25-03#

The USE Method#

The USE Method via Node Exporter - USE Method / Node | Grafana Labs

Also: node_exporter node-mixin

dropshot - Rust#

Dropshot is a general-purpose crate for exposing REST APIs from a Rust program.

use dropshot::ApiDescription;
use dropshot::ConfigDropshot;
use dropshot::ConfigLogging;
use dropshot::ConfigLoggingLevel;
use dropshot::HandlerTaskMode;
use dropshot::ServerBuilder;
use std::sync::Arc;

#[tokio::main]
async fn main() -> Result<(), String> {
    // Set up a logger.
    let log =
        ConfigLogging::StderrTerminal {
            level: ConfigLoggingLevel::Info,
        }
        .to_logger("minimal-example")
        .map_err(|e| e.to_string())?;

    // Describe the API.
    let api = ApiDescription::new();
    // Register API functions -- see detailed example or ApiDescription docs.

    // Start the server.
    let server = ServerBuilder::new(api, Arc::new(()), log)
        .start()
        .map_err(|error| format!("failed to start server: {}", error))?;

    server.await
}

Grafana Pyroscope#

via grafana blog article about Loki 3.4.

The Ride Share Tutorial:

The application is a Python Flask app that simulates a ride-sharing service.

pdfarranger#

reorder/remove/add/rotate pages

sudo apt install pdfarranger

https://askubuntu.com/a/1402233/36078

iptables vs ipvs#

https://www.tigera.io/blog/comparing-kube-proxy-modes-iptables-or-ipvs/

difference in average round-trip response times between iptables and IPVS is trivially insignificant until you get beyond 1,000 services

kubernetes tools#

What follows is a collection of links and some notes that occupied my browser tabs while I was looking for different tooling and reading the latest about k8s.

cdk8s is a tool written by AWS engineers. There is a motivational video called End YAML engineering with cdk8s! | CNCF. They use “constructs” as their base abstraction (like resource in TF, but more abstract). They have a Construct Hub. There is cdk8s with plumbing and cdk8s+ - cdk8s with porcellain AFAICT.

Searching cdk8s brought me back to Yoke is really cool | Lobsters. It is the same premise. The user scubbo mentioned Crossplane. I saw that years ago, but it was not ready yet then. There are some crossplane providers for Hetzner, but nothing official or well-maintained. The user koala mentioned Metacontroller

Metacontroller is an add-on for Kubernetes that makes it easy to write and deploy custom controllers.

Via Pitfalls of Helm – Insights from 3 years with the leading K8s package manager | Hacker News. the blog post 5 shortcomings of Helm [^helm1] advertises glasskube/glasskube: The next generation Package Manager for Kubernetes as an alternative. [1] People say that Jsonnet - Jsonnet Configuration Language is viable.

I agree with “YAML-itis” in helm. I have been using it since it still had a server component. 👴🎵☁️

grafana and prometheus still seem very much sold on helm though…

Comparing Sidecar-Less Service Mesh from Cilium and Istio - Christian Posta, Solo.io - YouTube shows that Istio is more mature, but its side-car-less option (“ambient”) is rather new. Cilium uses eBPF and is side-car-less since its inception. Christian Posta is a founder of solo.io. They do products that add to istio, like their Gloo Gateway, which implements the Kubernetes Gateway API. In the List of Kubernetes Gateway API Implementations, one can see

  • Cilium (beta)

  • Istio (GA)

Now to something completly different:

Kubetools - A Curated List of Kubernetes Tools | kubetools

I landed there because I was looking for robscott/kube-capacity: A simple CLI that provides an overview of the resource requests, limits, and utilization in a Kubernetes cluster . I like kube-capacity. It does what it says. Nothing more; nothing less.

Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS.

Looks interesting.

I tried kubeshark/kubeshark. You need to sign-up if you have more that 4 nodes. From there it’s $20 per node per month: Pricing – Kubeshark: Deep Network Observability for Kubernetes

Another dive:

flatpak install io.kinvolk.Headlamp
flatpak run io.kinvolk.Headlamp

meh…

Challenges in Managing SSH Keys – and a Call for Solutions#

ssh-key-challenges.pdf via Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH via Open-sourcing OpenPubkey SSH | Lobsters

Users do not understand the warnings about changed host keys and even for experts, verifying the keys is too cumbersome to do reliably

That’s true in my experience. Every single tutorial that I read about provisioning cloud VMs simply says “yes” on first connect - aka. TOFU (Trust on First Use).

Back in the day, when I managed AWS EC2 instances, I read the host’s public key from the AWS console output, thus using a verified side channel. I then added this pubkey to the bastion’s authorized_keys file. This worked quite well.

Youtube Kubernetes Networking#

03-27#

the Fennel programming language is a lisp on lua. Cute.

0.11 was released. Precious to me is the builtin auto-completion as well as the fuzzy completeopt. [a, ]a, [A, ]A to navigate through the argument list looks nice too.

Introduction to Monoio: A High-Performance Rust Runtime - chesedo tells us that ByteDance (the company behind TikTok) released Monoio. It uses a “thread-per-core architecture” (also used by Nginx, HAProxy and Envoy), that trades robustness against uneven task durations for better CPU caching and less context switches. This is in contrast to a work-stealing architecture. It also uses io_uring for fast async I/O.

Matrix Profiles make it easy to spot deviations in time series. The STUMPY Python library has a nice animation. I can see this making its way into puddl when (if) I find some time to analyze some more time series data. It is unfortunate, that David’s Reflect App is only availabe on iOS.

On this page