Today I Learnt FM

Some things I learnt recently...

Terraform can automatically dedent multiline strings on

You can use heredoc markers to define strings in HCL that span multiple lines. There is also a way to automatically strip out all extra indentation that may have in it, by using the <<- …

AWS throttles DNS requests to the VPC resolver on

At work we use CoreDNS to forward queries to the VPC resolver, as we run most of our services in Kubernetes. What that means is that we are routing all DNS queries through a few machines, and we …

What is the difference between include and template functions in helm on

The difference between the two functions is that the result of template cannot be chained with another function, while include can.

Please note that the template function is included in the Go …

Routing in AWS checks that source IP or destination IP is respected on

A EC2 instance that you launch is only allowed to receive traffic if the destination IP matches what the DHCP server assigned. Similarly, a EC2 instance is allowed to use a certain IP as source only …

Cluster autoscaler does not scale down nodes when pods have in-memory storage attached on

In some of our pods we use a temporary storage, to exchange data between the containers that belong to the same pod.


> k describe pod customersite
.......
Volumes:
...
  sockets:
    Type: …
How to test weighted DNS A records on

On Route53 you can configure record sets with associated weights as A records.

weighted a records
weighted a records

To test that the above weights translate in the right resolutions, we need to start from the …

That pod memory limits include page cache on

At work we run a lot of Nginx pods, which we use to serve static files to our web apps. We specify memory limits for all pods we run and, to get an estimate of what those numbers should be, I have …

You cannot restrict pod/exec permission to subsets of pods in a namespace on

While it is possible to craft a role using wildcards in the resource names, it will not work to restrict pod/exec permissions. Let’s test this:

Let’s start with some basic RBAC rules and …

Sqlite-utils can work out database schemas on

One thing that is annoying sometimes, when you want to quickly analyze with SQL some data, is that you likely have to work out what the schema is before running any insert.

With sqlite-utils, you can …

To use 'script' to record terminal input output on

script is a binary included in Ubuntu that can be used to record activity in a shell. It can optionally record timings too, to get exactly the same experience when replaying the recorded activity. …

How to remove elements from lists in Terraform on

You can remove specific elements from a list or a set with this syntax


$ terraform console

> [for i in [1, 2, 3, 4, 5]: i if i != 3]
[
  1,
  2,
  4,
  5,
]
> toset([for i in toset([1, 2, 3, …
That you can impersonate pods in K8s on

Useful feature when you are developing against a cluster API is to act as the pod where your feature will be deployed.

In Kubernetes every pod is automatically assigned a service account. This is …

You can create JSON payloads with JQ on

JQ can be used to create JSON objects of a certain shape, with the help of a few command line options.

You can use --argjson to load JSON objects into variables that can then be referenced by $name. …

That you can use kubectl to view/patch ArgoCD running parameters on

ArgoCD exposes its own set of K8s custom resources when installed on a cluster:


 k get crds
NAME                                         CREATED AT
applications.argoproj.io …
How to include AWS-specific info when using kubectl get nodes on

The standard configuration when using kubectl get nodes is meant to be working for any cluster, therefore does not include any specific information about the K8s distribution you are using.

At work we …

Page 1