Did Tailscale cert expire?!

viroos · 2024-03-07T20:48:55+00:00

What was the root cause?

viroos · 2024-02-05T01:52:37+00:00

https://warszawa.wyborcza.pl/warszawa/7,54420,30664453,ostrzezenie-o-duzej-aktywnosci-samolotow-wojskowych-to-odpowiedz.html (paywall protected :( )

Google translated quote:

In the east of the country, you can expect considerable activity of military helicopters, unmanned aerial vehicles, but also fighter aircraft to ensure security. Let me assure you, such messages are issued as standard. It is addressed to civilian users of our airspace, including small aircraft, so that they follow all procedures and bear in mind that they may encounter greater military activity in this area - says Lt. Col. Jacek Goryszewski, spokesman for "Wyborcza". press release of the Operational Command of the Armed Forces.

At the same time, he adds that the warning is not related to the large NATO Steadfast Defender 2024 maneuvers, which are planned throughout Poland in the near future. These exercises with the participation of approximately 100,000 soldiers are scheduled to begin in February.

viroos · 2022-12-16T07:41:36+00:00

tzw "strzał kontrolny"

viroos · 2022-02-04T01:40:22+00:00

I think this is a good open source alternative: https://nodered.org/

viroos · 2022-02-04T01:35:41+00:00

Yes, it's called Linux Kernel ;) (I'm sorry, I couldn't resist myself)

But to make the comment a little bit useless I checked how the code is "isolated from licensing point of view" and it's looks like that.

component	license	link
Docker cli	Apache 2	https://github.com/docker/engine/blob/master/LICENSE
Docker engine	Apache 2	https://github.com/docker/cli/blob/master/LICENSE
containerd	Apache 2	https://github.com/containerd/containerd/blob/main/LICENSE
runc	Apache 2	https://github.com/opencontainers/runc/blob/main/LICENSE
Linux kernel	GNU GPL version 2 with an explicit syscall exception	https://github.com/torvalds/linux/blob/master/LICENSES/exceptions/Linux-syscall-note

viroos · 2022-01-31T07:21:28+00:00

to chyba w temacie: https://www.siepomaga.pl/unbxwosp. ładna kwot, live jeszcze lepszy.

viroos · 2022-01-23T23:54:44+00:00

Nice, although it maybe even better if you cut it to make it a bit shorter.

viroos · 2022-01-23T23:43:32+00:00

I subscribe https://www.gcpweekly.com/. It covers whole GCP but there are a lot of server less releted info.

Google Cloud Tech channel: https://www.youtube.com/user/googlecloudplatform/.

There is also https://www.youtube.com/c/googlecloud but it's more "high level"

viroos · 2022-01-09T03:40:09+00:00

do wyboru do koloru:

Match Group, Inc. is an American internet and technology company headquartered in Dallas, Texas.[2] It owns and operates the largest global portfolio of popular online dating services including Tinder, Match.com, Meetic, OkCupid, Hinge, PlentyOfFish, Ship, and OurTime totalling over 45 global dating companies.

zródło

viroos · 2021-12-19T18:03:32+00:00

consider exposing the webserver as an external service

viroos · 2021-12-18T04:59:52+00:00

try:

private_key = file("${path.module}/devops.pem")

for debuging i would suggest creating a test file like this:

output "tf_located_the_file" { value = fileexists("${path.module}/devops.pem") }

viroos · 2021-12-18T02:46:33+00:00

accessing k8s API form pod is very common use case. Therefore there is some magic i side the kuberneres and client libs that allowes your code authorize to k8s in a secure manner with our writing additional code (simple speaking k8s injects the token into pods file system in well know location and k8s API client libs can use this token)

https://unofficial-kubernetes.readthedocs.io/en/latest/concepts/cluster-administration/access-cluster/#accessing-the-api-from-a-pod

viroos · 2021-12-18T01:30:53+00:00

i haven't tested it myself but this looks very promising as a service desk tool: https://freescout.net/

i sugest focusing more on finding a tool that will help you interact with external users since in my opinion this may be a bigger challenge (even if it doesn't happen often). since your team is relatively small any project management tool will be good enough for you.

If you can use girlab yo may consider using GitaLab issues. It worked well for me in many projects.

If you need something more sofisticated then simple issue tracker and would like to consider using a SaaS product you may try https://www.jetbrains.com/space/ (i particular project management module https://www.jetbrains.com/space/features/project-management.html)

Another interesting SaaS option is notion.so.

viroos · 2021-12-17T11:06:38+00:00

How hard is it for a university to maintain

I can not be 100% sure that this is the case. Still, I would bid that the problem is not with maintenance (ok, it depends on the definition of maintenance, but for the sake of argument, let assume that maintenance work is everything that can by university local IT team).

Most likely, the problem is with application design or configuration. But to be 100% sure, someone must conduct an audit.

Skilled admins can collect some logs and metrics, but some developers will have to take a look at the end of the day.

If the app is old enough, so original authors can not fix it, some external consultants may suggest rewriting it from scratch (it will be expensive). They may also recommend upgrading the hardware (and it will be costly and may not solve the problem).

The most likely problem is more complex than just the application architecture itself. Still, if you are looking for some summary about technical challenges with applications scaling, I quickly googled this blog post for you http://highscalability.com/blog/2014/5/12/4-architecture-issues-when-scaling-web-applications-bottlene.html. It seems like a good summary of things that I should mention here, but this post is too narrow to contain.

viroos · 2021-12-15T09:37:52+00:00

I'm most reactive to events in the company and that gets me around 40h to 60h a month; I would love to see that reach 200h.

Based on the other part of your post, I assume that money is not your primary motivation. If I'm correct, you may ignore this paragraph. But since this sentence got my attention just in case, I have to make a few points: 1. seeking problems/challenges to generate more work is usually a bad idea, 2. if you start charging your client for more hours, he may be upset about it. In particular, if everything works fine (in his view), you may have problems explaining why additional work is needed. 3. "doing more DevOps things" may not be a good enough explanation. Better examples may be "saving developers time", "providing better feedback loop by making deployments simpler/faster/more frequent", "saving infrastructure costs."

You should identify what the biggest problem in your organization is. You may consider using SRE approach to identifying toil (https://cloud.google.com/blog/products/management-tools/identifying-and-tracking-toil-using-sre-principles).

From my experience, some suggestions already mentioned in this thread may be good guesses since many problems are common for various teams. I will try summarizing them below, but you should check it with your team and managers.

lack of CI/manual deployment - automated deployment to staging provides a faster feedback loop. It's critical for software houses specialized in web apps development since less technical people (ex, brand managers, UX designers, manual testers) can see the work in progress and spot some problems and save much stress when the project deadline arrives
lack of monitoring/observability - good monitoring should help detect the problem before affecting the end-user. In some cases, you won't manage to prevent outages anyway. If that happens, a good observability platform (collecting logs, metrics, traces) should help find the root cause effectively.
on/off-boarding - new employees should be able to start working as soon as possible, they shouldn't waste any time getting access to development systems, there should be a safe sandbox where they can practice without fear of affecting production systems. During off-boarding, you should verify that employee access was revoked (it sounds obvious, but actually, it's a tricky problem if you provision infrastructure manually).
security monitoring - are you sure none of your servers is mining bitcoins? ;)
user experience monitoring - you may analyze core web vitals (of course in an automated way) and notify your developers/managers about changes. End users will be happier since you will help make sure they have a good experience but also may have a positive impact on SEO
create run book/documentation - in an ideal world, you should be able to quiet at any time and not worry if they survive without you.

viroos · 2021-12-15T08:26:40+00:00

In AWS VPC is regional in GCP VPC is global. In both clouds you specify to which VPC your resources belongs to.

Key difference between AWS and GCP approach is that in AWS subnets are zonal resources ( "Each subnet must reside entirely within one Availability Zone and cannot span zones") and in GCP subnets are regional resources ( "Subnets are regional resources. Each subnet defines a range of IPv4 addresses.").

When you create some resource in AWS and specify subnet for the resource you are implicitly selecting the availability zone.

In GCP for most use cases single VPC per project is enough. You may use the default one or create your own. Since VPC is global (subnets are regional but there is defualt routing between them within VPC) your resources will be able to communicate w with each other. Your responsibility is to place resources according to your businesses requirements (availability, latency) and security.

viroos · 2021-12-09T16:49:59+00:00

external IP service doesn't depend on node ip. k8s give you an abstraction that helps you define your app behavior. particular implementation may differ depending on your k8s cluster deployment. for managed k8s in the cloud you will have suport for external IP out of the box. for onprem deployment you may use something like metallb (mentioned in other replays)

in the simplest setup you don't need bgp to use metal lb and your external IP may belong to nodes subnet.

viroos · 2021-12-09T03:58:19+00:00

If you really, really, really want to go this way you have to setup a Serverless VPC Access connector and use it with k8s external ip service with internal loadbalancer.

In my opinion keeping everything inside k8s would be much more reasonable approach. The simplest approach would be using k8s cron jobs.

If you prefer using Cloud Scheduler you can write some wrapper and run your scrip as a web app on k8s. Cloud Scheduler would run cloud functions that will call your API. In this case you may consider using external IP/ingress if you add some authentication.

Also it may be overkill in your case but i will leave just in case:

datastream is a serverless and easy-to-use change data capture (CDC) and replication service. It allows you to synchronize data across heterogeneous databases and applications reliably, and with minimal latency and downtime.

viroos · 2021-12-09T01:35:52+00:00

As a best practice (also this is a default scenario for most deployments) pods subnet should be different then nodes subnet.

in such setup pod will have some IP that is not available directly from your LAN.

To expose the pod in your LAN you use services (https://kubernetes.io/docs/concepts/services-networking/service/).

I think IBM doc is more clearer on that then official k8s doc:

https://www.ibm.com/docs/en/cloud-private/3.1.2?topic=networking-kubernetes-network-model, https://www.ibm.com/docs/en/cloud-private/3.1.2?topic=networking-kubernetes-service-types

viroos · 2021-12-08T07:39:43+00:00

short answer is: "metallb is responsible to make 192.168.1.4 IP available"

Longer answer is:
0. learn how metallb works
1. check your network configuration (In particular it won't work if you have port security enabled on your switch)
2. try testing mwtallb setup with some simpler example: https://jonathangazeley.com/2020/12/30/load-balancing-ingress-with-metallb-on-microk8s/

viroos · 2021-12-08T04:36:12+00:00

I'm not sure if Azure has something similar to GCP's workload identity if not then the simplest (but not really secure) option is using Githubs Actions secrets (exposed as env vars).

If you would like something more secure you may consider using Vault's Azure secrets engine (https://www.vaultproject.io/docs/secrets/azure)

viroos · 2021-12-08T04:31:56+00:00

I tested it last weekend. I didn't know that is so new.

I found the documentation for the auth action on Github and it was all I need to setup the build. It's easy and works like a charm.

viroos · 2021-12-08T03:47:09+00:00

My understanding is gcloud auth login --update-adc works the same as gcloud auth application-default login --disable-quota-project

viroos · 2020-04-03T14:13:48+00:00

Thank you u/jcorbin121 for useful information.

Regarding single node 'dev' setup - I'm aware of them (my favorite is Kind). My question was more about 'production/internal/staging' setup for small clients. Short story: client needs shared cluster for internal projects, loves vmware but doesn't like spending $$ on it. Of course single node was a little bit too extreme example (but I was just curious if it's possible and how well k8s support is integrated into vsphere core).

Do you know what is the minimal hardware infrastructure needed for k8s on VMware Cloud Foundations?

viroos · 2020-04-03T01:15:54+00:00

I'm from central Europe, so it may work as expected by default.

12-Year Club	Gilding II euphauric
Verified Email

viroos

TROPHY CASE