|
Python is basically bash 2 for me, for that reason. import socket, problem solved, just find a way to make sure requests gets installed on your containers or make sure that they can reach pypi I always try to make sure all image repos have a net-tools container though which is probably the "real" answer here
|
# ? May 4, 2021 19:16 |
|
|
# ? May 15, 2024 02:56 |
|
12 rats tied together posted:Python is basically bash 2 for me, for that reason. import socket, problem solved, just find a way to make sure requests gets installed on your containers or make sure that they can reach pypi code:
|
# ? May 4, 2021 19:26 |
|
Methanar posted:
Knowing this six months ago would have saved me literal days of work.
|
# ? May 4, 2021 21:18 |
|
Methanar posted:
that's one useful little tool. Worth its size in gold.
|
# ? May 5, 2021 01:49 |
|
My most hilarious abuse of nsenter so far has been prototyping an Ansible connection plugin so that Ansible can run containerized in a pull model and still manage its own host
|
# ? May 5, 2021 22:41 |
I've seen helm charts get bashed a few times on SA - any good articles that talk about the downsides?
|
|
# ? May 7, 2021 00:13 |
|
Helm 1 used to suck. Helm 2 is good. Things that suck is it's yet another templating language. Also lots of footguns. But it's probably the best tool for the job
|
# ? May 7, 2021 00:28 |
|
golang templating engine bad Templating your values files can be a pain too. https://github.com/roboll/helmfile can help somewhat with that though.
|
# ? May 7, 2021 00:30 |
|
Methanar posted:golang templating engine bad I haven't found it to be any worse than any other templating engine. Which is to say that any tool that uses templates and is of sufficient complexity makes whatever templating engine it uses look bad.
|
# ? May 7, 2021 00:41 |
|
It's strictly worse than the many other options that exist for templating your stuff, most notably, jinja2. The helm charts I've been unfortunate enough to have to support in the past also always seem to have dozens of extremely vertical config options, these are almost always presented horribly as a borderline gibberish set of poorly documented parameters, usually with at least one hidden side effect or bug due to parameter combinations not being anticipated by the chart author. Helm also provides no safety or uptime guarantees, since it does not actually do anything for you but load some vars and then yaml.dump(), so you're at the mercy of the chart author again as to whether or not "helm update" is going to take down your application or if it's a no downtime upgrade. Similarly, there's no guarantee that helm rollback actually works, a super cool thing I've run into here is that Deployments that target a StatefulSet can't be interrupted or rollbacked once they start, you have to wait for them to finish or you have to start force deleting poo poo, which is super cool if it comes from a poorly written helm chart instead of an actual application constraint. If you just cannot read the API spec and turn your requirements into a deployment manifest for whatever reason, it's an OK tool. It will let you curl bash into production, but on kubernetes this time. e: the helm values file for airflow is 1500 lines long for example, which ended up being like 10 lines of ansible variables instead. 12 rats tied together fucked around with this message at 00:46 on May 7, 2021 |
# ? May 7, 2021 00:41 |
|
helms state management is also garbage. There's no equivalent of terraform import or state surgery, or the -target flag, which god help you if you ever need it. It's somewhat hard to use, and really hard to use properly.
|
# ? May 7, 2021 00:48 |
|
It's really easy to copy paste from a blog article, which is where I suspect its popularity came from.
|
# ? May 7, 2021 00:51 |
|
12 rats tied together posted:It's really easy to copy paste from a blog article, which is where I suspect its popularity came from. Helm came before kustomize. The other early alternative was ksonnet which was somehow even more user hostile
|
# ? May 7, 2021 00:54 |
|
12 rats tied together posted:It's strictly worse than the many other options that exist for templating your stuff, most notably, jinja2. The helm charts I've been unfortunate enough to have to support in the past also always seem to have dozens of extremely vertical config options, these are almost always presented horribly as a borderline gibberish set of poorly documented parameters, usually with at least one hidden side effect or bug due to parameter combinations not being anticipated by the chart author. I was talking about the templating engine, not helm. Helm is a mess. But unfortunately, so is pointing at a 1500 line file that's 95% comments that document each value and comparing it to bespoke ansible configs.
|
# ? May 8, 2021 05:17 |
Vulture Culture posted:My most hilarious abuse of nsenter so far has been prototyping an Ansible connection plugin so that Ansible can run containerized in a pull model and still manage its own host Now this is podracing!
|
|
# ? May 8, 2021 14:21 |
|
Vulture Culture posted:My most hilarious abuse of nsenter so far has been prototyping an Ansible connection plugin so that Ansible can run containerized in a pull model and still manage its own host Container escape, but for justice!
|
# ? May 8, 2021 14:54 |
|
Jenkins? More like Jank ins
|
# ? May 11, 2021 23:51 |
|
Methanar posted:Jenkins? You can sync your watch to their CVE reports.
|
# ? May 12, 2021 00:35 |
|
The popular term I saw used before was Junkins
|
# ? May 12, 2021 02:15 |
|
Does anyone use process supervision in containers and if so, what are you using? I know it's an anti pattern and it makes people treat containers as VMs, but I need something that gracefully shuts down an of the shelf app instead of terminating. I've grown to like s6, but there's so many options (runit, monoit, supervisord, tini, dumb-init, suckless) I was wondering what others are using.
|
# ? May 12, 2021 08:20 |
|
LochNessMonster posted:Does anyone use process supervision in containers and if so, what are you using? I know it's an anti pattern and it makes people treat containers as VMs, but I need something that gracefully shuts down an of the shelf app instead of terminating. Use a preStop hook. https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8 https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers
|
# ? May 12, 2021 08:27 |
|
Methanar posted:Use a preStop hook. This particular case was for ECS/Fargate so that wasn’t an option. Gonna bookmark that for future reference though.
|
# ? May 12, 2021 12:44 |
|
LochNessMonster posted:Does anyone use process supervision in containers and if so, what are you using? I know it's an anti pattern and it makes people treat containers as VMs, but I need something that gracefully shuts down an of the shelf app instead of terminating. Many of these supervisors feel like they're part of this legacy of indecipherable tools (runit is the absolute worst) that have at least several obsessive users, but don't actually solve the core problem elegantly enough to justify the complexity they bring to the table
|
# ? May 25, 2021 03:37 |
|
yaml doesn't auto recognize a string as a string if it starts with { that is all
|
# ? May 26, 2021 01:59 |
|
left curly brace is reserved as an indicator character that designates the start of a mapping, so it isn't actually a string (to YAML anyway)
|
# ? May 26, 2021 05:44 |
|
I mean, YAML being a superset of JSON in theory I figured it would be a Bad Idea to try to even think about using braces without knowing exactly their function.
|
# ? May 26, 2021 14:41 |
|
That sort of poo poo is inevitable when the spec doesn't require quoting strings. I hate working with json more than I hate working with yaml, but at least json has that going for it. (though to be fair I hate both of them for a lot of reasons, there just isn't anything better out there and it's hard to compete with their inertia)
|
# ? May 26, 2021 14:57 |
|
Methanar posted:yaml doesn't auto recognize a string as a string if it starts with { Not to make light of your situation, but I never regret installing linters on my text editors. It's not always possible to install linters on headless servers you don't control, but it's certainly saved me hundreds of hours of debug
|
# ? May 26, 2021 14:57 |
|
Hadlock posted:Not to make light of your situation, but I never regret installing linters on my text editors. It's not always possible to install linters on headless servers you don't control, but it's certainly saved me hundreds of hours of debug Editing on the server is haram. it happens all the time
|
# ? May 26, 2021 15:05 |
|
Both statements are true
|
# ? May 26, 2021 15:10 |
|
you can use the string type tag to force any value to be a string, which will fully work as long as you don't also break the parser by inserting a mapping fragment, a comment, an anchor, etc. it's very normal for syntaxes to have reserved characters
|
# ? May 26, 2021 15:37 |
|
12 rats tied together posted:it's very normal for syntaxes to have reserved characters Yeah but yaml is insane https://stackoverflow.com/questions/3790454/how-do-i-break-a-string-in-yaml-over-multiple-lines/21699210#21699210 Multiline strings are an extreme case and not related to OP at all but it is a good example of yaml being on drugs.
|
# ? May 26, 2021 16:06 |
|
i don't agree with it, the answer is a bad interpretation of the spec and yaml's behavior. there are 2 ways to express block scalars, the | (literal) and > (folded) indicators. adding "keep" to the folded indicator doesn't create a third style, it's just different configuration. similarly, being able to express that newlines should be implicitly indented with between 1 and 9 whitespace characters is not 9 new indicators as for flow scalars (which seems to be the source of most of the frustration of the stack overflow answer), the weaknesses of each are called out explicitly in the specification, along with a note that they are provided for the possibility where they are more expressive and readable than the alternatives the general take that yaml is way more complicated than it is appears is something that i agree with, though, and is why i always recommend that people read the spec first with any questions before searching stack overflow
|
# ? May 26, 2021 16:32 |
|
Hadlock posted:Not to make light of your situation, but I never regret installing linters on my text editors. It's not always possible to install linters on headless servers you don't control, but it's certainly saved me hundreds of hours of debug Any place I've been at that doesn't already have it, one of the first things I do / push for is a pre-receive hook that "If it ends in .json and isn't in a dirpath called test then it passes jslint or the push is rejected." Last place it fired about twice a week from non-engineering people wanting to ignore tools and hand edit json. No amount of sitting with them to improve the tools led to any change of behavior.
|
# ? May 26, 2021 16:36 |
|
Hadlock posted:Not to make light of your situation, but I never regret installing linters on my text editors. It's not always possible to install linters on headless servers you don't control, but it's certainly saved me hundreds of hours of debug In my specific case my yaml value was the output of a j2 render so it wasn't entirely obviously that what I was working on ultimately rendered out to a string that started with { Normally I'd be as suspicious about a { as I would a string literal "
|
# ? May 26, 2021 20:32 |
|
Methanar posted:In my specific case my yaml value was the output of a j2 render so it wasn't entirely obviously that what I was working on ultimately rendered out to a string that started with { My usual hack to work around this in Ansible (so I know this works in PyYAML, at least) without having to start with a double quote is to use a line continuation and then PyYAML's fine with it, e.g. code:
code:
|
# ? May 27, 2021 02:54 |
|
This has been an awful day in an awful week. Someone implied to me that some issue from 2 months ago was my fault, which is total bullshit.
|
# ? May 27, 2021 20:44 |
Methanar posted:This has been an awful day in an awful week. That's a bummer Blame should never be placed at the individual level. It's always a combined effort between dev, code reviewers, QA, PM, automation, and managers not only successes, but also failures.
|
|
# ? May 27, 2021 21:10 |
|
That's one of the reasons I've become a huge fan of the five whys - you take personal blame out of it. Even if the outage was really and completely someone's fault, even if I caused it because I was the dumbass who didn't realize I was logged into production when I deleted the tables, you take the time to say, "Why did Zorak screw up like that? Was he overworked? Undertrained? Documentation not in place?" Edit: Which in turn means that management should immediately quash anyone who just wants to blame people.
|
# ? May 27, 2021 22:50 |
|
|
# ? May 15, 2024 02:56 |
Hi all, Dont suppose anyone has or know where to find a handy script that could check for AWS creds that are >90 days since last used and disables them. Im trying to automate this into a lambda function as sack doing this manually.
|
|
# ? Jun 1, 2021 10:05 |