Rebuild From Scratch
Observant readers of this blog, refreshing every day desperate for new content, will have noticed that the last blog post - dated 2022-12-31 - actually went live in the middle of January. My k3s cluster, which had always been a bit rickety, finally gave up the ghost in late December, and two of the nodes needed to be fully reimaged before I could start it back up again.
2022 Wrap Up
One of the first posts on this blog was a retrospective on my reading in 2021 - it seems only natural to do something similar this year.
VPN on Kubernetes
I was surprised to find that there’s not much discussion of putting Kubernetes pods behind a VPN. Given how useful both tools are, you’d think more people would use them in concert.
Communication Urgency
Thesis statement: Most communication is less urgent than you think. Encoding urgency into messages as (meta)data is valuable - but building a healthy culture around and relationship with communication urgency is even more so.
Code Review on Paper
A day or so ago, news broke that engineers at Twitter - newly-owned by Phony Stark - were being asked to “print out their last 30 to 60 days of code, so they could show it to Elon Musk himself”. We saw evidence of this from Twitter employees themselves:
CI/CD/CD, Oh My!
Since leaving Amazon ~4 months ago and dedicating more time to my own personal projects (and actually trying to ship things instead of getting distracted a few days in by the next shiny project!), I’ve learned a lot more about the Open Source tools that are available to software engineers; which, in turn, has highlighted a few areas of ignorance about CI/CD Pipelines. Emulating Julia Evans, I’m writing this blog both to help lead others who might have similar questions, and to rubber-duck my own process of answering the questions.
Grafana Oncall
I’ve had several instability issues with my Kubernetes cluster recently, and so I wanted to install some monitoring to notify me of incipient issues. I’m already using Grafana dashboards to visualize the state of my cluster (using some of my own hand-crafted dashboards along with some pre-existing Kubernetes-specific ones), but that’s only useful if I happen to be looking at it at the time a problem is happening - it won’t warn me of a brewing problem (and, if the problem results in my VPN becoming unavailable while I’m away from home, that could result in complete disconnection).
Writing Poetry
Another quote from the experiences of Zakalwe, the career mercenary for the Culture.
Cloudflare Tunnel DNS
I use Cloudflare Tunnels to expose services (like this blog!) to the public Internet while remaining protected by Cloudflare’s infrastructure. While attempting to add a new service, I noticed that there were two steps required:
- Updating the configuration deployed to the tunnel daemon, mapping the internal service to its externally-accessible name
- Updating Cloudflare’s DNS entries to map the external name to the Cloudflare tunnel
Although the first step is easily automated with the cloudflare/cloudflared
image, the second isn’t so simple - there’s no single command to update all exposed sites, so the logic would need to parse the config file to determine the set of all sites, and the cloudflared
image doesn’t include tools to do so.
Being a Seagull
Another Iain M. Banks quote - this one from “Use Of Weapons”. Herein, Zakalwe, a virtuoso career mercenary who has changed the course of civilizations with assassinations, kidnappings, and sabotages, muses on what it might be like to live a simpler life.