How my OpenShift vs Rancher comparison blogpost gone viral?

Facebooktwittergoogle_pluslinkedinmailby feather

I would like to share my story about how my Blogpost Openshift vs Rancher gone viral, which is:

  • On the top page when you search Openshift vs Rancher on Google (The first two,  rancher.com and kloia.com both pointing to my comparison)
  • Viewed more than 250.000 times
  • Several comments from the readers
  •  Republished by the vendor itself 
  • Translated by several consultancies in different countries

 

As kloia, our engineering team focus became dominantly Kubernetes for the platform projects, where OpenShift was a dominant player especially after the acquisition of IBM. We have been implementing OpenShift in one of our major Enterprise customer. Since we are an engineering company, our consultants became frustrated with OpenShift with the following feedbacks:

  • OpenShift has its own way of doing things, no CNCF 
  • No/less engineering, more operator mindset
  • Major problems during version upgrades
  • Vendor-lock

As an engineering-driven company, (Decisions are given by the engineering team, rather than Sales) we stopped working with RedHat, although we invested a lot with certifications and time…

Meanwhile, we began also experimenting with Rancher in several projects and I decided to make such an honest comparison by the end of 2019 based on

  • Our engineering team’s feedback
  • My own experience
  • Several customer feedback
  • Technical evidence

 

My intention was to reveal the realities, as an engineer who has been in the “Pledge to Professionalism” ceremony during my graduation:)

  • I gathered data from anyone who can contribute: internal, external
  • I interviewed several professionals: The ones using OpenShift, the ones using Rancher…

Based on all those data, I began to write an honest comparison.

There have been major debates around that post on social media and also in the comments of the post (I published all comments regardless of the positive or negative views, except the ones which have annoying language)

In a conclusion, I think the honesty of the comparison and maybe the reason I expressed how the engineering mindset professionals feel working with OpenShift made the success of that blogpost. It was not intentional, all happened organically!

 

My latest Blogpost: Remote ≠ Home

Facebooktwittergoogle_pluslinkedinmailby feather

During the pandemic, many companies have gone remote, while many of them struggling with it as their processes are not remote-complaint.

In Kloia, we were already Remote even before the pandemic.

I tried to explain that Remote does not necessarily mean Home and some aspects that we find important for this transition:

https://www.kloia.com/blog/remote-is-not-home

 

 

Prudential RideLondon Rankings

Facebooktwittergoogle_pluslinkedinmailby feather

Hi!

As it was claimed several times by the organization, Prudential Ride London is not a racing event. But in reality, the riders are pedaling to force their limits and also to see their ranking is not a bad thing! But the following official site does not allow you to see your ranking:

https://results.prudentialridelondon.co.uk/2019/

Adding the sorting function to that page is not a big deal but the organization seems does not want to favor that.

Besides, the webpage seems developed in a way to make crawling the data difficult. But I did! I am a coder!

Here are the links to the rankings:

Prudential19 

Prudential46 Individuals 

Prudential100 Individuals

According to that, it seems I was ranked 25th at Prudential19! 

And check the top Prudential100 timings, unbelievable!

Sharon Bowman 4C

Facebooktwittergoogle_pluslinkedinmailby feather

I have published an article regarding our Dojo approach at kloia: Click here!

JVM Thread Dump Analysis Notes

Facebooktwittergoogle_pluslinkedinmailby feather

Recently i had to dig into a JVM thead wait/blocking/locking troubleshooting and i decided to write down my notes just for future reference for myself and for you!:)

 

Pre requirements to be known:

1. JVM Memory Space: This is divided to 3 following parts:

1.a Native Heap/Code Cache:  

– Byte Code for JIT

– Native code which are already converted from Byte Code

– Mmap(Memory Map) files

1.b PermGen/Metaspace: Beginning from Java8, this area has no upper limit in order to avoid OutOfMemory errors. Operating System will use SWAP area(Virtual Memory) if the usafe goes beyond Physical Memory.

1.b.i. Size: This is defined my XX parameter 

1.b.ii. Heap Structure: The following are stored under Metaspace:

  • Class Definitions Metadata: Class Name, Object Arrays, Internal Object used by JVM, optimization information
  • Static Member Variables (Variable itself / Object Reference) 

 1.c Heap: All runtime created stateless&stateful objects, app data, caches are stored in Heap.

1.c.i. Heap Size: Heap size is defined by two parameters:

  • Xms(Initial Memory Allocation) 
  • Xmx(Maximum Memory Allocation) 

1.c.ii. Heap Structure: Heap is divided into following spaces:

  • Young: Divided into 2 parts:

    • Eden: First space used when the object is created.
    • Survival: The objects which are survived from GC(Garbage Collection) are stored on so called S0/S1
  • Tenured/OldGen: Objects reacted to max tenured threshold are moved to this space

Here is the model as a schema:

JVM_Memory_Model

Ref. schema

 

2. Footprint Requirement: This can be calculated considering the following formula:

  • Number of ear, jar, war files that the single JVM process will handle
  • Number of Java classes to be loaded during runtime
  • Data cache(file, DB …) footprint
  • Number of threads that are allowed to be created

Usually heap size 3-4 GB. is a starting point….

3. GC(Garbage Collection): Minimizing the GC frequency is a key factor for performance. Concurrent users and requests generate JVM GC HeartBeat. The frequency should be monitored. 

4. Young vs Tenured: The typical ratio is 1/3, for example if you have 4 GB. Heap, 1GB for Young, 3GB for Tenured is expected. But this is totally depent to your business rules and traffic patterns. 

5. Thread Dump Analyzer: There are various tools that you can use, the ones that i prefer are:

  • https://spotify.github.io/threaddump-analyzer/
  • http://fastthread.io/

Use XX:+HeapDumpOnOutOfMemoryError in order to create the Heap Dump in case of OutofMemory.

Here are the most popular focus areas that should be analyzed:

  • Memory Leak
  • Too many open files
  • CPU usage
  • Deadlocks
  • ClassNotFoundException
  • NoClassDefFoundError

As a last experience, there is an intersting jar which makes fullGC every 300 sec.:

https://github.com/jelastic-jps/payara/tree/master/payara-micro-cluster 

That can be considered for non performance required applications…. 

How CloudFlare helps to painless migrate your WordPress website to HTTPS?

Facebooktwittergoogle_pluslinkedinmailby feather

cloudflare

Google recently announced that, Chrome will alert “NOT SECURE” for the websites not running under HTTPS:
Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
In case you have a WordPress site, there are 2 main ways to do that:
1- Converting WordPress to HTTPS mode:
1-a: Change the site URL: The siteurl can only be changed by command line. Find the wp-config.php and update it.
1-b: Change the existing http links: Go to DB and update the links. Beside in case there are plugins which inject their code seperately, you need find all. This is very painful!
1-c: Create a SSL certificate and verify it on a certificate authority.
2- Keeping WordPress a usual and use CloudFlare:
2-a Force HTTPS
cloudflare_alwayshttps
2-b Enable HTTPS Rewrite: This is the crucial point. By that, you do not need to edit WordPress http links, as CloudFlare will be replacing them on the fly! (In case you are not under HSTS, it will not replace image links)
cloudflare_hsts01

cloudflare_hsts02

2-c Now you should see that links except images are not converted on the fly. Go to https://hstspreload.org and register your domain for HSTS.

**** Be careful! All subdomains and subsubdomains from now on should work under https! ****

So check all your DNS records. With Coudflare, you are lucky, if traffic passes via CloudFlare, it will a common SSL certificate
hstspreload01

hstspreload02

hstspreload03

Rancher on Google Cloud with Cloud SQL as DB

Facebooktwittergoogle_pluslinkedinmailby feather

Here is my latest kloia blog post: 

 

https://blog.kloia.com/rancher-on-google-cloud-with-cloud-sql-as-db-4775326f7bab

Kubernetes on Rancher with Weave

Facebooktwittergoogle_pluslinkedinmailby feather

Here is my post on kloia blog:

 

https://blog.kloia.com/kubernetes-on-rancher-with-weave-db5319361b78

Docker Routing Mesh

Facebooktwittergoogle_pluslinkedinmailby feather

Routing Mesh is not magic, it just uses ha-proxy inside to route the traffic to the related container.

What is the use-case of Routing Mesh? 

You have plenty of services/apps working on HTTP/HTTPS and you do not want to deal with ports. Routing Mesh simply, manages the "Virtual Hosting" 

1. In case you have Docker Datacenter UCP: 

Step1: Enable Routing Mesh

UCP –> Admin Settings –> Routing Mesh –> Enable HTTP Routing Mesh –> Update (I used port 8090 just for test, normally it should be 80)

ucp_routing_mesh

Step2: Create a service

UCP –> Resources –> Services –> Create a Service 

Service Name: meshtest

Image Name: nginx:latest

Next –> Rosources –> Networks

Choose the network "ucp-hrm"

Next –> Environment

Create a Service Label "com.docker.ucp.mesh.http.80" with label "external_route=http://meshtest,internal_port=80"

ucp_routingmesh02

2. In case you just have Docker 1.12+:

Add the following to you docker-compose YAML under the necessary service:

#    labels:
#      com.docker.ucp.mesh.http.80=external_route=http://meshtest,internal_port=80

 

 

 

Save Settings and it works!

ucp_routingmesh03

 

Docker overlay or bridge networks overlapping with the corporate networks problem

Facebooktwittergoogle_pluslinkedinmailby feather

During the installation of Docker Engine and UCP(Universal Control Plane), there is a risk that the networks it chooses by default like 172.17.0.0/16, 172.18.0.0/16, 172.19.0.0/16, 172.20.0.0/16 may overlap with your existing LANs in your organization. Although there are some related posts:

https://forums.docker.com/t/dtr-network-overlaps-corporate-lan/22193/2

https://blog.docker.com/2016/03/docker-networking-design-philosophy/

https://github.com/docker/docker.github.io/blob/master/engine/userguide/networking/default_network/build-bridges.md

IMHO they do not provide a practical solution for that particular case…

Beside, there are the following open issues under github:

https://github.com/docker/docker/issues/21776

https://github.com/docker/docker/pull/29376

Here is a workaround we have founded and applied and working:

  • Before the installtion of Docker Engine/UCP, create a virtual interface or extend the netmask of the current interface covering all corporate networks:
ifconfig eth0:0 <yourinternalcorporateIPAddress> netmask <netmask> up
  • After you finalize the Docker Engine, swarm or UCP, you will notice that it uses A Class(10.x.x.x/x) or C Class(192.168.x.x/x) rather than 172.x.x.x !!!! Docker installation is smart that it jumps to other network classes.
  • Revert back your network interface you the initial state ad that's all!! 

 


visited 41 states (18.2%)

Follow me on Strava