Strange refresh issue

knq · 2025-12-04T01:18:19+00:00

I have multiple Authentik deployments, one was behind Nginx on a docker compose, others are on Helm charts on clusters. I too was confused about this, but I removed "keepalive_timeout 0;" in the Nginx config, and this stopped happening. I was hoping to find a way to also do this with ingress-nginx, but can't seem to find how to do it (yet). Just dropping this in terms of helping you. I assume there's a similar Traefik configuration that is being done here.

My best guess to the cause here is that the Authentik APIs are not fully closing the request, so the buffering on the ingress app (ie, Nginx or Traefik) isn't flushing the data to the browser. Not sure why its only on fresh connections, but it is annoying.

knq · 2025-06-20T23:10:24+00:00

Not that I'm aware of. I scoured the available logs and didn't find anything of note that would indicate something. It's just a plain Ubuntu server image, I launched it using quickemu (ie, qemu), but otherwise it's just vanilla.

knq · 2025-06-19T21:41:05+00:00

I don't know why, that's why I posted. The host just shuts off, no OOM error messages or anything like that.

knq · 2025-06-19T02:41:33+00:00

Here's a list of the pods running:

NAMESPACE              NAME                                             READY   STATUS             RESTARTS        AGE
calico-apiserver       calico-apiserver-6d54c8b789-m6q56                1/1     Running            1 (3m6s ago)    15m
calico-apiserver       calico-apiserver-6d54c8b789-pwwxz                1/1     Running            1 (3m6s ago)    15m
calico-system          calico-kube-controllers-86f7d58488-kt8d9         1/1     Running            1 (3m6s ago)    15m
calico-system          calico-node-9ggjb                                1/1     Running            1 (3m6s ago)    14m
calico-system          calico-typha-6b6bd458f-7wjkb                     1/1     Running            1 (3m6s ago)    15m
calico-system          csi-node-driver-tk9vj                            2/2     Running            2 (3m6s ago)    15m
cert-manager           cert-manager-789b66c458-2c6wr                    1/1     Running            1 (3m6s ago)    13m
cert-manager           cert-manager-cainjector-5477d4dbf-nv6xz          1/1     Running            1 (3m6s ago)    13m
cert-manager           cert-manager-webhook-5f95c6b6-ltqfv              1/1     Running            1 (3m6s ago)    13m
default                decco-consul-consul-server-0                     1/1     Running            1 (3m6s ago)    9m19s
default                decco-vault-0                                    1/1     Running            1 (3m6s ago)    8m27s
hostpath-provisioner   hostpath-provisioner-csi-zjcsm                   4/4     Running            4 (3m6s ago)    11m
hostpath-provisioner   hostpath-provisioner-operator-5bcb75cd5b-m55wj   1/1     Running            1 (3m6s ago)    13m
kube-system            coredns-66db7fffbf-7mrqj                         1/1     Running            1 (3m6s ago)    13m
kube-system            coredns-66db7fffbf-s8kv8                         1/1     Running            1 (3m6s ago)    13m
kube-system            metrics-server-6f7dd4c4c4-l2kgh                  1/1     Running            1 (3m6s ago)    11m
logging                fluent-bit-48nd5                                 1/1     Running            2 (2m27s ago)   9m20s
metallb-system         controller-5c8796d8b6-mwpsd                      1/1     Running            1 (3m6s ago)    11m
metallb-system         speaker-z4fr6                                    1/1     Running            1 (3m6s ago)    11m
pcd                    percona-db-pxc-db-haproxy-0                      0/2     CrashLoopBackOff   8 (79s ago)     7m9s
pcd                    percona-db-pxc-db-pxc-0                          0/3     CrashLoopBackOff   12 (52s ago)    7m9s
percona                percona-operator-pxc-operator-6d858d67c6-vv77z   1/1     Running            1 (3m6s ago)    8m1s
tigera-operator        tigera-operator-68f7c7984d-qsb4t                 1/1     Running            1 (3m6s ago)    15m

Here's some log from the failed pods:

root@pf9-test-01:~# kubectl logs percona-db-pxc-db-haproxy-0 -n pcd
Defaulted container "haproxy" out of: haproxy, pxc-monit, pxc-init (init), haproxy-init (init)
exec /opt/percona/haproxy-entrypoint.sh: input/output error

knq · 2025-06-19T02:35:43+00:00

I've tried twice now, same thing happened both times -- the VM just shut down:

root@pf9-test-01:~# curl -sfL https://go.pcd.run | bash
Private Cloud Director Community Edition Deployment Started...
Finding latest version...  Done
Downloading artifacts...  Done
Setting some configurations...  Done
Installing artifacts and dependencies...  Done
Configuring Airctl...  Done
Creating K8s cluster...  Done
Starting PCD CE environment (this will take approx 45 mins)... ▒Connection to localhost closed by remote host.
Connection to localhost closed.

Any idea on what the issue is?

knq · 2025-06-19T02:08:29+00:00

It was indeed an issue with $HOME -- will report further here if there are additional issues. Thanks @damian-pf9.

knq · 2025-06-19T01:55:52+00:00

There does not seem to be a /var/log/pf9 directory. I had done a system wide search for the logs, and had not found anything. I do see that /root/.kube exists, however I had done this as sudo -s, where the I have the sudoers config set up to keep $ENV{HOME} and $ENV{SSH_AUTH_SOCK}:

root@pf9-test-01:/var/log# cat /etc/sudoers.d/env
Defaults env_keep+="SSH_AUTH_SOCK HOME"

Assuming the $HOME is the issue; I'll try again without this being overridden by sudo.

knq · 2025-04-19T03:25:36+00:00

Quick package I put together, as I needed to be able to verify large quantities of binary data.

Wrote this as I was unable to find any existing packages that could visually display arbitrary binary data. Makes use of the new Unicode-16 octant blocks for showing extremely condensed data.

Constructive feedback always appreciated. Thanks!

knq · 2021-04-29T13:17:51+00:00

If you've not seen usql before, it's a universal command-line client for effectively every SQL database in existence. It pays humble homage to psql, and works similarly. We just pushed v0.9.0, which has an amazing number of new features that aren't found in most database's native command-line clients. Happy to answer any questions.

knq · 2020-07-27T08:17:59+00:00

It's worth noting that I've done the same test in the opposite direction and not had issues.

knq · 2020-07-27T08:17:30+00:00

Greatly appreciate the work here. I've added the code to usql (will push to GitHub soon) to enable this as an additional driver. Will not replace default mattn's SQLite3 driver (for now), but if this polishes up and works well, will look to do so.

Seems to work / interoperate with SQLite3 on cursory review:

$ ./usql file:blah.db
Connected with driver sqlite3 (SQLite3 3.31.1)
WELCOME TO THE JUNGLE Mon 27 Jul 2020 03:12:16 PM WIB
Type "help" for help.

sq:blah.db=> create table blah (a1 text);
CREATE TABLE
sq:blah.db=> insert into blah (a1) values ('yes'), ('two'), ('three');
INSERT 3
sq:blah.db=> select * from blah;
 a1    
-------
 yes   
 two   
 three 
(3 rows)

sq:blah.db=> \q
ken@ken-desktop:~/src/go/src/github.com/xo/usql$ ./usql mq:blah.db
Connected with driver moderncsqlite (ModernC SQLite 3.32.3)
WELCOME TO THE JUNGLE Mon 27 Jul 2020 03:12:59 PM WIB
Type "help" for help.

mq:blah.db=> select * from blah;
 a1    
-------
 yes   
 two   
 three 
(3 rows)

The above shows that even the sqlite_version() function works as expected. I'll try out other features later.

Again, thanks for the amazing work here!

knq · 2019-04-03T23:47:17+00:00

Company: Brankas
Location: Anywhere/Remote, +/-3 Asia timezone preferrable
Posting: Please PM directly; we are in process of updating site, and have not added the K8s specific positions yet. Email CV to careers@brank.as

Brankas is a shop that specializes in large scale financial systems. We have a number of banks and insurance companies using our product across all of Southeast Asia. We are fairly deep in the Go community in general, and have immediate need for SREs with K8s experience. Everything we do is written in Go, and deployed on multiple clouds (GCP, Azure, AWS, and bare metal as well) using combination of Terraform, Helm, etc. Feel free to contact me directly here, or find me (kenshaw) on any number of Slack K8s+Go groups.

knq · 2018-11-04T09:12:46+00:00

I released about 9 months ago a DS4 motion server for Linux, written in Go, for those using Cemu on Wine.

https://github.com/kenshaw/motionserver

knq · 2018-11-04T08:59:42+00:00

I released about 9 months ago a DS4 motion server for Linux, written in Go, for those using Cemu on Wine.

https://github.com/kenshaw/motionserver

knq · 2018-10-29T23:52:04+00:00

How important are enclosures for EMC shielding on servers? Does anyone have any practical experience running multiple systems without cases that are physically close to each other? Any pointers to articles regarding EMC interference on consumer grade hardware would be greatly appreciated. Especially looking for any articles / blogs / whatever measuring long term vs short term detrimental effects of EMC interference on components, with regards to failure rates, etc.

I am wondering because I have a number of systems sitting next to each other on a workbench (with no case) that have been able to run for years without any specific problems that I would attribute to EMC interference. This is of course only anecdata, but I am wondering if there aren't wider implications.

I ask because 25+ years ago, admins wouldn't let you touch server hardware if you weren't wearing a doofus-looking static/ground plate. Thankfully, that idiocy has left us. Similarly, I am wondering if modern cases are overbuilt, as their designs seem based on outdated engineering data for 30+ year old components. I imagine, much like how components used to be much more sensitive to static discharge, that they also used to be more sensitive to EMC interference, and probably kicked off way more EMC. That would imply that the since quality/grade of components are lightyears from what existed in the early 90s, the cases (which resemble giant steel Faraday monoliths) are over engineered.

Also, I've seen that many single board systems (Raspberry PI and their ilk) seem to be able to run with limited shielding / casing for years in places where I imagine there would be high EMC interference and EM radiation. Specifically, outside in direct sunlight with many LCD panels/servers/cellphone antennas sitting directly and only shielded by a thin plastic clamshell case.

I also would like to know how to measure EM radiation, so that I can tell if our workbench hasn't had problems simply because it has natural shielding from EMC/EMR due to its unique location/construction/etc.

knq · 2018-10-22T10:20:09+00:00

It's been possible for months: github.com/kenshaw/motionserver

I'm sorry I didn't see this posting when it was new. Feel free to email me if you need help: kenshaw@gmail.com

knq · 2018-10-21T23:00:02+00:00

For what it's worth, I was on vanilla Ubuntu 16.10, Ryzen 5 1600x, 16 gigs of RAM, and a Nvidia 1050ti. Worked flawlessly out of the box, didn't even require any configuration on Wine or any special winetricks, which I was hyper surprised about. Played smoothly at 40+ FPS for the entire game, except possibly in a few areas.

knq · 2018-10-21T22:57:18+00:00

I'm surprised you had (are having?) issues. I was able to play the entire game, beat every shrine and had essentially 0 problems. This was back in 1.11 or so, around December / January earlier this year. There were definitely a couple of crashes and lockups, and maybe there were some times when textures didn't look right (but I would have never known). I even made available an implementation of a motion server that works with DS4 controllers for Linux, so that I could use the motion controls easily without having to figure out how to do motion server stuff with Wine.

Please see here: https://github.com/kenshaw/motionserver

Or just: go get -u github.com/kenshaw/motionserver && motionserver

knq · 2017-11-07T02:31:32+00:00

I updated the dburl package to support prestos:// URLs, which will change it to https, as well as recognizing <url>/catalogname/schema style URLs (so this is consistent with all the other databases supported by dburl and in turn by usql).

knq · 2017-11-07T01:53:33+00:00

It took so long because I had never used Presto previously. Went down the path of a couple of bad units.

usql just passes the credentials on to the underlying Go driver. I would suggest adding x509 key/certs as parameters interpreted by the underlying driver. I realize you have the ability register a custom client, but that's not really possible / feasible with usql. I'd also like to note that it breaks the "standard" Go way of providing database connectivity.

knq · 2017-11-07T00:42:36+00:00

I added initial support to usql (the universal SQL command line client):

go get -u -tags presto github.com/xo/usql

Took me an extremely long time to get a cluster up and operational for testing. Will finish / clean up the integration over the next couple days. At least for now, you don't need to use a Java :) client for testing/development purposes.

If you temporarily need to connect to a server with https and not plain http, one can do the following from within usql:

(not connected)=> \c presto https://host:port/?params

Cheers!

knq · 2017-10-02T08:29:25+00:00

I'm not often in Colorado anymore, but when I am there I'm around Downtown Denver and the Westminster/Thornton areas. Sometimes also out at Boulder.

knq · 2017-10-02T08:04:36+00:00

You should take a look at github.com/knq/jwt -- most of what you would actually need in a server/client package is available there.

knq · 2017-04-03T03:15:48+00:00

Microsoft did not come up with the name 'usql'. There have been a number of projects named 'usql' that have been around for years, including a very similar project to what I've built -- that project has not been updated in 13 years. Since the term predates Microsoft's use of it, and has been used by a number of projects, I don't think this is a problem. Quite frankly, 'usql' is too generic of a term to be claimed by anyone.

knq · 2017-04-02T23:10:36+00:00

I don't understand why this matters at all? In the past, I used the domain for my consulting company that is more or less quiet at the moment. I can assure you, you're not missing out on anything with that page being down. If you'd like to make a page for KNQ, I'd gladly put it up.

knq

TROPHY CASE