|
Spring Heeled Jack posted:Seconding this. I’m a sysadmin at a company that is looking to move to containers when they deploy some of our new website apps. The lead dev is completely familiar with everything on that end, but as a JOAT sysadmin I’m looking to get up to speed. We run IIS/MSSQL for everything currently but they’re shifting to .NET Core so we can run Linux containers. Starting down a similar path. I just finished The DevOps Handbook and highly recommend it. Gonna grab The Phoenix Project next. I was looking for Windows specific books before the holidays, but it looks like the few Windows specific books are going to be published in the coming months. Get familiar with Powershell if you aren't already as well as some Linux environment. Whether you're on Linux or Windows, Docker underpins everything and Kubernetes seems to coming out on top for orchestration, AKS being managed Kubernetes.
|
#
¿
Feb 11, 2018 18:09
|
|
|
|
| # ¿ May 17, 2024 17:45 |
|
|
Warbird posted:Posting this here as the Powershell thread appears to be hella dead: Is the answerfile included in the package? Can you use Resolve-Path on ./tools/foo.rsp to get the absolute path and pass that in? If you're passing it in through $silentArgs you might have to watch how quotes and variables get escaped too. Remember, ChocolateyInstall.ps1 is just a Powershell script, so any pre-processing or input sanitation you could do in PS you can do here.
|
|
#
¿
Feb 19, 2019 18:12
|
|
|
Check your CI documentation around pipeline triggers. In Azure Pipelines you can use path triggers to run a pipeline when a specific file or directory is updated. Really though idempotent is the way to go.
|
|
#
¿
Jan 17, 2021 18:08
|
|
|
I'm in a heavily Windows shop and k8s has veen declared ~the way of the future~. We have done a pretty good job of moving devs off of TFS/TFVC and on to Azure DevOps/git. CI/CD has rocked their world and made us (Ops) look like wizards. Something I'm having trouble wrapping my head around though: a lot of our apps are various versions of aspnet webforms/mvc hosted on IIS. We have been able to move most of the apps off of integrated windows auth and on to either okta or azure ad. How are people handling integrations dependent on the app pool identity? E.g.: site1 runs under a service account and accesses smb file shares as that identity. I see k8s has support for gmsas now. Has anyone had success with them? For the apps that have been ported to dotnet core, is there a way to do this integration from linux containers?
|
|
#
¿
Mar 27, 2021 02:59
|
|
|
Methanar posted:What is the business case behind this?  We have a new VP who wants to build in-house PaaS offerings for all of our Ops services.12 rats tied together posted:This is probably entirely out of your control but all the windows identity stuff is extremely crappy and dated. The sooner you can solve this problem by "not having apps access anything with app pool identity", the better. 12 rats tied together posted:e: If you're lucky you can just delete your AD domain too, while you're at it 
|
|
#
¿
Mar 27, 2021 12:51
|
|
|
Thanks for the replies everyone. Gonna try to not get too e/n here but there is history. In the last couple of years, Dev has been given a lot of leeway to go out and try new things. This has lead to some wins for our developers as they have been able to build greenfield services and show management what is possible/what they are capable of. On the other hand, we now have "proof of concept" environments running prod services in multiple clouds. Ops is trying to get a handle on what is where and how can we support it. We have had big wins with modernizing build and release processes for Dev teams who deploy to existing Ops managed infrastructure. The Dev owned cloud stuff running k8s is all over the place and is getting too big for them to manage on their own. Also, they are now spending time janitoring instead of solving business problems. We are hoping to be able to come in, standardize their infrastructure and support them so when they get a call at 3 am it's for a legitimate application issue and not that they hit the quota on whatever personal subscription they are billed under. Part of what we have to figure out is what can evolve with the platform and what is set in stone. It sounds like anything tied to windows identity is going to be harder to move, and that's fine. Better to know now than to waste a few weeks bashing my head against a wall. Greenfield stuff is supposed to going to k8s as much as possible.
|
|
#
¿
Mar 28, 2021 01:41
|
|
|
I would second looking into azure DevOps/ GitHub actions for this as they have images with vs etc installed already (ADO Windows image example). Then you just need to add any other tools in there which the platform should have tasks for. If you do want something self hosted, there is a vs build tools package that can be installed unattended.
|
|
#
¿
Dec 30, 2021 02:50
|
|
|
For anyone managing an openshift cluster, how much do you fiddle with resource requests and limits on operators? We are running a (what I feel is small) cluster with 3x 8 cpu 32 gb ram worker nodes. Our actual utilization is really low, but we are already running into scheduling issues because of cpu requests. Is anyone else modifying operator configs to have significantly fewer resources? I don't see this talked about much and assume I am doing something wrong at this point.
|
|
#
¿
Nov 29, 2022 20:09
|
|
|
jaegerx posted:Are you kidding? It's all we discuss. You don't limit cpu but you do requests for cpu. Memory should be limited and probably requested. What's the logic behind not limiting cpu? Do you ever run into some app bogging down a whole node? Right now we are setting limits, and have alerting set up to inform us if anything gets throttled for an extended period of time.
|
|
#
¿
Nov 30, 2022 00:58
|
|
|
Thanks for the links and advice everyone. Looks like our use case (charge back on a shared cluster) is one of the few reasons to set cpu limits.
|
|
#
¿
Dec 4, 2022 16:32
|
|
|
|
| # ¿ May 17, 2024 17:45 |
|
|
If you are storing team info in metadata, what are your namespace naming conventions? If there isn't team1-redis and team2-redis how do you prevent collisions? For the record we are using team-app-env so we have webdev-homepage-dev, webdev-homepage-uat, finance-batch-dev etc. with each of these tied to an AD group for permissions. We include the environment in the name because we have 1 nonprod cluster.
|
|
#
¿
Mar 20, 2024 00:42
|
|