Utilize a default certificate for services fronted by nginx-ingress

For most people in the k8s world, nginx-ingress has provided a fairly reliable option as their Ingress Controller. While it provides a boat-load of great features, it also provides enough string to get tangled in. Here’s one way we solved not wanting to create certificates for each microserivce, but instead, utilize a default certificate (wildcard) applied to all services existing under our TLD. The Problem For each Ingress definition you define, you can use cert-manager along with nginx-ingress to automatically provision a certificate for the given fully qualified domain name your provide i.

Continue reading ↦

Syncing my Life: What's a Backup?

Sans the semi-click-baity title, I genuinely want to open your eyes to a new strategy I take with my backups, whereas I don’t ever really think about schedules, swapping out destinations, differential vs incremental, or any other backup idioms most of us consider normal. It’s 2019. Enter syncing. Across devices. Across operating systems. Over the network. Oh, and Free. Buckets Yep, just like AWS buckets, I have a logical representation for each content class, depending on its attributes and meaning to my overall life.

Continue reading ↦

Actually Grasping Kubernetes Probes

Most people don’t seem to fully understand Kubernetes probes beyond “they make sure my service is running”. Through my DevOps journeys, I’ve discovered probes can be incredibly powerful when leveraged effectively for your particular service. Here’s some of the things I’ve learned debugging and applying optimized probes to our deployments. General Probe Guidance Probes can be enabled for each and every container in a pod. It’s important to note that Probes don’t apply for a Pod, merely the containers within.

Continue reading ↦

When to consider a Pod unhealthy?

A lot of our services run more than one container in a single Pod to properly present the endpoint or execute the task at hand. In Kubernetes, this is encouraged as you’re taught to think of a Pod as a single unit of work representing your overall service. For example, you have a PHP-FPM container fronted by an Nginx container; both of these would exist in a single Pod. Note this article is only focusing on Pod’s with more than one container.

Continue reading ↦

Mitigate 504s with keep-alive timeouts

One calm April day, our internal ops application started showing problematic responses in the form of 504s. A HTTP 504 error is a server side gateway timeout and can be hard to diagnose. However, this usually has to do with the load balancers sitting in front of your application and their communication upstream. Ultimately the fix for came in the form of ensuring the application keep-alive timeout is the same or greater than that of the load balancers sitting in front.

Continue reading ↦

Overriding ConfigMap variables in Kubernetes

Much like default values.yaml files for Helm, you can utilize ConfigMaps in Kubernetes for much the same capability. Our developers have started to do this to make it easier when managing Deployment objects across different environments. Give a ConfigMap: apiVersion: v1 data: allowed: '"true"' enemies: aliens lives: "3" kind: ConfigMap metadata: name: engage namespace: default and a Deployment: spec: containers: - env: - name: enemies value: badguy envFrom: - configMapRef: name: engage Taking a look inside the container:

Continue reading ↦

Execute a Cronjob manually in k8s

We often find ourselves needing to test our Cronjobs more than we’d like out of band with their standard scheduled runtime. Kubernetes makes it super easy to do this by spawning a Job from the CronJob itself. kubectl create job --from=cronjob/<cronjob-name> <job-name> Thanks again stackoverflow!

AWS Key Fingerprints on your laptop

The AWS Fingerprints listed on the Key Pairs page (in the ec2 web console) are not derived in a simple ssh-keygen fashion. Instead of installing their custom tools (ec2-api-tools, which is java) to compare fingerprints with keys locally, you can use the following command to generate the fingerprint on either the private or public key. openssl pkcs8 -in ~/Downloads/stockx.pem -nocrypt -topk8 -outform DER | openssl sha1 -c

Halo on PC: Spartans Rejoice

This past weekend, I went down the rabbit hole on a project I recently discovered called Halo Online. From a past project between 343 and Saber Interactive, Halo Online was meant to be a free-to-play multiplayer experience based on Halo 3 available on PC. Sadly, outside of a closed beta in Russia, the game was cancelled. Luckily, those game files became available and modders created ElDewrito, enabling Forge mode and online servers for players everywhere plus other gameplay enhancements.

Continue reading ↦

Bitperfect direct audio output to a DAC in Windows

Since I have my own DAC/Amp (the coveted Schitt Stack), I very much like to play FLAC files directly to my DAC, ensuring no operating system mixer is filtering the output. This happens to be especially tricky when utilizing your optical audio output. One way you know you aren’t getting bitperfect playback is when you hear other system sounds or playback from other applications through your headphones. While this is pretty easy to achieve in Linux (VLC has a direct option as do other applications like deadbeef), it’s a bit harder in Windows.

Continue reading ↦