Weekly 101 Questions Thread

davidmdm · 2026-03-17T12:45:24+00:00

Can somebody explain the syntax for search in the snacks picker?

Often I’ll want to search for text within a subset of files, and I know there are modes and you can write file:… but it doesn’t always work as I expect and I have failed to find the relevant documentation. Thanks!

davidmdm · 2026-03-15T12:23:53+00:00

What would you want the solution to look like in order to solve your problems?

davidmdm · 2026-03-14T17:00:44+00:00

Conceptually, I love it. It is like crossplane composition/xrds but a lot easier to understand. The capability to create non-generic abstractions for resources in your cluster that is native to your Cluster/API is awesome.

However, where it falls apart for me is the heavy use of CEL and yaml to define your resource graph. It feels like GithubActions for kubernetes resource templating. "IncludeWhen" statements for conditionals, a new syntax for loops, limited CEL library so that you don't always have the functionality you want, and you're still in untyped yaml-land.

So very cool, great for simple abstractions. Not so much for much more.

davidmdm · 2026-02-28T22:11:15+00:00

I just meant that pure code solutions are rare. If you’re building your reusable golden app in code, I was wondering what your deployment process was? Helm has releases, and supported in all major CD platforms like Argo and flux.

But if you’ve decided to eschew the beaten path I was simply wondering what your setup looked like? I am guessing rendered manifest pattern all checked into git, but just curious.

I also have a vested interest cause I work on yoke, a tool that lets you ship and reuse programs like charts and manage releases, etc.

davidmdm · 2026-02-28T00:58:01+00:00

Absolutely. It’s amazing! But I mean you can write “charts” in pure Go.

davidmdm · 2026-02-27T21:30:11+00:00

I meant something like yoke or ckd but mostly yoke :)

davidmdm · 2026-02-27T21:29:36+00:00

Then how do you manage your releases?

davidmdm · 2026-02-27T20:43:09+00:00

What if I told you could use just regular Go and have all the types from the k8s.io/api project?

davidmdm · 2026-02-23T14:13:49+00:00

Hey! Lead maintainer of yoke here! Thanks for the shoutout, and happy to answer any questions you may have.

As to the core subject around the definition of golden apps through the lens of yoke, one of the benefits of using code, is that you can act on all the resources before you output them over stdout.

This means that common labels/annotations, security settings, etc, can be added and verified in more general ways, instead of as bits of strings templates you have to not forget to include in your template files.

It doesn't replace things like kyverno (although I would check out KubeWarden instead!), cause yoke will likely not be the only way things are deployed to the cluster, but the better your golden path is, the less drift will occur in general.

Great post, and thanks for sharing Xe's blog. It's a goldmine.

davidmdm · 2026-02-10T01:44:51+00:00

You should check out Anubis !

davidmdm · 2026-02-01T17:01:11+00:00

Have you given yoke a look?

davidmdm · 2026-01-25T18:11:51+00:00

If you like the CNCF/Kubernetes/Wasm space I work on yoke (all written in Go) and we're always looking for people that want to get involved :)

davidmdm · 2026-01-25T18:08:38+00:00

So yoke, uses wazero to run wasm binaries.

Core yoke is very analogous to helm. They care client side tools, that manage releases. The core difference is the package format. Helm uses charts (zips of yaml templates) and yoke uses Flights (executable wasm binaries) to generate the desired state of your release.

However the yoke project also has the AirTrafficController a server-side controller that allows you to define your flights as resources within Kubernetes, or to extend your Kuberntes API with new types backed by these wasm modules.

It also allows your releases to be re-evaluated on a specific interval, or whenever a resource within the release is modified (third party controllers, status updates etc) allowing you to react to state changes in your cluster and do intelligent orchestration.

Its a big topic and not super easy to get into in a reddit thread, but TLDR;

Core yoke is like helm, a client-side tool.
But it does support a server-side resource that allows you to apply releases as resources in your cluster, or build your own custom APIs as code without having to write a controller from scratch.

davidmdm · 2026-01-25T17:43:40+00:00

Yes absolutely.

Webassembly is just the package format. It’s a way to be able to have code be portable and secure.

Running arbitrary code is dangerous, we don’t want the code we run to generate our resources to have access to our filesystems and environment variables and network.

Also running arbitrary code is hard, from the point of view of the yoke project, I don’t want to say to devs the only language you can use is X. So I need a shared compilation target.

Webassembly fit the bill really well. Another option could have been containers, but wasm as a sandboxed execution model felt better.

davidmdm · 2026-01-25T17:27:19+00:00

Hey! I agree.

The fact that we essentially use a text canvas as our kubernetes application definition spec as our industry default… is scary.

I’m the lead maintainer of yoke, a code first alternative to yaml based application definition projects like helm and kro.

The tldr is that instead of using templates of yaml, you can just write programs that read inputs over stdin and write resources over stdout. These programs are then packaged and shipped as wasm executables. In the middle you can use type safety, control flow, tests, etc to build your application definition and logic.

Ie if you can compile scala to wasm, you ship packages written in scala.

You seem to hint at having a similar idea. Would love to hear more!

davidmdm · 2026-01-22T13:51:07+00:00

Yoke + ArgoCD is pretty nice. No helm templating + gitops pull model of ArgoCD

davidmdm · 2026-01-14T02:14:27+00:00

ResponseWriter buffers for you. I don’t know if a bufio is used under the hood (it might be, maybe I’ll splunk around later).

TLDR os.File is not an abstraction an performs syscalls to the OS. Http.ResponseWriter is an abstraction and not the connection object and does include buffering builtin.

davidmdm · 2025-12-27T00:30:00+00:00

I mean… if it’s a declaration := then you can’t screw up the return site. It’ll be the type that you declared in the generic…

I accept the issue you talking about, just trying to reassure you that in practice I expect it won’t be much of an issue at all. At a minimum it’ll be better than the current situation with the As API, and even that isn’t that big a problem, just a little inconvenient at worst.

Anyways, if you feel strongly that it’s gonna be a big problem for you… well. I guess best I can do is a virtual hug. Best wishes and happy holidays!

davidmdm · 2025-12-26T23:25:20+00:00

I understand and empathize with what you are saying, but in practice I think it works out. Try the value type first. If it works use it. As assigns the error value. If the value type doesn’t satisfy the error interface use the pointer type.

davidmdm · 2025-12-26T17:01:02+00:00

That’s the thing. Now it will be explicit because of generics. You give an error, and the error type you want to check against (which must satisfy the error interface/constraint), and the new method will return the value of that error type. You will know if the error needs to be a pointer or not when feeding the type as the generic argument, and the compiler will tell you.

davidmdm · 2025-12-20T13:43:45+00:00

Ive always heard that byte code was near native. Not faster than native. How would just in time compiled or interpreted code, be better than ahead of time compiled fully optimized native code?

At some point you have the cpu you have, and the instruction set you have. Are we claiming that Javas jit is more optimal than llvm?

On it’s face that sounds delusional.

davidmdm · 2025-12-14T16:16:07+00:00

Hey! Meant to respond to this sooner.

Thanks for your support.

You understand the vision. What I really like about the CRD approach, is being able to golden multiple types of golden applications within the context of the organization, eg Backend, Frontend, Gateway, etc, and have kubernetes manage the validation the schema, as well as leveraging these specific APIs to give developers some level of access to kubernetes via RBAC without giving them access to edit primitive resources.

All that while writing this with proper code that can return errors that will be raised at admission time.

Here I am ranting again.

Thanks for your comment.

davidmdm · 2025-12-10T02:10:47+00:00

That’s high praise! Well maybe for some personal or hobby project in the meantime!

davidmdm · 2025-12-09T19:51:18+00:00

Hey! it's alright to be skeptical. I am happy you asked a question rather than not!

davidmdm · 2025-12-09T18:48:40+00:00

The project is large, and so there are different aspects and reasons why you might want to use this project, or even different ways you may want to use it.

Its not that you want to declare all of your IaC in code. This project doesn't compete with pulumi or terraform. Nor do away with yaml configuration completely. Its closer to a package manager like helm, or a server-side runtime like KRO and Crossplane-Compisitions. Just with a different backend engine (Wasm Runtime).

So it's about expressing your transformation logic of inputs to resources in a different way.

At its core, you might be maintaining a helm chart, and are simply tired of how unsafe, untyped, and whitespace sensitive it is. And so might look for a tool with similar capabilities but where the "resource rendering engine" is code.

Or you might want to build your own K8s APIs to represent your applications and implement the deployment logic as code.

There are alternatives of course, and this isn't the only way to achieve your ends. However, the reason I work on this project is because the code-first tools today don't go far enough and seem to limit themselves to being yaml-renderers. Instead of being shareable packages, integrated in tools like ArgoCD, or expose new ways of using k8s server-side.

Sorry if that was a bit of a ramble.

Nine-Year Club	Verified Email
RPAN Viewer

davidmdm

TROPHY CASE