25-03#
The USE Method#
The USE Method via Node Exporter - USE Method / Node | Grafana Labs
Also: node_exporter node-mixin
dropshot - Rust#
Dropshot is a general-purpose crate for exposing REST APIs from a Rust program.
use dropshot::ApiDescription;
use dropshot::ConfigDropshot;
use dropshot::ConfigLogging;
use dropshot::ConfigLoggingLevel;
use dropshot::HandlerTaskMode;
use dropshot::ServerBuilder;
use std::sync::Arc;
#[tokio::main]
async fn main() -> Result<(), String> {
// Set up a logger.
let log =
ConfigLogging::StderrTerminal {
level: ConfigLoggingLevel::Info,
}
.to_logger("minimal-example")
.map_err(|e| e.to_string())?;
// Describe the API.
let api = ApiDescription::new();
// Register API functions -- see detailed example or ApiDescription docs.
// Start the server.
let server = ServerBuilder::new(api, Arc::new(()), log)
.start()
.map_err(|error| format!("failed to start server: {}", error))?;
server.await
}
Grafana Pyroscope#
via grafana blog article about Loki 3.4.
The Ride Share Tutorial:
The application is a Python Flask app that simulates a ride-sharing service.
pdfarranger#
reorder/remove/add/rotate pages
sudo apt install pdfarranger
iptables vs ipvs#
https://www.tigera.io/blog/comparing-kube-proxy-modes-iptables-or-ipvs/
difference in average round-trip response times between iptables and IPVS is trivially insignificant until you get beyond 1,000 services
kubernetes tools#
What follows is a collection of links and some notes that occupied my browser tabs while I was looking for different tooling and reading the latest about k8s.
cdk8s
is a tool written by AWS engineers. There is a motivational video
called End YAML engineering with cdk8s! |
CNCF.
They use “constructs” as their base abstraction (like resource in TF, but more abstract).
They have a Construct Hub.
There is cdk8s with plumbing and cdk8s+ -
cdk8s with porcellain AFAICT.
Searching cdk8s
brought me back to Yoke is really cool |
Lobsters.
It is the same premise. The user scubbo mentioned Crossplane. I saw that years ago, but it was not ready yet then.
There are some crossplane providers for Hetzner, but nothing official or well-maintained.
The user koala mentioned Metacontroller
Metacontroller is an add-on for Kubernetes that makes it easy to write and deploy custom controllers.
Via Pitfalls of Helm – Insights from 3 years with the leading K8s package manager | Hacker News. the blog post 5 shortcomings of Helm [^helm1] advertises glasskube/glasskube: The next generation Package Manager for Kubernetes as an alternative. [1] People say that Jsonnet - Jsonnet Configuration Language is viable.
I agree with “YAML-itis” in helm. I have been using it since it still had a server component. 👴🎵☁️
grafana and prometheus still seem very much sold on helm though…
Comparing Sidecar-Less Service Mesh from Cilium and Istio - Christian Posta, Solo.io - YouTube shows that Istio is more mature, but its side-car-less option (“ambient”) is rather new. Cilium uses eBPF and is side-car-less since its inception. Christian Posta is a founder of solo.io. They do products that add to istio, like their Gloo Gateway, which implements the Kubernetes Gateway API. In the List of Kubernetes Gateway API Implementations, one can see
Cilium (beta)
Istio (GA)
Now to something completly different:
Kubetools - A Curated List of Kubernetes Tools | kubetools
I landed there because I was looking for robscott/kube-capacity: A simple CLI
that provides an overview of the resource requests, limits, and utilization in
a Kubernetes
cluster
. I like kube-capacity
. It does what it says. Nothing more; nothing less.
Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS.
Looks interesting.
I tried kubeshark/kubeshark. You need to sign-up if you have more that 4 nodes. From there it’s $20 per node per month: Pricing – Kubeshark: Deep Network Observability for Kubernetes
Another dive:
The Kubernetes Linux Experts | Kinvolk bought by Microsoft
Headlamp is a user-friendly Kubernetes UI focused on extensibility
flatpak install io.kinvolk.Headlamp
flatpak run io.kinvolk.Headlamp
meh…
Challenges in Managing SSH Keys – and a Call for Solutions#
ssh-key-challenges.pdf via Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH via Open-sourcing OpenPubkey SSH | Lobsters
Users do not understand the warnings about changed host keys and even for experts, verifying the keys is too cumbersome to do reliably
That’s true in my experience. Every single tutorial that I read about provisioning cloud VMs simply says “yes” on first connect - aka. TOFU (Trust on First Use).
Back in the day, when I managed AWS EC2 instances, I read the host’s public key from the AWS console output, thus using a verified side channel. I then added this pubkey to the bastion’s authorized_keys file. This worked quite well.
Youtube Kubernetes Networking#
Kubernetes Services networking - YouTube
https://youtu.be/NFApeJRXos4?t=48 Cluster IPs
https://youtu.be/NFApeJRXos4?t=107 NodePort –> source NAT
https://youtu.be/NFApeJRXos4?t=259 using
externalTrafficPolicy: local
results in KubeProxy Load-Balancing to local Pods onlyreduces hops
preserves source IP
load balancing becomes network-topology dependent https://youtu.be/NFApeJRXos4?t=295
Surviving Day 2 - How to Troubleshoot Kubernetes Networking - Thomas Graf, Isovalent - YouTube
Calico, Thomas Graf
Hubble
-
Latency
Traffic
Errors
Saturation
03-27#
the Fennel programming language is a lisp on lua. Cute.
0.11 was
released. Precious to me is the
builtin
auto-completion
as well as the fuzzy
completeopt.
[a
, ]a
, [A
, ]A
to navigate through the argument list looks nice too.
Introduction to Monoio: A High-Performance Rust Runtime - chesedo tells us that ByteDance (the company behind TikTok) released Monoio. It uses a “thread-per-core architecture” (also used by Nginx, HAProxy and Envoy), that trades robustness against uneven task durations for better CPU caching and less context switches. This is in contrast to a work-stealing architecture. It also uses io_uring for fast async I/O.
Matrix Profiles make it easy to spot deviations in time series. The STUMPY Python library has a nice animation. I can see this making its way into puddl when (if) I find some time to analyze some more time series data. It is unfortunate, that David’s Reflect App is only availabe on iOS.