Bat: The Correct Version of Cat

Bat is a replacement for Cat with a slew of impressive features. The image above is a tiny example of its beauty printing out a file (a readme in this case). Install on Mac: brew install bat My zsh function which kicks in when its available in $PATH to replace cat: if which bat >/dev/null 2>&1; then alias cat='bat --theme=DarkNeon --style="numbers,changes,header,grid"'; fi This sets a better theme and explicitly defines the features I want.

Continue reading ↦

Includes with Gitignore

Sometimes, you can run into a situation where you need to include a resource that lives in a place you had previously gitignored for safety reasons. One such example I ran into yesterday was kubeconfigs resulting from our eksctl usage. While we don’t want the root kubeconfig to accidentally get committed, we do want certain user kubeconfigs, in this case admin configs, to get stored in the same repo. We can do this as we use aws-iam-authenticator with roles to grant users privileges.

Continue reading ↦

Configuring Secure DNS (over TLS/HTTPS) on Android

Recently, I published a Gist I made with my preferred Public DNS Servers including information and linkage about them. Today, I re-setup Adguard, one of the best solutions for blocking malicious content across multiple realms including Content Blocking, DNS Filtering, Tracking Protection, and Phishing+Malware. What’s even better is it allows you to specify your own DNS servers to use, natively supporting DNS over TLS, HTTPS, and DNSCrypt. Today, I leveraged that functionality to test and implement the following resolver configuration for my mobile device:

Continue reading ↦

Utilize a default certificate for services fronted by nginx-ingress

For most people in the k8s world, nginx-ingress has provided a fairly reliable option as their Ingress Controller. While it provides a boat-load of great features, it also provides enough string to get tangled in. Here’s one way we solved not wanting to create certificates for each microserivce, but instead, utilize a default certificate (wildcard) applied to all services existing under our TLD. The Problem For each Ingress definition you define, you can use cert-manager along with nginx-ingress to automatically provision a certificate for the given fully qualified domain name your provide i.

Continue reading ↦

Syncing my Life: What's a Backup?

Sans the semi-click-baity title, I genuinely want to open your eyes to a new strategy I take with my backups, whereas I don’t ever really think about schedules, swapping out destinations, differential vs incremental, or any other backup idioms most of us consider normal. It’s 2019. Enter syncing. Across devices. Across operating systems. Over the network. Oh, and Free. Buckets Yep, just like AWS buckets, I have a logical representation for each content class, depending on its attributes and meaning to my overall life.

Continue reading ↦

Actually Grasping Kubernetes Probes

Most people don’t seem to fully understand Kubernetes probes beyond “they make sure my service is running”. Through my DevOps journeys, I’ve discovered probes can be incredibly powerful when leveraged effectively for your particular service. Here’s some of the things I’ve learned debugging and applying optimized probes to our deployments. General Probe Guidance Probes can be enabled for each and every container in a pod. It’s important to note that Probes don’t apply for a Pod, merely the containers within.

Continue reading ↦

When to consider a Pod unhealthy?

A lot of our services run more than one container in a single Pod to properly present the endpoint or execute the task at hand. In Kubernetes, this is encouraged as you’re taught to think of a Pod as a single unit of work representing your overall service. For example, you have a PHP-FPM container fronted by an Nginx container; both of these would exist in a single Pod. Note this article is only focusing on Pod’s with more than one container.

Continue reading ↦

Mitigate 504s with keep-alive timeouts

One calm April day, our internal ops application started showing problematic responses in the form of 504s. A HTTP 504 error is a server side gateway timeout and can be hard to diagnose. However, this usually has to do with the load balancers sitting in front of your application and their communication upstream. Ultimately the fix for came in the form of ensuring the application keep-alive timeout is the same or greater than that of the load balancers sitting in front.

Continue reading ↦

Overriding ConfigMap variables in Kubernetes

Much like default values.yaml files for Helm, you can utilize ConfigMaps in Kubernetes for much the same capability. Our developers have started to do this to make it easier when managing Deployment objects across different environments. Give a ConfigMap: apiVersion: v1 data: allowed: '"true"' enemies: aliens lives: "3" kind: ConfigMap metadata: name: engage namespace: default and a Deployment: spec: containers: - env: - name: enemies value: badguy envFrom: - configMapRef: name: engage Taking a look inside the container:

Continue reading ↦

Execute a Cronjob manually in k8s

We often find ourselves needing to test our Cronjobs more than we’d like out of band with their standard scheduled runtime. Kubernetes makes it super easy to do this by spawning a Job from the CronJob itself. kubectl create job --from=cronjob/<cronjob-name> <job-name> Thanks again stackoverflow!