizational collaboration are suggested strategies.
Mature technologies like Kubernetes and CI/CD are now seen as "boring tech," with the real challenge lying in integrating these technologies seamlessly.
AI's impact on platform engineering is still minimal, focusing more on orchestration and lifecycle management. Portals designed with a product mindset can significantly enhance value, emphasizing jobs to be done and factors like viability and usability.

Reflecting on KubeCon + CloudNativeCon in Paris, it was more than just a conference. It was a fantastic blend of learning new things, making connections, and experiencing the vibrant energy of a global community. Until the next conference call, I'll be here, sifting through the knowledge gained and the memories made, eager for the next adventure!

The What, Who, Why, Where and How of Public Speaking

Julia Furst Morgado — Mon, 11 Mar 2024 13:33:39 +0000

Alright alright, are you thinking about stepping into the world of public speaking? You've come to the right place. Let me tell you a little bit about what public speaking entails and what to talk about, who it's for, why you should start it right away, where to give your first talk, and how you can get started. Meanwhile, I'll show you an awesome AI app created on PartyRock, an Amazon Bedrock Playground that can help you streamline this whole process - Talk Maker!

WHAT

So what is public speaking exactly? At its core, it's communicating a message or sharing knowledge verbally to an audience. This can cover a wide range of topics from discussions about your personal experiences to teaching others about a complex subject area. The possibilities are endless!

Here are a few examples of what you can talk about:

What you already know
What you learned from other sources (blog, interviews etc)
A project you worked on
Industry trends
Important events
Challenges you've faced

WHO

As for who public speaking is for - everyone! Seriously, you don't need to have a certain job, degree, or background to try your hand at it. Public speaking is a skill that takes practice but can be learned by anyone willing to challenge themselves a bit outside their comfort zone. Stepping up to share your ideas and perspectives is within reach for all. And I recommend it to everyone, the benefits are numerous!

WHY

Now for the big why - why take on public speaking? A few great reasons to consider it. For one, it gives you visibility and credibility as an expert in your field. Anytime you're up speaking before an audience, you cement yourself as a leader. It's also a fantastic way to network and meet others. Plus, public speaking does aid your learning and growth because by teaching others we teach ourselves. Preparing talks forces you to organize your knowledge, and getting hands-on experience speaking only sharpens your communication skills. It's a personal challenge well worth undertaking.

WHERE

Okay, where can you speak? Lots of options - both online and off. Consider doing a talk for your company's internal meetings, at local meetups like AWS User Groups, Cloud Native Community Groups or submit a proposal to a conference. There are so many conferences out there. I recommend you take a look at the AWS Community Day or KCD near you and submit to speak there. Otherwise, you can check this developers conferences agenda repo with tons of other conferences you can apply to. And in the digital age, there are options like creating videos for YouTube or podcasts too where you can practice your public speaking skills. The venues are endless.

HOW

Here you have two avenues to start with:

Avenue #1: Start with the what in mind. First, decide what you want to discuss (can be a high-level topic) - whether that's based on your personal experiences, your work, trends in your field, and so on. Make sure it's a topic you're passionate and knowledgeable about.
Avenue #2: Start with the where in mind. Depending on the event, for instance, a security event you will need to give a talk related to security. If the event doesn't have a specific topic or has several talk tracks you can go with the first avenue.

Once you've decided you want to give a talk and have a high-level topic, you need to define your audience and the outcomes of your talk. Understanding who you want to talk to is crucial. What are their interests, pain points, and knowledge levels? Tailor your content and language accordingly. For example, a talk for senior leadership would require more of an executive summary than granular details. The outcome refers to what you want your audience to learn, think, feel, or do after they've heard your message. What action do you want them to take? Be specific.

From there you need to hone in on a specific subject so you can start brainstorming on a catchy title that draws people in, and an abstract about your talk and break the talk into 2-3 main actionable points or takeaways.

Here's a tip: if you're planning to deliver a technical talk, try to present a demo even if it's just for a couple of minutes or a few screenshots. Demos can aid audience understanding and cement your message because they reinforce concepts in a visual, interactive way versus passive viewing. Sticks better in minds! If it's something complex, a short demo plus sharing your slides/notes afterward is very helpful.

Now it's time to prepare your visual presentation. Once you have all your main elements in hand (title, abstract, demo and 2-3 core points) start building out your slides. Keep it simple with a few lines of text and clear - people shouldn't have to strain to read tiny text. Include relevant anecdotes, stories, data, or images to reinforce your messages. Remember to never use images, content or code in your presentation without proper permission!

Now you're almost ready! Polish your presentation and rehearse it aloud for others. Practice in front of friends, family, or co-workers. Ask for honest feedback on how you can improve your delivery, if the content flows well, and thoughts on visuals. Incorporate any suggestions before showtime. You can also record practice runs to review later. Repetition is key to feeling comfortable when presenting.

On the day, relax and remember that people are there to learn from you! Make frequent eye contact with the audience, change up the tone and pace of your speech, sprinkle in some humor, and use visible energy and body language. Speak loudly and clearly into the mic.

Once you're done with the talk, you'll want to leave some time for Q&A (questions and answers). Anticipate what types of questions may come up based on your topic. Feel free to say you don't know an answer, but offer to follow up. Thank your attendees for their great questions!

After the talk, take some notes on what went well, where you could improve, and any additional feedback received. Save this for the next time you present - you'll get better and better! Just keep practicing and continuing to challenge yourself.

Finally and most importantly, have fun with the whole process! Public speaking gets easier the more you do it. After a few talks, you're going to love doing them!
If you want to try the PartyRock app, you can do so here: https://partyrock.aws/u/juliafmorgado1/oGddt5yV8/Talk-Maker
Or watch a short demo on how to use it here: https://www.youtube.com/watch?v=APjp8gs8Ag8

Deploy Your First Web App on AWS with AWS Amplify, Lambda, DynamoDB and API Gateway

Julia Furst Morgado — Fri, 01 Mar 2024 15:17:11 +0000

Hey there!

If you've decided to learn more about AWS, then you've landed on the right blog post!

This guide is designed for beginners or developers with some cloud experience who want to learn the fundamentals of building web applications on the AWS cloud platform. We'll walk you through deploying a basic contact management system, introducing you to key AWS services along the way.

In this project, as you can guess from the title, we will use AWS, which stands for Amazon Web Services; an excellent cloud platform with endless services for so many various use cases from training machine learning models to hosting websites and applications.

Cloud computing provides on-demand access to computing resources like servers, storage, and databases.
Serverless functions are a type of cloud computing service that allows you to run code without managing servers.

By the end of this tutorial, you'll be able to:

Deploy a static website to AWS Amplify.
Create a serverless function using AWS Lambda.
Build a REST API with API Gateway.
Store data in a NoSQL database using DynamoDB.
Manage permissions with IAM policies. Integrate your frontend code with the backend services.

I recommend you follow the tutorial one time and then try it by yourself the second time. And before we begin, ensure you have an AWS account. Sign up for a free tier account if you haven't already.

Now let's get started!

Step 1: Deploy the frontend code on AWS Amplify

In this step, we will learn how to deploy static resources for our web application using the AWS Amplify console.

Basic web development knowledge will be helpful for this part. We will create our HTML file with the CSS (style) and Javascript code (functionality) embedded in it. I have left comments throughout to explain what each part does.

Here is the code snippet of the page:

There are multiple ways to upload our code into Amplify console. For example, I like using Git and Github. To keep this article simple, I will show you how to do it directly by drag and drop method into Amplify. To do this — we have to compress our HTML file.

Now, make sure you're in the closest region to where you live, You can see the region name at the top right of the page, right next to the account name. Then let’s go to the AWS Amplify console. It will look something like this:

When we click “Get Started,” it will take us to the following screen (we will go with Amplify Hosting on this screen):

You will start a manual deployment. Give your app a name, I'll call it "Contact Management System", and ignore the environment name. Then, drop the compressed index file and click Save and Deploy.

Amplify will deploy the code, and return a domain URL where we can access the website.

Click on the link and you should see this:

Step 2: Create an AWS Lambda Serverless function

We will create a serverless function using the AWS Lambda service in this step. A Lambda function is a serverless function that executes code in response to events. You don't need to manage servers or worry about scaling, making it a cost-effective solution for simple tasks. To give you some idea, a great example of Serverless computing in real life is vending machines. They send the request to the cloud and process the job only somebody starts using the machine.

Let’s go to the Lambda service inside the AWS console. By the way, make sure you are creating the function in the same region in which you deployed the web application code in Amplify.

Time to create a function. Give it a name, I'll call it "my-web-app-function", and for runtime programming language parameters: I’ve chosen Python 3.12, but feel free to choose a language and version that you are more comfortable and familiar with.

After our lambda function is created, scroll down and you will see the following screen:

Now, let’s edit the lambda function. Here is a function that extracts first and last names from the event JSON input. And then returns a context dictionary. The body key stores the JSON, which is a greeting string.

After editing, click Deploy to save my-web-app-function, and then click Test to create an event.

To configure a test event, give the event a name like "MyEventTest", modify the Event JSON attributes and save it.

Now click on the big blue test button so we can test the Lambda function.

The execution result has the following elements:

Test Event Name
Response
Function Logs
Request ID

Step 3: Create Rest API with API Gateway

Now let's go ahead and deploy our Lambda function to the Web Application. We will use Amazon API Gateway to create a REST API that will let us make requests from the web browser. API Gateway acts as a bridge between your backend services (like Lambda functions) and your frontend application. It allows you to create APIs that expose functionality to your web app.

REST: Representational State Transfer.

API: Application Programming Interface.

Go to the Amazon API Gateway to create a new REST API.

At the API creation page, we have to give it a name for example "Web App API", and choose a protocol type and endpoint type for the REST API (select Edge-optimized).

Now we have to create a POST method so click on Create method.

In the Create method page, select the method type as POST, the integration type should be Lambda function, ensure the Region is the same Region you’ve used to create the lambda function and select the Lambda function we just created. Finish by clicking on Create method at the bottom of the page.

Now we need to enable CORS, so select the / and then click enable CORS

In the CORS settings, just tick the POST box and leave everything else as default, then click save.

After enabling CORS headers, click on the orange Deploy API button.

A window will pop up, under stage select new stage and give the stage a name, for example "web-app-stage", then click deploy.

When you view the stage, there will be a URL named Invoke URL. Make sure to copy that URL; we will use it to invoke our lambda function in the final step of this project.

Step 4: Create a DynamoDB table

In this step, we will create a data table in Amazon DynamoDB, another AWS service. DynamoDB is a NoSQL database service that stores data in key-value pairs. It's highly scalable and flexible, making it suitable for various applications. Click on the orange create table button.

Now we have to fill out some information about our data table, like the name "contact-management-system-table", and the partition key is ID. The rest leave as default. Click Create table.

Once the table is successfully created, click on it and a new window with the details of the table will open up. Expand the Additional info and copy the Amazon Resource Name (ARN). We will use the ARN in the next step when creating IAM access policies.

Step 5: Set up IAM Policies and Permissions

AWS IAM is one of the most basic and important things to be set up, yet a lot of people neglect it. For improved security, it's always recommended a least-privilege access model, which means not giving a user more than needed access. For example, even for this simple web application project, we have already worked on multiple AWS services: Amplify, Lambda, DynamoDB, and API Gateway. It’s essential to understand how they communicate with each other and what kind of information they share.

Now back to our project, we have to define an IAM policy to give access to our lambda function to write/update the data in the DynamoDB table.

So go back to the AWS Lambda console, and click on the lambda function we just created. Then go to the configuration tab, and on the left menu click on Permissions. Under Execution role, you will see a Role name.

Click on the link, which will take us to the permissions configuration settings of this IAM role. Now click on Add permissions, then create an inline policy.

Then click on JSON, delete what's on the Policy editor and paste the following.

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
            "dynamodb:PutItem",
            "dynamodb:DeleteItem",
            "dynamodb:GetItem",
            "dynamodb:Scan",
            "dynamodb:Query",
            "dynamodb:UpdateItem"
        ],
        "Resource": "YOUR-DB-TABLE-ARN"
    }
    ]
}

Make sure to substitute the "YOUR-DB-TABLE-ARN" with your real DynamoDB table ARN. Click Next, give the policy a name, like "lambda-dynamodb", and then click Create policy. This policy will allow our Lambda function to read, edit, delete, and update items from the DynamoDB data table.

Now close this window, and back to the Lambda function, go to the Code tab and we will update the lambda function python code with the following.

The response is in REST API format. After making the changes, make sure to deploy the code. After the deployment is concluded, we can Test the program by clicking on the blue test button.

We can also check the results on the DynamoDB table. When we run the function it updates the data on our table. So go to AWS DynamoDB, click on explore items in the left nav bar, click on your table. Here is the object returned from the lambda function:

Step 6: Update frontend code with Rest API

Congrats on making it this far!

In this final step, we will see everything we just built in action. We will update the front-end to be able to invoke the REST API with the help of our lambda function and receive data.

First, go back to your index.html on your code editor. See on line 68 you had "API_KEY"? Go ahead and swap that with the invoke URL you copied from the API Gateway service under your REST API details. Once you've done that, save and compress the file again, like we did in step 1, and upload it again to AWS using the console.

Click on the new link you got and let's test it.

Our data tables receive the post request with the entered data. The lambda function invokes the API when the “Call API” button is clicked. Then using javascript, we send the data in JSON format to the API. You can find the steps under the callAPI function.

You can find the items returned to my data table below:

Conclusion

Congrats! You have created a simple web application using the AWS cloud platform. Cloud computing is snowballing and becoming more and more part of developing new software and technologies.

If you feel up for a challenge, next you could:

Enhance the frontend design
Add user authentication and authorization
Set up monitoring and analytics dashboards
Implement CI/CD pipelines to automate the build, test, and deployment processes of your web application using services like AWS CodePipeline, AWS CodeBuild, and AWS CodeDeploy.

Working on hands-on programming projects is the best way to sharpen your skills.

I'll be covering some other scenarios on AWS in my next blog posts, so keep an eye out!

And again, feel free to give me feedback, and if I’m off track, don’t hesitate to let me know. We’re all in this together, learning and growing as a community!

Easily Upgrade Veeam Backup and Replication From 12.0 to 12.1

Julia Furst Morgado — Fri, 09 Feb 2024 01:03:05 +0000

Veeam Backup and Replication has released version 12.1 with exciting new features and enhancements, especially in the cyber security realm. In this tutorial, we'll guide you through the process of upgrading from version 12.0 to 12.1 swiftly and smoothly.

Step 1: Preparation

Before starting the upgrade process, ensure that your backups are up to date, providing a fail-safe option for reverting if needed. Additionally, if you have any continuously running jobs, temporarily disable or shut them down to prevent any disruptions during the upgrade.

Step 2: Check Current Version and Download the ISO

Open your Veeam Backup and Replication console and verify that you are running version 10a to 12 to utilize the in-place upgrader. If you are running an earlier version, the upgrade process will differ. Next, visit the Release Information for Veeam Backup & Replication 12.1 and Updates page on the Veeam website and download the latest 12.1 ISO.

Step 3: Mount the ISO and Launch Setup

Right-click on the downloaded ISO file and mount it. Then, navigate to the mounted ISO and launch the setup.exe file to begin the upgrade process.

Step 4: Accept License Agreements

Once the installer initializes, you will be prompted to accept the terms of the License Agreements. Review and accept the agreements to proceed with the upgrade.

Step 5: Check Components and Install Remote Components

Verify the versions of your Veeam Backup Catalog, VBR Server, and VBR Console. Optionally, check the box to automatically install remote components if required for your setup.

Step 6: Specify Service Account and PostgreSQL Backend

Specify the service account to be used during the upgrade process. The installer will enumerate the current PostgreSQL backend instance, typically requiring no changes for an in-place upgrade. However, if a "SSPI authentication failed for user" error occurs, follow the steps provided in the linked KB article to resolve it.

Step 7: Complete Upgrade Process

A pop-up window will appear indicating that the database will be automatically upgraded to the new version. Click "Yes" to proceed, and then click "Upgrade" on the following window.

The installer will shut down backend services, perform the necessary upgrades, and automatically upgrade all components in the background. The duration of this process may vary based on your environment and server performance.

Step 8: Re-enable Jobs and Verify Operation

Once the upgrade process is complete, reopen the VBR interface and re-enable any previously disabled jobs. Verify that the upgrade was successful by ensuring all functions are operational.

Upgrading Veeam Backup and Replication from version 12.0 to 12.1 is a straightforward process when following these steps. By ensuring preparation and following each step carefully, you can swiftly upgrade to the latest version, benefiting from enhanced features and security updates.

How to Pass the KCNA - Kubernetes And Cloud Native Associate

Julia Furst Morgado — Mon, 05 Feb 2024 23:55:27 +0000

Yesterday I took the Kubernetes and Cloud Native Associate Exam (KCNA) exam, and this morning I got the results that I passed, yey! While some may consider it a beginner-level exam, it does require a solid foundation and practical experience with Kubernetes and related projects to successfully pass.

The KCNA exam is conducted online and costs $250, which includes one free retake. If you do not pass on your first attempt, you have the opportunity to take the exam again within one year of your initial purchase.

I've compiled a list of 15 options to build a Kubernetes playground and I highly encourage you to get hands-on experience by playing with any of the tools mentioned in my blog post. Familiarizing yourself with the kubectl command line is crucial and the practical, hands-on approach solidifies your understanding of Kubernetes and allows you to internalize the concepts more effectively.

Now, let's delve into the key domains covered in the KCNA exam:

Key Domains

Kubernetes Fundamentals (46%)

To excel in this domain, you need to have a deep understanding of:

The problem Kubernetes solves
The architecture of Kubernetes and the roles of its components
The hierarchy of Kubernetes components, from Cluster to Node to Pod to Container
Concepts such as services, deployments, replicasets, daemonsets, statefulsets, configmaps, secrets, network policies, RBAC, service discovery, manifests, autoscaling, and load balancing
The required elements in a Kubernetes manifest
The usage of kubectl and common Kubernetes commands
Knowledge of YAML and JSON
The ability to extend the Kubernetes API

Container Orchestration (22%)

Understand the problems that Container Orchestration resolves
You must have an overview of the different types of Open Standards:
- Container Runtime Interface (CRI) and different runtimes available
- Container Network Interface (CNI)
- Container Storage Interface (CSI)
- Service Mesh Interface (SMI)
What Namespaces and Cgroups are

Cloud Native Architecture (16%)

How the Cloud Native Computing Foundation (CNCF) is structured
Serverless tools for Kubernetes
Helm and Helm charts

Cloud Native Observability (8%)

You must be able to define observability and know the difference between logs, metrics and traces
What is Prometheus and Grafana
Common kubectl commands to view logs of pods, specifications, dry-run etc

Cloud Native Application Delivery (8%)

You need to define and understand various tools and concepts related to application delivery in a Cloud Native environment. This includes:

DevOps
GitOps
CI/CD
What an SRE does

Resources to study

To further enhance your understanding and preparation for the KCNA exam, here are some recommended resources:

The official Kubernetes documentation, although dense, is a valuable resource to study
The Cloud Native Computing Foundation Landscape provides an overview of all CNCF projects and technologies
James Spurin's course, Dive Into Cloud Native, Containers, Kubernetes and the KCNA Exam is highly recommended. The course offers a 90% discount if you purchase it now!
The book Becoming KCNA Certified by Dmitry Galkin

Tips for taking the KCNA exam

Sign into your exam at least 30-15 minutes before the start time. The proctor needs this time to check your ID and review your workspace via your webcam.
Since the KCNA exam is conducted from home, it's important to have a clean and non-cluttered space available to you. Make sure to prepare your workspace the day before the exam. Remember, you must be alone in the room during the exam, so plan accordingly.
Keep in mind that you need to have your webcam and audio on throughout the exam. As this can drain your battery, remember to have your laptop charger handy.
GOOD LUCK, YOU'VE GOT THIS!

Follow me on Twitter (where I share my tech journey) daily, connect with me on LinkedIn, check out my IG, and make sure to subscribe to my YouTube channel for more amazing content!!

On-Premises, IaaS, PaaS, SaaS, or FaaS: A Car Analogy

Julia Furst Morgado — Mon, 29 Jan 2024 21:10:31 +0000

In today’s digital landscape, businesses have a wide range of options when it comes to deploying and managing their IT infrastructure. Traditional on-premises data centers, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Function as a Service (FaaS) are popular choices for organizations looking to leverage the benefits of cloud computing. Each option offers its own set of advantages and considerations, making it important for businesses to understand the differences and choose the right solution for their specific needs. Understanding these models might seem intricate, so let’s simplify it with an analogy using cars and transportation.

On-Premises: Ownership and Control

On-premises infrastructure refers to the traditional model in which businesses own and operate their own data centers. With on-premises solutions, organizations have complete control over their IT infrastructure, including hardware, software, and security. They are responsible for purchasing and maintaining the necessary equipment, as well as managing and securing the data center.

On-premises data centers are like owning your own car. Just as you purchase a car and are responsible for its insurance, maintenance, and repairs, on-premises data centers require you to invest in physical infrastructure, such as servers, storage, and networking equipment. You have full control over the infrastructure, but you are also responsible for managing and maintaining it.

On-premises solutions provide businesses with a high level of customization and control, making them ideal for industries with strict compliance requirements or unique security needs. However, they also require significant upfront capital investment and ongoing maintenance costs. Organizations must also ensure they have the technical expertise and resources to manage and secure their own infrastructure effectively.

IaaS: Flexibility and Scalability

Infrastructure as a Service (IaaS) is a cloud computing model that provides virtualized computing resources over the internet. With IaaS, businesses can rent virtual machines, storage, and networking infrastructure from a cloud provider. This allows organizations to scale their infrastructure up or down based on their current needs, without the need for significant upfront investments.

IaaS is similar to leasing a car. With IaaS, you don’t own the underlying infrastructure, but you rent it from a cloud service provider. Like leasing a car, you pay regular fees (monthly or hourly) for the resources you use, such as virtual machines, storage, and networking. You have more flexibility compared to on-premises, as you can scale up or down as needed. However, you are still responsible for managing the operating system, middleware, and applications.

IaaS offers businesses the flexibility to deploy and manage their own software applications and operating systems on the cloud infrastructure. It provides a cost-effective solution for organizations that want to reduce their on-premises infrastructure costs and have greater agility in responding to changing business demands. However, businesses are still responsible for managing the applications, databases, and security on the rented infrastructure.

PaaS: Streamlined Development and Deployment

Platform as a Service (PaaS) is a cloud computing model that provides a platform for developing, deploying, and managing applications. With PaaS, businesses can focus on building and running their applications, while the cloud provider manages the underlying infrastructure, including servers, storage, and networking.

PaaS can be compared to car-sharing. In a car-sharing model, you don’t own the car, but you have access to a vehicle whenever you need it. Similarly, with PaaS, you don’t own the underlying infrastructure or manage the operating system. Instead, you can focus more on your application development and less on infrastructure management.

PaaS offers businesses a streamlined development and deployment process, as it provides pre-configured development environments and tools. This allows organizations to accelerate their application development and deployment cycles, as well as easily scale their applications as needed. PaaS is particularly beneficial for software development teams and organizations looking to reduce the complexity and time required to manage infrastructure.

SaaS: Ready-to-Use Applications

Software as a Service (SaaS) is a cloud computing model that delivers software applications over the internet on a subscription basis. With SaaS, businesses can access and use software applications without the need for installation or maintenance. The cloud provider hosts and manages the software application, as well as handles updates, maintenance, security of the software, and availability.

SaaS is like calling a taxi. When you use a taxi service, you don’t need to own a car or even drive it. Similarly, with SaaS, you don’t need to manage any infrastructure or worry about the underlying platform. You simply access and use the software applications provided by the cloud service provider through a web browser or app.

SaaS offers businesses ready-to-use applications that can be accessed from anywhere with an internet connection. This eliminates the need for organizations to manage and maintain software applications on their own infrastructure. SaaS solutions are particularly popular for common business applications such as customer relationship management (CRM), enterprise resource planning (ERP), and productivity tools.

FaaS: Serverless Computing

Function as a Service (FaaS), also known as serverless computing, is a cloud computing model that allows businesses to run individual functions or pieces of code in the cloud. With FaaS, organizations can focus on developing and deploying specific functions without the need to manage servers or infrastructure.

Serverless or FaaS can be compared to taking a bus. When you take a bus, you don’t need to worry about maintenance, driving, or ownership. Similarly, with serverless computing, you don’t need to manage any server infrastructure. You can focus solely on writing and deploying individual functions or code snippets. The cloud provider takes care of the infrastructure, scaling, and execution of the functions on demand.

FaaS offers businesses the ability to execute code on-demand, paying only for the actual execution time and resources used. This gives organizations a highly scalable and cost-efficient solution for running lightweight applications and microservices. FaaS is particularly beneficial for event-driven and real-time applications that require rapid and dynamic scaling.

Choosing the Right Cloud Solution

When it comes to choosing the right cloud solution for your business, it’s essential to evaluate your specific requirements and consider factors such as control, scalability, development needs, and cost. Here are some key considerations:

Control and Ownership: If your organization requires complete control over infrastructure and data, an on-premises solution may be the best fit. However, be prepared for the higher upfront costs and ongoing maintenance responsibilities.
Flexibility and Scalability: If your organization needs the ability to scale up or down quickly and wants to reduce infrastructure costs, IaaS can offer the necessary flexibility and scalability.
Development and Deployment: If your organization wants to streamline application development and deployment processes, PaaS provides pre-configured development environments and tools. Ready-to-Use Applications: If your organization needs access to software applications without the burden of installation and maintenance, SaaS solutions offer a convenient and cost-effective option.
Event-Driven or Real-Time Applications: If your organization requires rapid and dynamic scaling for event-driven or real-time applications, FaaS provides a serverless computing model that can efficiently handle these workloads.

It’s important to note that many organizations choose a hybrid cloud approach, which combines different cloud solutions to meet their specific needs. For example, an organization may have critical applications running on-premises for control and security, while leveraging IaaS or PaaS for other workloads that require scalability and agility.

In conclusion, choosing the right cloud solution for your business depends on various factors, including control, scalability, development needs, and cost. Evaluating your specific requirements and understanding the advantages and considerations of each cloud solution can help guide your decision-making process. Whether you opt for on-premises, IaaS, PaaS, SaaS, or FaaS, the goal is to select a solution that aligns with your business goals and enables you to leverage the benefits of cloud computing.

Follow me on Twitter (where I share my tech journey) daily, connect with me on LinkedIn, check out my IG, and make sure to subscribe to my Youtube channel for more amazing content!!

15 Options To Build A Kubernetes Playground (with Pros and Cons)

Julia Furst Morgado — Thu, 25 Jan 2024 16:05:07 +0000

Why a Kubernetes Playground

As a beginner, having a playground environment is crucial for experimenting and learning about Kubernetes without the fear of breaking anything. A Kubernetes playground provides a safe and controlled space to explore the various features and functionalities of Kubernetes. When starting, the choice between hosting everything on your machine, in a virtual machine (VM) on your machine, or the cloud can be overwhelming. In this article, I will discuss some popular options for setting up your Kubernetes playground.

When it comes to running Kubernetes clusters, there are several options available, depending on your specific requirements and environment. In this article, we will explore some popular tools for running Kubernetes clusters and discuss their pros and cons.

If you want to build a little testing/dev/learning cluster for yourself, this article is for you!

Setting Up Without Installation

Playing in the browser is ideal for beginners who want to get a bigger picture without the need for installations. Here are some options:

Play with Kubernetes Classroom: is a site provided by Docker that offers hands-on experience using Kubernetes. The workshop allows you, in the browser, to follow a Kubernetes tutorial without installing anything. It's free.
Play with Kubernetes: is another lab provided by Docker that allows users to run K8s clusters in the browser. It provides the experience of having a free Alpine Linux Virtual Machine. Under the hood, Docker-in-Docker (DinD) is used to give the effect of multiple VMs/PCs. It's free.
Killercoda: offers different Kubernetes playgrounds like single and multi-node. It's free but with limitations.

Pros

Easy to start: No complex configuration is required. The Kubernetes clusters are available with a click of a button.

Runs in a browser: It does not consume the resources of your laptop and can be launched from any location and any operating system.

Free: You can use it without any obligations and you don’t even have to provide your email to start using it.

Cons

Limited functionality: It's a sandbox suitable only for getting started with Kubernetes. You can't customize the environment, scale the cluster, or deploy any meaningful workload to this platform.

Deployments are not persisted: Every time you close or restart your browser, the progress will be lost.

On your workstation

Docker Desktop: is a widely used tool that allows you to enable Kubernetes with just a simple checkbox. It provides an easy way to run Kubernetes on your workstation, especially if you are already using Docker. Docker Desktop is known for its user-friendly interface and seamless integration with Docker containers. Just tick the checkbox on Docker desktop to enable Kubernetes. It seems the easiest way to go, especially if you are already using Docker.

Pros

Easy to install and configure Works well if you are already using Docker Provides a familiar development environment

Cons

Limited functionality compared to other tools Can consume a significant amount of system resources

Rancher desktop
Minikube (see below as they can run on a VM as well)
Kind (see below as they can run on a VM as well)

On a virtual machine (cloud servers or VMs)

Minikube: is a popular tool for running Kubernetes locally. It sets up a single-node Kubernetes cluster inside a virtual machine on your laptop. Minikube is easy to install and is available as an open-source tool.

Pros

Easy to start and configure: Easy to install it, although it requires extra configuration.

Free and open source: Minikube is an open-source tool so you can download, use, and even modify it as you see fit without restrictions or limitations.

Suitable for local development and testing

Cons

Limited functionality compared to full-scale Kubernetes clusters: Some features are not supported or do not work well in Minikube.

Requires a fair amount of system resources: Requires a fair amount of resources, such as CPU and memory.

Not recommended for production environments: Good only for local development,

Kubeadm: is a tool designed to bootstrap a full-scale Kubernetes cluster. It is a production-grade solution that supports all the features of Kubernetes and passes the Kubernetes Conformance tests.

Pros

Supports all features of Kubernetes: Clusters created with kubeadm are fully functional and pass all the Kubernetes Conformance tests.

Suitable for production environments: It is absolutely safe to use kubeadm-created clusters not just in sandboxes and pet projects, but in real-world, production enviroments as well.

Provides a fully functional and reliable cluster

Cons

Requires additional resources and multiple nodes for optimal performance: Even though you can create a single-node cluster on your laptop – kubeadm is usually run on multiple nodes. The most obvious choice is to rent servers from a cloud provider. However, if there is some spare hardware on your geek shelf – you can repurpose it and build your Kubernetes lab out of it.

Installation process can be complex: The process of provisioning can be difficult because you need to install kubeadm itself, as well kubectl, container runtime, and a handful of supporting packages.

Maintenance can be challenging, requiring manual intervention in some cases: Kubeadm is not declarative. You can’t save the applied configuration anywhere. If your node goes away, you will have to bring up a replacement and perform the manual join again (unless you have automated it further). Also, even though the creation process is automated, you will still have to deal with all the burdens related to maintaining a self-hosted Kubernetes cluster (maintaining quorum, backing up etcd, and so on)

Kind: is a tool for running local Kubernetes clusters using Docker container "nodes." It was primarily designed for testing Kubernetes itself but can also be used for local development or continuous integration.
K3S: is a lightweight distribution of Kubernetes that is designed for resource-constrained environments. It is an excellent option for running Kubernetes on a virtual machine or cloud server.
K3D: is a lightweight distribution of Kubernetes designed for resource-constrained environments. It is an excellent option for running Kubernetes on virtual machines or cloud servers.

Managed Kubernetes

Managed Kubernetes, also known as Kubernetes as a Service (KaaS), is a cloud-based offering that simplifies the management and operation of Kubernetes clusters. It allows users to focus on deploying and managing their applications without the need to worry about the underlying infrastructure and maintenance tasks.

AWS Elastic Kubernetes Service (EKS) AWS Elastic Kubernetes Service (EKS) is a managed Kubernetes service provided by Amazon Web Services (AWS). It simplifies the process of deploying, managing, and scaling containerized applications using Kubernetes on AWS. EKS integrates with other AWS services, such as Elastic Load Balancing, Amazon RDS, and Amazon S3, providing a seamless experience for running containerized workloads in the AWS ecosystem.

Key Features of AWS EKS:

Automated Kubernetes cluster management Integration with AWS services and tools High availability and scalability Support for multiple availability zones Seamless integration with AWS IAM for access control

Azure Kubernetes Service (AKS) Azure Kubernetes Service (AKS) is a managed Kubernetes offering from Microsoft Azure. It enables users to deploy and manage containerized applications using Kubernetes without the need to manage the underlying infrastructure. AKS integrates with Azure services like Azure Container Registry, Azure Monitor, and Azure Active Directory, providing a comprehensive solution for deploying and managing applications on Azure.

Key Features of Azure AKS: Simplified cluster creation and management Seamless integration with Azure services Automated scaling and self-healing capabilities Built-in monitoring and diagnostics Integration with Azure Active Directory for access control

Google Kubernetes Engine (GKE) Google Kubernetes Engine (GKE) is a managed Kubernetes service on the Google Cloud Platform (GCP). It offers a fully managed, scalable, and secure environment for running containerized applications with Kubernetes. GKE provides seamless integration with other GCP services like Google Cloud Storage, Stackdriver Logging, and Cloud IAM, making it easy to build and deploy applications on GCP.

Key Features of Google GKE:

Automated cluster management and scaling Seamless integration with GCP services Automatic upgrades and security patching Monitoring and logging with Stackdriver Role-based access control with Cloud IAM

Civo Civo is a cloud-native, managed Kubernetes service offered by Civo Ltd. It provides a user-friendly platform for deploying, scaling, and managing containerized applications with Kubernetes. Civo offers a simple and streamlined experience with its intuitive UI, CLI, and API. It also provides integration with popular tools like Helm and Prometheus for application deployment and monitoring.

Key Features of Civo:

Easy cluster creation and management User-friendly interface and API Integration with Helm and Prometheus High availability and scalability Cost-effective pricing model

DigitalOcean Kubernetes (DOKS) DigitalOcean Kubernetes (DOKS) is a managed Kubernetes service provided by DigitalOcean. It allows users to deploy, manage, and scale containerized applications using Kubernetes on the DigitalOcean cloud platform. DOKS integrates with other DigitalOcean services like Block Storage, Load Balancers, and Spaces, providing a seamless experience for deploying and managing applications on DigitalOcean.

Key Features of DigitalOcean DOKS:

Simplified Kubernetes cluster management Seamless integration with DigitalOcean services Automated scaling and load balancing Monitoring and alerting capabilities Cost-effective pricing model

Pros

Production-grade solution: It’s not the best option, however, some companies use it as a go-to method for provisioning their Kubernetes infrastructure. It can be scaled to a certain extent, however, it requires some extra scripting and configuration.

Easy to start: Creating a basic cluster takes seconds, making it a perfect option when you need to build a cluster quickly.

Cons

Require a cloud account: If you haven’t yet started your cloud journey, this option will require some extra steps to create your cloud account and users.

Not maintainable: The CLI or any script based on CLI is not declarative and does not highlight the state of your infrastructure. This means you will require additional efforts to make sure the automation is applied in an idempotent way.

Can be expensive: Managed Kubernetes clusters are relatively expensive. So, you should never forget to turn down your infrastructure when you are not working with your lab. In AWS, you pay not for what you use but for what you have forgotten to terminate.

In summary, choosing the right tool for running Kubernetes clusters depends on your specific requirements and environment. I hope this article helps someone out! Feel free to give me feedback, and if I'm off track, don't hesitate to let me know. We're all in this together, learning and growing as a community!

Follow me on Twitter (where I share my tech journey) daily, connect with me on LinkedIn, check out my IG, and make sure to subscribe to my Youtube channel for more amazing content!!

An Easy Way to Understand Docker

Julia Furst Morgado — Fri, 27 Oct 2023 12:12:30 +0000

Docker is renowned worldwide as an open-source container service provider, that excels in packaging applications and their components, along with dependencies, simplifying the deployment process. It is a powerful and versatile tool, that streamlines the creation, running, and management of software applications. However, before we delve into Docker's inner workings, let's start by grasping the fundamental concept of containers.

Understanding Containers:

Containers are much like virtual machines, but while virtual machines simulate an entire computer, containers create a sandboxed environment that imitates a virtual machine.
These containers typically run the most streamlined version of the required software and professionals often construct stripped-down operating systems that excel in performing a single specialized task.

Docker is the tool that facilitates the creation and execution of these containers, allowing you to save them as templates for future use.

Docker's Three Key Components:

🏭 Imagine Docker as a well-structured factory with three critical elements:

Docker Client (👨‍💼 Manager): Picture yourself as the manager. In this role, you give instructions to the Docker Client, much like a manager directing the factory's operations.
Docker Host (🏭 Factory Floor): The Docker Host represents the factory floor where all the work unfolds. It diligently adheres to your directives, similar to how factory workers follow a manager's lead. The Docker Host manages various aspects, including images (🖼️ like blueprints for products), containers (📦 the actual products), networks (🔗 internal connections within the factory), and volumes (📦 storage for materials).
Docker Registry (🏬 Warehouse): The Docker Registry serves as a warehouse where you stockpile your blueprints (🖼️ images). Docker Hub is a colossal, publicly accessible warehouse containing an array of blueprints that anyone can utilize.

How Containers Work in Practice:

Imagine you have two containers running – one hosting a Redis server and the other an ArangoDB instance. Each container is based on pre-built templates, and you can start them with minimal configuration. Importantly, these containers only expose the necessary ports to perform their tasks, making it challenging for hackers to access them like a regular computer.

Docker's Versatility:

When it's time to deploy your application to production, Docker streamlines the process. You save your containers as image files and deploy them to your chosen server instances, whether it's on Amazon, Google Cloud, or elsewhere. Docker abstracts the underlying operating system, ensuring your containers run consistently regardless of the host's OS.

Unlike virtual machines, Docker's lightweight containers have minimal performance overhead, ensuring efficiency.

Docker Files:

A Dockerfile is a simple instruction file that tells Docker to download an image and execute commands on it. These commands may include installing additional software or configuring the environment to meet your application's specific needs.

Now, let's explore how Docker functions when you want to run a container, build a custom image, or pull an existing image in this factory:

Building a Custom Image ("🔧 docker build"):

With docker build you take on the role of a designer creating a completely new product from scratch. You provide precise instructions in the form of a Dockerfile, similar to providing detailed specifications for the product's design.

The factory (Docker Host) diligently follows your instructions, crafting a unique product that adheres to your specifications. Once the custom image is constructed, it becomes a brand-new product ready for use within the factory.

Pulling an Existing Image ("🚚 docker pull"):

In the context of docker pull you venture to the warehouse (Docker Registry) to acquire a pre-designed blueprint (🖼️ image) produced by someone else. You fetch the blueprint (image) from the warehouse and transport it into your factory, where it is stored for future use. It's like to purchasing a product design from a supplier and maintaining it within your factory, available for future production.

Running a Container ("🏃‍♂️ docker run"):

You, the manager, initiate a docker run command, much like issuing an order for a new product within the factory. Docker, acting as the factory, procures the required blueprint (🖼️ image) from the warehouse (Docker Registry), like retrieving a design for the product you wish to create. Docker proceeds to fabricate a brand-new product (📦 container) based on that blueprint.

Subsequently, Docker allocates a designated workspace for the container, similar to setting up a workstation (🧰 filesystem) for product assembly or customization.
Docker connects the container to the factory's internal systems (🔌 network interface), enabling it to interact seamlessly within the factory.
Finally, Docker activates the container, and your new product is up and running within the factory, ready for use or further customization.

Conclusion

In summary, Docker simplifies software application management by creating isolated containers. These containers can run on various hosts, regardless of the underlying operating system. This flexibility, along with Docker's efficiency, makes it a game-changer in technology.

If you liked this article, go follow me on Twitter (where I share my tech journey) daily, connect with me on LinkedIn, check out my IG, and make sure to subscribe to my Youtube channel for more amazing content!!

Choose Your Tech Career: Software Engineering or DevOps?

Julia Furst Morgado — Thu, 19 Oct 2023 12:33:17 +0000

Are you struggling to decide between two exciting tech career paths: software engineering and DevOps engineering? I've been there, and I get it. While these two domains may appear worlds apart, they share common threads, each offering a distinct set of challenges and prospects. In this post, we'll dive deeper into both niches, make some side-by-side comparisons, and sprinkle in a few real-life examples to help you make a choice you won't regret.

Passion

Before we dive into the nitty-gritty of these two roles, I want to emphasize an important requirement for success - passion. Your enthusiasm for what you do plays a pivotal role in your career. Whether you're writing code or managing infrastructure, your career path should be a journey that gets you fired up every day. So, before you make any decisions, ask yourself: "Am I genuinely thrilled about this field?"

If you can't wake up in the morning thinking, "I can't wait to dive into this today," it's time to rethink your choice.

Software Engineering

In the realm of software engineering, you often find yourself creating computer programs designed for everyday users. Software engineers, often abbreviated as SWEs, are the architects behind user-friendly applications that enhance and simplify life.

Example 1: User Engagement and Content Recommendation

Now imagine you're a software engineer working on a social media application.

Your task is to create a recommendation system that analyzes user interactions within the app. You collect data on what users click, like, comment on, and their other interests. Your goal is to use this data to optimize the algorithm that recommends content to keep users engaged with the application. You consider metrics like the number of posts a user clicks on, how many they like, how many they comment on, and how long they've been using the app on a given day. Your primary focus is on enhancing the user experience and increasing engagement. The goal may be to find ways to make these algorithms faster, and more efficient, or to improve other characteristics of data applications.

Example 2: UI Aesthetics

You have to work on the user interface (UI) of an application, addressing issues such as item alignment, color schemes, and button design to improve the overall user experience.

DevOps Engineering

Now, DevOps engineering offers a different set of challenges. "DevOps engineers" (there is an ongoing discussion on DevOps as a methodology or a role,) make sure the technology behind the scenes works flawlessly. They focus on improving how computer systems run and dealing with issues when many people are using an app.

Example 1: Infrastructure Scaling and Performance Optimization

Suppose you're in charge of a shopping website. Your responsibility is to build a system that monitors how the website is performing and ensures smooth and efficient operation. When your application experiences heavy traffic during the evening hours in the U.S. so you notice increased utilization and a decrease in performance, your system should automatically launch additional containers or allocate more resources to eliminate bottlenecks and maintain a fast and responsive user experience. As the evening comes to an end, the system scales down resources to save costs while still meeting performance requirements. The key metrics you monitor include the number of users online, API response time, CPU utilization, memory utilization, and network throughput. Your main focus here is on optimizing the application's infrastructure for performance and cost-efficiency. You might also look at how to speed up processes, like the time it takes for customers to make a purchase, by making the checkout process quicker.

This DevOps role emphasizes infrastructure management, automation, and performance optimization. You work behind the scenes to ensure that the application runs seamlessly, even during peak usage hours. It requires a deep understanding of system architecture, cloud technologies, and automation tools. Your goal is to enhance system reliability and maintain cost-effective operations.

Example 2: Speeding Up the CICD Pipeline

Let's say that you've got a CICD pipeline and every time your developers open a merge request, it triggers a build process on your CICD server. And that takes five minutes to complete. Your goal is to make that go faster since developers must wait for five minutes before they can open their merge request after committing their code. Maybe you can increase the memory or CPU available to the build server, or maybe there are certain known dependencies for your application. Maybe you can create a new base Docker image where those dependencies are already pre-installed and the build process doesn't have to manage those. Or maybe part of your merge process involves spinning up a pull request environment so that the application can be tested. And maybe there are parts of that infrastructure that don't need to be spun up and torn down every time that you can have sitting idle and then you just drop the Docker container for that pull request into that environment. So you cut down the time that way, and you get the time down from five minutes down to three minutes. It may not seem monumental, but to someone sitting there and waiting to click on the pull request button, it's pretty significant.

Common Threads

Both paths involve writing code to solve problems, yet the nature of these challenges and the primary audience they serve set these roles apart.
In software engineering, your customer is the end user of the application. You strive to create a better user experience. In DevOps, usually, your customer is the application's infrastructure, and you aim to optimize its performance and resource allocation. It's a difference in perspective, but the core issue remains the same: problem-solving through code.

Choosing Your Path: What Do You Enjoy Doing?

When choosing between these two jobs, think about what you like to do. If you enjoy making things look great and work well for users, then software engineering might be your path. But if you're good at solving problems and making systems run better, DevOps engineering could be your thing.

A Modern Twist: Being Versatile

It's worth noting that in today's tech landscape, the lines between software and DevOps engineering can blur. Companies often expect professionals to have expertise in both areas. So, if you're just starting your career, be prepared for extensive learning and adaptation.

In the end, both careers offer exciting opportunities. Your choice should fit what you love doing and what you're good at. Understanding the distinctions and aligning them with your interests is crucial. Ultimately, it's your passion and dedication that will propel you towards a fulfilling and successful career. Remember, you can always try the other one if you change your mind later on. So, go ahead, pick your tech journey, and enjoy the adventure in the ever-changing tech field!

How to Contribute to CNCF Glossary Localization - No Code Needed -

Julia Furst Morgado — Thu, 28 Sep 2023 23:46:30 +0000

Introduction

The Cloud Native Computing Foundation (CNCF) Glossary is a valuable resource that helps clarify the terminology and jargon used in the world of cloud-native computing. It provides concise and precise definitions of essential terms, making it an indispensable tool for both newcomers and seasoned professionals in the field.

I always encourage everyone to start contributing to Open Source early on in their career because you will:

Learn and gain experience
Meet people who are interested in similar things as you
Find mentors
Grow a reputation and leverage your career
Get those green squares on GitHub
Benefit a lot more!

Localization?

Localization is the process of translating and adapting a product or service to a specific language and culture. In the context of the Cloud Native Glossary, localization refers to translating the glossary terms and definitions into other languages. You can also contribute in different ways if you only speak English (don't forget to read my guide on how to become an Open Source contributor).

Contributing to the localization of the CNCF Glossary is not only a fantastic way to give back to the cloud-native community but also an excellent opportunity to deepen your understanding of the technology and its terminology. By participating in this open-source project, you'll be making it accessible to a wider audience, especially those who prefer to consume content in their native languages.

Steps to contribute

Read the documentation

Read the How to Contribute page on the Cloud Native Glossary website. This page provides information on how to localize the glossary, including the localization guide, style guide, and best practices.

Join the community

Join the CNCF Slack workspace and join the #glossary-localizations and #glossary-localization-[your language name] channels. These channels are where you can connect with other members of the Cloud Native Glossary localization team and get help with any questions you have. If the CNCF Glossary project does not have a localization team for your language yet, read this.

Look for open issues that haven't been assigned

You can find open issues by searching the Cloud Native Glossary GitHub repository, and filtering them with labels "is:issue is:open label:lang/pt no:assignee".

Note: In this example, "pt" is for Portuguese but you can change the label to your language. For example, Hindi would be label:lang/hi, and French would be label:lang/fr.

If you don't find any open issues

In case there are no open issues, check the Slack channel dedicated to your language for pinned documents that show the terms/pages that still need to be translated. Also consider sending a friendly and polite message in the Slack channel to introduce yourself, express your interest in contributing to the project, and inquire if there is an available list or tracking system for translation tasks.

If you found an issue

Once you have found an issue, drop a comment saying you would like to take that issue/work on that. A member of the Cloud Native Glossary localization team will review your request and approve it. Wait to be accepted because sometimes there is already someone working on it and you'll have done work for nothing.

Fork the Cloud Native Glossary GitHub repository

This will create a copy of the repository on your own GitHub account.

Clone the forked repository

Use the git clone command to clone the forked repository to the IDE in your local machine or any IDE that you are using. I've been using AWS Cloud9 lately and really liking it.

Create a working branch

For example, if you are translating to Portuguese, you would create a branch from the dev-pt branch. If you're not familiar with the Git and GitHub workflow you can skip this step.

Create a new .md file

Inside the folder of your language, create a new file for the term and name it with the name in English (don't forget the .md at the end).

Translate the term

Be sure to follow the localization guide and style guide when translating the terms. Check the terms that have already been translated to use the same words. Don't forget to translate the title, category, and tags. Once you make sure to review it carefully. Project reviewers and maintainers have busy schedules, and it can be burdensome for them to request minor corrections like a missing comma or an accent mark.

Important:
If your term includes hyperlinks to other terms and those terms have already been translated, ensure you modify the hyperlink to direct to the translated term. For instance, if you're translating a term into Portuguese, update the hyperlink from https://glossary.cncf.io/abstraction/ to https://glossary.cncf.io/pt-br/abstraction/. This helps maintain a seamless experience for users accessing the glossary in their preferred language.

Commit your changes and push them to your forked repository

First, write on your terminal: git add [path_to_your_file] or if you just changed that file you can do git add .
Then write: git commit -m 'new translation for [term]'
And finally: git push

Once you have pushed your changes to your forked repository, you will see that your branch is ahead of the cncf:main branch and that you can contribute to it by opening a pull request (also known as PR).

Open a pull request.

To open a PR, click on the green button to open a pull request pointing to the Portuguese development branch (dev-pt) - or any other language, to merge your changes into the main Cloud Native Glossary repository.

(optional)

In the team's slack channel (#glossary-localization-portuguese), let them know that you submitted your PR.

Wait for your pull request to be reviewed

Once you have opened a pull request, the members of the Cloud Native Glossary localization team in your language will review your changes. They may provide feedback or suggest changes to your translations. Frequently monitor the notifications located in the upper right corner of your screen; this is where you'll find them.

Make any necessary changes and update your pull request

Merge your pull request

Once your pull request has been approved, you can merge into the main Cloud Native Glossary repository and your translations will be published to the Cloud Native Glossary website. If you created a branch on step 8, you can also delete it now. And voilá!

Final Tips

Start small. Don't feel like you need to translate the entire glossary at once. Start by translating a few terms or pages that you are familiar with or that are relevant to your interests.
Use the existing translations. If a term or page has already been translated into your language, you can use that translation as a starting point. However, be sure to review the existing translation and make any necessary changes.
Be consistent. When translating terms, try to be as consistent as possible. Use the same terminology throughout the glossary and avoid using different translations for the same term.
If you have any questions or need help with anything drop a message on the Slack channel. If you have any questions or need help with anything, don't hesitate to ask for help in the #glossary-localizations Slack channel or in the Slack channel for your language. The other members of the team are always happy to help new contributors. Don't be embarrassed and don't wait too long; otherwise, the project reviewers/maintainers will think you've abandoned it.

Good luck and let me know if you would like to know other projects that you can contribute like that!

The Ultimate eSports Experience: Inside the AWS VALORANT Champions VIP Hospitality 2023

Julia Furst Morgado — Thu, 07 Sep 2023 15:15:31 +0000

If you think Los Angeles is only about Hollywood celebrities and palm trees, think again. I recently had the privilege to be invited by AWS - Amazon Web Services, to attend the VALORANT final championship. It was two adrenaline-packed days through the world of eSports that left me with a whole new perspective on gaming.

eSports Is More Than Just Games

Before I dive into the schedule and my wholesome experience, I want to clarify something about eSports. It's not just a bunch of folks (nerds 😝) playing video games; it's a highly organized, competitive environment where elite gamers battle it out for fame (yes, they are celebs) and fortune. Think of it as the Olympics of gaming, where teams compete in various titles, and fans from all over the world tune in to watch.

At the heart of this eSports extravaganza is Riot Games, a game-developing company that has taken the gaming world by storm with titles like League of Legends and Valorant. Valorant, a tactical first-person shooter with a massive player base, demands precision, teamwork, strategy, and SUPER low latency.

For me, this event was more than just playing the game (since I've probably only played Mario Kart once in my life); it was about seeing how AWS and Riot Games have joined forces to revolutionize the world of eSports.

A Game-Changing Partnership between AWS and Riot Games

Picture this: Riot Games, the powerhouse behind some of the most popular titles in the gaming world, and AWS, a giant in cloud computing and artificial intelligence, coming together to reshape the landscape of eSports. The result? BOOM, a dynamic collaboration that's taking gaming to the next level.

AWS is the backbone of Riot's entire infrastructure. Its cutting-edge technology optimizes player experience, reduces latency, and ensures that everything runs smoothly. In an eSports world where milliseconds can be the difference between victory and defeat, AWS is a game-changer. Imagine watching your favorite gamers battle it out in real time, with AWS ensuring that you don't miss a single shot of the action.

Technical Panel with Geeks and Gamers

One of the highlights of the event was the Technical Panel we had on the first night, where we could hear and ask questions to some of the brightest minds in both gaming and tech.

Alex "Goldenboy" Mendez, an eSports host and commentator with a competitive gaming background, started by leading the discussion and explaining how the Valorant game works. He covered topics like the different agents in the game and their roles, some types of weapons, and the overall structure of the Valorant Champions Tour tournaments. What I got from it was: Valorant rewards strategy and tactical thinking. Which requires a combination of aiming skills, map awareness, understanding of agent abilities, decision-making, and cooperation with your team (that's why the team players are always talking to each other during the game). It was also awesome to talk to him in person and on the next day see him on the big screen narrating the game.

Then, there was a panel featuring key technical leaders from AWS (Jun David, Randy James, and Shiva Natarajan) and Riot Games (John Knauss, Brian Miller, and Gabriel Isenberg). They delved into several technical topics, which I'm going to address next, including the launch of VALORANT and how Riot's player platform evolved to accommodate multiple gamers across the world seamlessly.

Peekers Advantage

One of the biggest technical challenges when it comes to shooter games like Valorant is peekers advantage.

Peeker’s advantage is a complex and often divisive aspect of VALORANT gameplay. It refers to the time difference between a player peeking around a corner and the maximum time a holder has to react before being eliminated. Typically, the peeker sees their opponent first, leaving the holder with less time to react.

To address this often-unwelcome feature and improve gameplay, Riot Games is implementing several changes:

Animation Blending: Riot is working on updating animation blending to eliminate lag when transitioning from "running" to "standing."
Corpse-Blocking: They are addressing the issue of "corpse-blocking" to ensure constant enemy visibility even after they've been eliminated.
Delay in Player Deaths: Riot plans to introduce a slight delay in player deaths, allowing you to see what the player who defeated you is doing.
Optimized Game Client: The VALORANT game client is being optimized to run at 60FPS on most modern machines, with higher framerates for high refresh rate monitors.
Minimal Buffering: Both clients and servers are being run with minimal buffering to ensure responsive gameplay. Riot aims for one buffered frame of movement data for clients and an average of half a frame of movement data on servers.
Latency Reduction: Riot is focusing on reducing latency for players and optimizing servers to achieve a 35ms ping for 70% of the player base.

Now let's talk about latency.

Reducing Latency

Riot Games has made significant investments in reducing latency for players and optimizing server performance. Their approach includes both strategic server placement and technological enhancements.

Strategic Server Placement: When Riot Games initially partnered with AWS, their server placement strategy was based on the utilization of AWS regions. However, through a data-driven approach that involved analyzing their existing League of Legends player base, they gained valuable insights into player demographics and geographic distribution. By conducting thorough assessments of key factors like ping, packet loss, and latency, it became clear that players situated beyond the boundaries of these AWS regions were not experiencing an optimal gaming experience.

In response, Riot Games transitioned from AWS Outposts to AWS-managed Local Zones, a move that significantly expanded their server presence. They currently operate in a total of 33 Local Zones globally. This shift allowed Riot to cater to players in regions previously overlooked, ensuring a more equitable experience for all. The identification of players using VPNs in various locations further informed their server placement strategy. This assessment was based on user latency compared to players physically located in specific regions.

Optimizing Game Routing: Riot established their internet backbone, Riot Direct, to ensure efficient routing of game data. By identifying key points of presence and establishing direct fiber connections, they created a high-speed network that prioritizes game traffic. This network enables minimal packet loss and lower latency, enhancing the overall gaming experience.

Matchmaking

In terms of matchmaking (connecting players to a game), Riot has services dedicated to matching players based on skill level and, more importantly, latency. When players try to enter a game, they check their ping to the game servers and then also consider how that correlates with the people in their party. For example, if they are in different states or countries, it's imperative to connect them to a game server that can deliver satisfactory performance for all participants to ensure a fair gaming experience.

Machine Learning (ML)

In collaboration with AWS Machine Learning Labs, Riot Games ventured into the world of ML to predict a team's likelihood of winning games, initially in League of Legends and now expanding to Valorant. This initiative aims to create a dynamic API offering real-time updates on win expectancy, enriching the experience for live commentators and viewers alike.

Furthermore, ML is used for Automated Smurf Detection, to monitor smurf account MMRs (matchmaking ranks).
The smurf detection system works in such a way that it'll detect the skill level of newly created accounts and rank them up faster to adjust the skill gap.

Gaming As A Career

Now, let me dispel a common misconception that I always had, and probably a lot of you also do: the idea that gaming is merely a hobby. From what I learned at the event, gaming can be a legitimate career.

Gamers today can secure contracts with professional teams, benefit from the guidance of coaches, nutritionists, personal trainers and physiotherapists and enjoy the potential to earn millions through partnerships, streaming, and competitive championships. I had the privilege of conversing with partners of the Loud team, the Brazilian squad that claimed third place in the championship, and they enlightened me about the intense dedication involved, where players immerse themselves in gaming day in and day out, receive expert coaching, and much more.

Yet, don’t think it’s easy to become a famous gamer. It demands an incredible amount of time, effort, and a multitude of other factors, many of which remain a mystery to me (otherwise, I'd be right there with them lol!).

VALORANT Champions Tournament and Execution

Now let's delve into the heart-pounding action of the trip.
Watch a summary of the first day here. The semi-final match between LOUD and Evil Geniuses had us on the edge of our seats. As a LOUD supporter, I joined the spirited crowd of Brazilians in the stadium. Unfortunately Evil Geniuses emerged victorious in a nail-biting 3-2 finish.

During an exclusive backstage tour of the Kia Forum, we explored the tournament's inner workings (no pictures were allowed). This included a visit to the server room, guarded around the clock by a guard. Only a few people had access to enter there. The reason for the physical servers is that it offers predictable performance and lower latency crucial for the championship.

In the parking lot of the stadium were the broadcasting trucks. These trucks connect to a primary center in Dublin for global coverage, reaching millions of viewers online. Riot's global events team works with 22 broadcast partners in 21 languages.

The broadcast begins at the arena, and is curated into a world feed via Riot Direct (the same server infrastructure used for games). From there, it's distributed to regional teams worldwide, each featuring native language broadcasts with region-specific narratives.

The next day was the final championship match between Evil Geniuses and Singapore's Paper Rex. We were all anxious to know Who would win the big gold trophy plus a $1 million prize. We attended the Kia Forum again, where we watched the Valorant Champions opening ceremony, with live performances of singers and dancers, including the official anthem "Ticking Away" ft. Grabbitz & bbno, an Ignition remix with @its_emei and Jazz Alonso, and the song “Greater Than One” by @ericdoa3347. The opening ceremony resembled a Super Bowl finale, featuring an extravagant display of fire, smoke, and lights that got the audience suuuper excited!
You can watch it here:
It was a battle of wits and skills, and Evil Geniuses won the title with a 3-1 victory. It was a historical moment for the gaming industry because the team's coach, Christine Chi, aka Potter, became the first female coach to win a major eSports championship.

Gaming's Bright Future

In summary, my AWS VALORANT Champions VIP Hospitality Experience was nothing short of thrilling and packed with delightful surprises. From the thoughtful welcome kit to the delicious meals we enjoyed together, the lively fan fest, engaging panel discussions, enlightening VIP tours, and the heart-pounding gaming showdowns – every moment was unforgettable.

Sharing this incredible journey with fellow AWS community builders and heroes was a true pleasure, and added an extra layer of excitement to the experience.

I extend my heartfelt gratitude to the entire AWS team for their invitation and impeccable organization of this extraordinary experience, leaving no detail unattended. I eagerly look forward to the opportunity to participate in another Riot Games event in the future.

My vlog is coming out soon, so stay tuned on my Youtube channel or my social media where I’ll share it when it's live!

What questions do you have about eSports, cloud-based gaming, and the tech that powers all of this? 🤔💭