Shakedown Social

drmorrThis is relevant because it means you cannot put an RFC3339-formatted timestamp in a label.<a href="https://hachyderm.io/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kubernetes</a> <a href="https://hachyderm.io/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a>

drmorrI learn new and annoying things about Kubernetes every single day.For example, you cannot put a colon in a label.<a href="https://hachyderm.io/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kubernetes</a> <a href="https://hachyderm.io/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a>

Ariel (🐿 arc)This morning's *absolute* WTF moment:Pod network traffic 100% packet loss outbound UNTIL I `tcpdump` it on the node, then it starts working fine.<a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/Cilium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cilium</a> <a href="https://eigenmagic.net/tags/kh8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kh8s</a> <a href="https://eigenmagic.net/tags/Networking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Networking</a> <a href="https://eigenmagic.net/tags/HomeLab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HomeLab</a>

Mad A. Argon :qurio:Me 2 years ago: <a href="https://is-a.cat/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> is software with biggest regeneration ability.Me 6 months ago: Wow, Longhorn has even better regeneration ability!Me now: What the hell, Patroni has the best regeneration ability I have ever seen!:neofox_laugh_256: Welcome to our brave new world of self-fixing things...<a href="https://is-a.cat/tags/admin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#admin</a> <a href="https://is-a.cat/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sysadmin</a> <a href="https://is-a.cat/tags/devops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#devops</a> <a href="https://is-a.cat/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a href="https://is-a.cat/tags/postgres" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#postgres</a> <a href="https://is-a.cat/tags/postgresql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#postgresql</a> <a href="https://is-a.cat/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a>

Ariel (🐿 arc)Spoke too soon. Damn context object has no cache initialized so can't run a reconcile. How in the heck am I supposed to write a controller that can't check all the custom resources it's managing? This seems basic?<a href="https://eigenmagic.net/tags/KubernetesDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KubernetesDev</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kubernetes</a>

Ariel (🐿 arc)> After receiving a discovery response, the Kubernetes API server automatically registers all available types for this API group. Although this isn't considered common practice, you can implement logic that dynamically registers the resource types you need in your Kubernetes cluster.Woa, this could be huge for the CRD management problem with operators and HelmI didn't even know the API aggregation layer existed<a href="https://kubernetes.io/blog/2024/11/21/dynamic-kubernetes-api-server-for-cozystack/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://kubernetes.io/blog/2024/11/21/dynamic-kubernetes-api-server-for-cozystack/</a><a href="https://eigenmagic.net/tags/KubernetesDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KubernetesDev</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a>

Ariel (🐿 arc)Man this kube-builder thing is a LOT of machinery for something pretty simple I'm trying to make. Can't even get it to run a reconciliation loop on startup cause it's all buried. Will check the docs more thoroughly tomorrow.<a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kubernetes</a> <a href="https://eigenmagic.net/tags/KubernetesDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KubernetesDev</a>

Ariel (🐿 arc)Interesting piece on the details of actual scale and shifting from Helm to CueLang with ArgoCD. Includes the why's as well as lessons learned.<a href="https://medium.com/safetycultureengineering/our-journey-to-gitops-migrating-to-argocd-with-zero-downtime-932d0eefbe0d" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://medium.com/safetycultureengineering/our-journey-to-gitops-migrating-to-argocd-with-zero-downtime-932d0eefbe0d</a><a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/ArgoCD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ArgoCD</a> <a href="https://eigenmagic.net/tags/DevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevOps</a> <a href="https://eigenmagic.net/tags/PlatformEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PlatformEngineering</a> <a href="https://eigenmagic.net/tags/GitOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitOps</a>

Jan BartosikStředeční <a href="https://witter.cz/tags/hiring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hiring</a> update:Do interního <a href="https://witter.cz/tags/DevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevOps</a> týmu hledám borce na pozici, které říkáme INFRASTRUCTURE AND DEVOPS SPECIALISTHPP, nebo IČO, jak chceš. Hybridní forma práce, kancl <a href="https://witter.cz/tags/Praha" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Praha</a> Nusle. Nezávazná pokec s DevOps Leadem není problém, online/onsite. Nespěcháme, hledáme oboustranný "match."<a href="https://witter.cz/tags/infra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infra</a> <a href="https://witter.cz/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#devsecops</a> <a href="https://witter.cz/tags/iac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iac</a> <a href="https://witter.cz/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloud</a> <a href="https://witter.cz/tags/aws" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#aws</a> <a href="https://witter.cz/tags/azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#azure</a> <a href="https://witter.cz/tags/gcp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gcp</a> <a href="https://witter.cz/tags/cicd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cicd</a> <a href="https://witter.cz/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a>

Ariel (🐿 arc)Man Prometheus is a pain to recover once its data store is in any way out of shape. Did NOT help that it was buried inside Kubernetes inside a PVC.Thankfully it was only Dev environment today but if this ever pages on Prod we're losing data as it stands.I'll write something up for a run book but eesh.<a href="https://eigenmagic.net/tags/Prometheus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Prometheus</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/kh8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kh8s</a> <a href="https://eigenmagic.net/tags/Observability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Observability</a> <a href="https://eigenmagic.net/tags/o11y" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#o11y</a>

Ariel (🐿 arc)YAML.No I do not count anchors.<a href="https://eigenmagic.net/tags/YAML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#YAML</a> <a href="https://eigenmagic.net/tags/yaml" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#yaml</a> <a href="https://eigenmagic.net/tags/yamlCult" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#yamlCult</a> <a href="https://eigenmagic.net/tags/kh8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kh8s</a> <a href="https://eigenmagic.net/tags/shitpost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shitpost</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kubernetes</a>

Ariel (🐿 arc)Sometimes I find my odd humour in old code and comments and have a chuckle.Today it was that I had aliased the Prometheus Community Helm repository to "prom-com" locally.<a href="https://eigenmagic.net/tags/Prometheus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Prometheus</a> <a href="https://eigenmagic.net/tags/Helm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Helm</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a>

Ariel (🐿 arc)cAdvisor's `container_oom_events_total` metric has been known broken since late 2021.Just FYI. Not like we were relying on that or anything...<a href="https://github.com/google/cadvisor/issues/3015" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/google/cadvisor/issues/3015</a><a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/kh8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kh8s</a>

Ariel (🐿 arc)oh lol they're trying to make Ansible "a thing" with the operator framework.At this point it's not even Ansible it's just Jinja2 with Ansible opinions about templating<a href="https://sdk.operatorframework.io/docs/building-operators/ansible/tutorial/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sdk.operatorframework.io/docs/building-operators/ansible/tutorial/</a><a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/k8sDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8sDev</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/PlatformEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PlatformEngineering</a> <a href="https://eigenmagic.net/tags/DevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevOps</a>

Ariel (🐿 arc)If you're writing a controller, and you want to essentially shell out to arbitrary code and get the return/output.Does it make sense to run a Kubernetes `Job` resource? Can you even retrieve the output of that?Does it make sense to embed a WASM interpreter and pull OCI WASM artifacts to run? That's a lot of extra responsibility...I suppose I could shell out and rely on whatever's in the container/pod context of the controller.Perhaps I should narrow the scope of things it can do instead of trying to hack it like this in the first place?<a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/KubernetesDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KubernetesDev</a>

Ariel (🐿 arc)Is this vCluster thing good?I'm concerned it'll be all the difficulty of Kubernetes but buried another layer deeper. Or that we'll hit hard limits cresting a fully production-like environment in the virtual clusters.<a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a>

Ariel (🐿 arc)is Cilium native routing mode supposed to publish pod IPs on the interfaces in the host network namespace?That would make sense to me as using the native network layer 2/3 routing.Or am I required to turn on SNAT using the IP masquerading feature?Pods are getting valid IPv6 GUAs in the LAN/host subnet, but of course nothing can return to them...<a href="https://eigenmagic.net/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/Cilium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cilium</a> <a href="https://eigenmagic.net/tags/CNI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CNI</a> <a href="https://eigenmagic.net/tags/Networking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Networking</a>

Ariel (🐿 arc)CoreDNS + Kubernetes question:CoreDNS, in its stock configuration, assumes/uses the default service created for the Kubernetes API.However, this gets a ClusterIP from the cluster's Service IP range as part of normal IPAM.This IP is not known to the operating system or during cluster setup, so isn't in the IP SANs for the TLS certificate. This causes CoreDNS to error out trusting the Kubernetes API when trying to watch services.The the default Kubernetes service is roughly well-known as it's the bottom of the service IP range + 1 but that still feels... odd.I looked into automatic in-cluster certificate management and rotation but that seems more about Kubelet client certificates for the API server, and none of the actual TLS certificates. Which kinda makes sense cause otherwise cyclic dependencies.<a href="https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options</a><a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/CoreDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CoreDNS</a>

Ariel (🐿 arc)Kubernetes DNS question:Couldn't the CNI actually manage DNS instead of CoreDNS?I mean it'd be potentially a lot of data to throw at eBPF for in-cluster records. It's already distributing information for routing.It could also enforce all-pods upstreams by using DNAT - assuming DNSSEC remains a niche concern....in my defence, I never said my ideas were good...<a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/Cilium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cilium</a>

The Late Night Linux FamilyWhat the new Docker pull limits really mean and how to deal with them, and whether paying for 12 years of support for Kubernetes is a good idea.<a href="https://hybridcloudshow.com/hcs25/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hybridcloudshow.com/hcs25/</a><a href="https://fosstodon.org/tags/podcast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#podcast</a> <a href="https://fosstodon.org/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloud</a> <a href="https://fosstodon.org/tags/PlatformEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PlatformEngineering</a> <a href="https://fosstodon.org/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a>

Recent searches

Search options

Administered by:

Server stats:

#k8s