When things go wrong in Kubernetes, things can go really wrong and there isn't much documentation on how to inspect the system out of band of what a working kubectl can deliver. This can be maddening. This article covers some of what is going on under the hood of Kubernetes and Containerization so that you have some more tools in your collection for inspecting Kubernetes issues from within kubectl and out-of-band of Kubernetes.
So my Docker image and container collection has grow over the past years and I see no sign of it stopping. From adding random services for integrations to multi container services for development, staging, and deployment, to throw away containers, to scheduled task automation .... its time that I start to consider setting up my own Platform as a Service (PaaS).
This is my overview of kubernetes. There are many like it, but this one is mine.
Back in 2020 when I first started looking into building a mobile application I wanted to do things "smart" by architect-ing the backend system on Kubernetes. After all, kubernetes was the hot new thing that all the cloud services were supporting. I think I went about it all wrong at the time. I took a very top down approach (which I very often do) jumped right into some cloud infrastructure on GKE and just started poking around with kubectl and the various GUIs. Turns out this doesn't work in Kubernetes land without some solid base knowledge. I had no context, no terminology. To make matters worse, I watched a few how-to videos on youtube that went kind of like: "kubectl this, kubectl that, and viola! You have a working infrastructure." In reality "Kubernetes is not making my job easier! Kubernetes is just creating another career's worth of complexity in my application." At the time I settled for docker-compose instead.
Now I've returned to Kubernetes in pursuit for a flexible home/DIY Platform As A Service (PaaS).
I've recently been beefing up my security posture by added very secure and randomly generated passwords to all systems that I have console access too. This in turn has created a new issue where I need to copy/paste that password whenever I sudo.
Turns out there is a solution to this problem that has been around since at least 2013. I'm talking about the ability to use SSH keys to authenticate sudo commands so you don't have to constantly unlock the secure password from the password vault and you don't need to submit to NOPASSWD: in /etc/sudoers.
Its a new year and always a good time to have intentions on new behaviors. While I didn't intend on this being a new years resolution, I've recently decided that I want to start maintaining a personal password manager. I've been against this in the past because if I neglect the service, it could be hacked, I could lose it, or any number of other bad things that would make my life a lot harder than before I had the manager. Therefore, I've defined some ground rules to ease my paranoia while still increasing my security posture across all of my projects.
Suppose you have a new software product that has a lot of value to an end-user, but the variability of the product would prevent you from delivering a full solution to end users simply because of the lead time required to develop a GUI with reasonable UX. What to do?
In my opinion, the conventional wisdom is to apply agile methodologies and develop only the options the user needs now. Naturally this is what I want to do, but its also my belief that the user should be able to tweak and experiment with the code base (as I do) to get the greatest value in the shortest amount of time.
Recently I moved into a new home. Excitedly, I went to sign up for the new fibre hotness in the area (with 1 Gbps download speeds). In the mean time, I purchased a 4G router that allowed be to supply my house with internet via a cell phone SIM card (i.e. ~ 10-20 Mbps). My scheduled appointment for the super fast internet was about 2 weeks later. Finally, the guys show up to run the fibre line! After observing that they were waiting around outside (by the pole) for about 2 hours, I went to go check on what was happening. In the end they made the determination that they could not install fibre internet for me because the pole was too rotten. Argh!
When using Docker, you have the "dockerd host" (i.e. the platform managing the containers) and you have the running containers. Each container has a localhost and the "dockerd host" has its own localhost. Whether you use --network host or not, you can not use localhost to communicate between the "dockerd host" and the container.
I've been developing an app for the past couple years. Over that time I've seen some pretty drastic changes within the Expo eco-system and how they manage workflows (usually for the better). Following a recent update to Expo SDK 46, I simply could not escape an issue with the react-native-gesture-handler not being found. For all the amazing feats that Expo has accomplished to simplify mobile development, the attention to detail in their documentation leaves much to be desired.
Docker squashing is something that has been around for awhile. For those not in the know, when you create a Docker image it layers each of the commands in the Dockerfile into their own filesystem overlay. The aggregate of these overlays are what you containers starts with.
Now, when you have vary large files getting downloaded into the build process of an image, you can find yourself with a very bloated image. Squashing is generally the solution here.