Newsletter #44
7 min read Newsletter #44

Grafana 8, Swiss Covid Certificate public test, a comprehensive guide to UniFi access points and a huge amount of newly discovered tools. Some of them helping to mitigate missing container images on Kubernetes.


Software releases, news articles and other new stuff

[German] Covid-Zertifikat - Public Security Test
#covid19, #admin

I like the direction the Swiss government is going by opening up the source code and ask the community for review. Hopefully this get's used more and more for government software.

Grafana 8.0: Unified Grafana and Prometheus alerts, live streaming, new visualizations, and more! | Grafana Labs
#grafana, #release

The big feature headlines around Grafana v8.0 include an overhaul of the alerting system; new and improved visualizations, including state timeline, status history, and histogram panels; live streaming; library panels that can be reused; and fine-grained access control that allows Enterprise customers to make sure everyone in their organization has the appropriate level of access.

I always like new Grafana releases. Haven't had the chance to try it out, but sounds good what has been included in this release. Afaik that's the first Grafana release licensed under AGPLv3.


Interesting articles and blog posts

UniFi Wi-Fi Access Point Buyer's Guide: 2021 — McCann Tech
#ubiquiti, #comparison

UniFi offers more options than typical consumer-grade equipment. If you are a nerd who likes getting their hands dirty, or just want a network that performs better, UniFi is worth a look.

This is a great overview of all UniFi access points. And as a reminder: They are usually very well-supported by OpenWrt. I own the AP AC Pro, the AP AC Lite and the AP AC Mesh and all are perfectly working with OpenWrt.

How Apple Is Organized for Innovation
#insight, #business, #organization

When Steve Jobs returned to Apple, in 1997, it had a conventional structure for a company of its size and scope. It was divided into business units, each with its own P&L responsibilities. Believing that conventional management had stifled innovation, Jobs laid off the general managers of all the business units (in a single day), put the entire company under one P&L, and combined the disparate functional departments of the business units into one functional organization.

An interesting insight in how Apple is organized. Parts of it may be applicable even to much smaller sized companies.

Migrating a gigantic financial system to 20,000 pods in the cloud
#story, #cloud, #migration

The initial requirements were quite straightforward: build docker images, write Helm Charts, write Terraform code, and deploy on Kubernetes. Well… it turned out there was much much more to it.

Or: When migrating to the cloud might not be the best idea? At least not this way. I mean: 30 GB container image? LOL

What the Fastly outage can teach us about writing error messages
#http, #errorcode, #webdev

If you happened to visit those websites during Fastly's outage, you saw the relatively unhelpful error message below. As a frontend developer, my eyes scan error messages like these for numbers - in this case, the "503" - indicating that the error isn't my fault, and I can move on with my life.

Oh yes, error messages... It's so hard to get them right, but so important.

Jan-Piet Mens :: A diagram to depict the DNSSEC chain of trust
#dns, #dnssec, #diagrams

The text on the blue connectors is a bit small in this rendition (it says “refers to”) – I might have to tweak that. The blue is designed to suggest a link (as on a Web page), which I can use to explain kaputt.

As I'm a very graphically oriented person, such diagrams help a lot to understand technology. Thanks JP for this well-designed diagram.

Sorry everybody, I failed with you 😔 · Issue #1634 · pedronauck/docz
#opensource, #maintainer

So, after a time working a lot here and on my business, I was with my healthy compromised and needed to choose between "keep my open source project" or "keep my mental and physical health". And for me the choice was very clear, I choose me.

IMHO one does not have to apologize when not having time to work on a voluntary Open Source project. This feels just wrong to me, you have no obligation to anyone when working on Open Source. If you have time, the passion and interest to work on it: Do it. If you don't have time or the energy, just don't do it.

A new future for icanhazip | Major Hayden's Blog 🤠

In the summer of 2009, I had an idea. My workdays were spent deploying tons of cloud infrastructure as Rackspace acquired Slicehost and we rushed to keep up with the constant demands for new infrastructure from our customers. Working quickly led to challenges with hardware and networking.

Cool story how a simple service grew. One does never know what could happen to a seemingly simple idea. Sometimes interesting use-cases appear.

Using a ConfigMap as an OCI Image Cache · Daniel Mangum
#kubernetes, #configmap, #image, #oci

For folks familiar with Crossplane, you likely know that we adopt the design practice of using interfaces over implementations as frequently as possible. Even if we begin with an implementation, such as the current composition engine, we make sure to consider a future with potentially many implementations for the same functionality.

ConfigMaps are way more than just simple text data.

Reverse Engineering a Docker Image — The Art of Machinery
#story, #docker, #image, #container

This started with a consulting snafu: Government organisation A got government organisation B to develop a web application. Government organisation B subcontracted part of the work to somebody. Hosting and maintenance of the project was later contracted out to a private-sector company C. Company C discovered that the subcontracted somebody (who was long gone) had built a custom Docker image and made it a dependency of the build system, but without committing the original Dockerfile. That left company C with a contractual obligation to manage a Docker image they had no source code for. Company C calls me in once in a while to do various things, so doing something about this mystery meat Docker image became my job.

Another interesting story on how enterprise IT works, or better: doesn't work.

An Unbelievable Demo
#story, #opensource, #sun

And now, here he was, in Sydney, Australia, trying to sell Brendan Gregg's tools to Brendan Gregg.

W00t? Cool story.

GitOps is a placebo – Steve Smith
#gitops, #opinion

GitOps is simply a rebadging of 2010 Continuous Delivery principles and 2016 Infrastructure as Code practices, applied to Kubernetes. Its benefits are transitive, sourced from implementing those principles and practices that came years before GitOps. Some of those benefits can also be disputed.

I tend to agree with this opinion.

Tolerating failures in container image registries - Kintone Engineering Blog
#container, #image, #cache

Have you ever experienced that your Kubernetes cluster cannot create new Pods because Docker Hub or other container registries are down?

Oh yeah, I experienced that a few times already. Bad times they are. Some tools further down below are trying to help with that.

Pre-recording conference talks
#recording, #conference, #remote

It’s no secret that performing a talk into your computer is completely different from doing so in person. One part I’ve struggled with is that lack of eye-contact with the audience. Being able to see their reactions to parts of my talks, or even a chuckle at my silly jokes. Talking to a computer is not quite the same.

Good tips. I'm sure they will help me for future pre-recordings.


Open Source tools newly discovered

estahn/k8s-image-swapper: Mirror images into your own registry and swap image references automatically.
#kubernetes, #image, #webhook, #mirror, #registry

k8s-image-swapper is a mutating webhook for Kubernetes, downloading images into your own registry and pointing the images to that new location. It is an alternative to a docker pull-through proxy. The feature set was primarily designed with Amazon ECR in mind but may work with other registries.

FairwindsOps/saffire: Controller to override image sources in the event that an image cannot be pulled.
#kubernetes, #image, #operator

The image repository for docker images is a single point of failure for many clusters. As seen in the past with rate limiting on Docker Hub and several high-profile outages, these images being unavailable can produce disastrous consequences for Kubernetes cluster operators. The intent of saffire is to provide operators with a method of automatically switching image repositories when imagePullErrors occur.

astefanutti/kubebox: ⎈❏ Terminal and Web console for Kubernetes
#kubernetes, #dashboard, #console, #terminal

hasheddan/k8scr: Kubernetes Container Registry
#kubernetes, #image, #development, #push

A kubectl plugin for pushing OCI images through the Kubernetes API server.

TaKO8Ki/awesome-alternatives-in-rust: A curated list of replacements for existing software written in Rust
#rust, #alternative

Frankkkkk/pykorm: A python 🐍 kubernetes ☸️ ORM 🚀. Very useful when writing operators for your CRDs with Kopf.
#kubernetes, #operator, #python, #kopf

pykorm is a simple library that links your models to their kubernetes counterpart. Each model and instance on your code is thus directly linked to your kubernetes cluster and modifications are thus reflected both ways.

Docker Registry User Interface | The simplest and most complete UI for your private registry!
#image, #registry, #viewer

This project aims to provide a simple and complete user interface for your private docker registry. You can customize the interface with various options. - Die Defikarte der Schweiz
#defi, #aed, #osm

GitHub - MOZGIII/port-map-operator: LoadBalancer Service type implementation for home clusters via Port Control Protocol.
#kubernetes, #loadbalancer, #nat, #openwrt

A LoadBalancer Service type implementation for small home clusters. Maps the ports from your router to a Kubernetes cluster node via the Port Control Protocol. It does not perform real load balancing of any kind, but just takes care of the port forwarding so traffic can reach the cluster node. Kubernetes still does its internal service-level load balancing.

richrd/moveallwindowstoscreen: KWin script for moving all windows to a specific screen.
#kwin, #kde, #plasma, #windows, #shortcut

This KWin script provides user definable shortcuts that let you move all your windows to a specific screen. If you want to quickly move all windows from one screen to another this is for you.

#monitoring, #slo, #yaml

OpenSLO is a service level objective (SLO) language that declaratively defines reliability and performance targets using a simple YAML specification.

farrokhi/dnsdiag: DNS Measurement, Troubleshooting and Security Auditing Toolset
#dns, #trace

Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to make sure your DNS is working as you expect.

HaveIBeenPwned · GitHub
#hibpd, #opensource

Enjoying these posts? Subscribe for more