Some things I learnt recently...
I have been slowly migrating the containers in my homelab to kubernetes, and recently I have done Frigate. Frigate is not a standard container, it requires a few extra features to run. Internally it …
Some learnings from the webinar I attended yesterday:
FQDN, PQDN, hostnames and root zones
You can tell the DNS resolver to not traverse the search path if you explicitly put a full stop …
I started using this little utility called HACompanion that can be configured with a custom script that reads whether your monitor screen is locked or is not.
I normally always force lock my screen …
Sometimes you have to run things concurrently, and a few of those times you have to control the exact concurrency level. In a non-distributed system, controlling concurrency is easy.
Python has the …
I have a little LCD screen wired up to a ESP32 on my desk. It tells me the temperature/humidity inside and outside the house. It is relatively useful but I wanted to do a bit more with it.
The text is …
In Cilium, if a pod runs with the hostNetwork set to true, it will run with the same IP of the host. Such pods runs unrestricted, without policy enforcement by default. That is because those pods do …
There are a lot of Git commands that displays delta, and all of them support preprocessing files before doing the diffing.
Preprocessors are run based on file extensions. In my case, I want to …
In its default configuration, a Linux machine running Docker runs containers in a dedicated virtual ethernet network that is bridged to the host network. Even with ports not bound to the host network …
All containers that are part of a pod have the same network namespace, and (can) bind to all IPs in that namespace. Kubernetes does not offer any implicit filtering between pod network namespace and …
SQS queues have producers (sometimes referred as publishers) and consumers. Both entities need to know the queue ARN (the Amazon ID system) to connect to. Sometimes it is desirable to not share the …
Let’s consider the scenario of a NAT server doing the forwarding between an internal network and internet, and a client that sits in the internal network which runs the ftp client. To simulate …
You can use heredoc markers to define strings in HCL that span multiple lines. There is also a way to automatically strip out all extra indentation that may have in it, by using the <<- …
At work we use CoreDNS to forward queries to the VPC resolver, as we run most of our services in Kubernetes. What that means is that we are routing all DNS queries through a few machines, and we …
The difference between the two functions is that the result of template cannot be chained with another function, while include can.
Please note that the template function is included in the Go …
A EC2 instance that you launch is only allowed to receive traffic if the destination IP matches what the DHCP server assigned. Similarly, a EC2 instance is allowed to use a certain IP as source only …
In some of our pods we use a temporary storage, to exchange data between the containers that belong to the same pod.
> k describe pod customersite
.......
Volumes:
...
sockets:
Type: …On Route53 you can configure record sets with associated weights as A records.
To test that the above weights translate in the right resolutions, we need to start from the …
At work we run a lot of Nginx pods, which we use to serve static files to our web apps. We specify memory limits for all pods we run and, to get an estimate of what those numbers should be, I have …
While it is possible to craft a role using wildcards in the resource names, it will not work to restrict pod/exec permissions. Let’s test this:
Let’s start with some basic RBAC rules and …
One thing that is annoying sometimes, when you want to quickly analyze with SQL some data, is that you likely have to work out what the schema is before running any insert.
With sqlite-utils, you can …