skiold

Introducing Conduit

In progress thoughts about introducing Conduit into our clusters.

CD pipelines

All our Kubernetes manifests are defined in Git and applied to the cluster via automated deployment pipelines. The standard procedure to deploy is to introduce a change to this git repo (these changes are themselves automated), which is then applied to the k8s cluster.

Conduit is a departure from this because it encourages an injection process which relies on an out of repo dependency (other than kubernetes itself). The objects that end up in Kubernetes are NOT defined in Git, and are a function of our own manifests plus the version of Conduit that happens to be installed locally (in the CD environment). This makes people nervous.

skiold

#!/bin/bash

HOSTS=(PUT, YOUR, HOSTS, HERE)
CMD="tail -f logs/api.log"

echo "Hit CTRL-C to stop"
sleep 0.5
PIDS=""
for host in ${HOSTS[*]}
do

skiold

Docker - How to cleanup (unused) resources

Once in a while, you may need to cleanup resources (containers, volumes, images, networks) ...

delete volumes

// see: https://github.com/chadoe/docker-cleanup-volumes

$ docker volume rm $(docker volume ls -qf dangling=true)

$ docker volume ls -qf dangling=true | xargs -r docker volume rm

skiold

# using such a setup requires `apt-get install lua-nginx-redis` under Ubuntu Trusty
# more info @ http://wiki.nginx.org/HttpLuaModule#access_by_lua

http {
  lua_package_path "/etc/nginx/include.d/?.lua;;";
  lua_socket_pool_size 100;
  lua_socket_connect_timeout 10ms;
  lua_socket_read_timeout 10ms;
  
  server {

skiold

### Add those lines after *filter near the beginning of the file
:ufw-http - [0:0]
:ufw-http-logdrop - [0:0]



### Add those lines near the end of the file

### Start HTTP ###

skiold

#!/bin/bash
#
# Report time to first byte for the provided URL using a cache buster to ensure
# that we're measuring full cold-cache performance

while (($#)); do
    echo $1
    curl -so /dev/null -H "Pragma: no-cache" -H "Cache-Control: no-cache" \
        -w "%{http_code}\tPre-Transfer: %{time_pretransfer}\tStart Transfer: %{time_starttransfer}\tTotal: %{time_total}\tSize: %{size_download}\n" \
        "$1?`date +%s`"

skiold

import Options.Applicative
import Control.Monad

parser :: Parser (IO ())
parser = subparser $
       command "add" (info (helper <*> addMode) mempty)
    <> command "test" (info (pure $ putStrLn "testing") mempty)
  where
    addMode :: Parser (IO ())
    addMode = subparser $

skiold

#
# This config file is a combination of ideas from:
#   http://www.37signals.com/svn/posts/1073-nuts-bolts-haproxy
#   http://www.igvita.com/2008/05/13/load-balancing-qos-with-haproxy/
#   http://wiki.railsmachine.com/HAProxy
#   http://elwoodicious.com/2008/07/15/nginx-haproxy-thin-fastcgi-php5-load-balanced-rails-with-php-support/
#   http://upstream-berlin.com/2008/01/09/using-haproxy-with-multiple-backends-aka-content-switching/
#   http://wiki.railsmachine.com/HAProxy
#   http://gist.github.com/raw/25482/d39fb332edf977602c183194a1cf5e9a0b5264f9
#

skiold

These are only examples, for a few very common actions. You are expected to write your own rules for the rest. The syntax is regular JavaScript, but see the polkit(8) manpage for the object structure and available API.

• If you don't know the action name, run pkaction:

  pkaction | grep cups
  

• The possible results are YES, AUTH_SELF(_KEEP), AUTH_ADMIN(_KEEP), NO. Returning a result is final. Returning null will continue checking other rules.

• Put your rules in /etc/polkit-1/rules.d/*.rules. (You can check everything in one giant addRule, or you can have a separate file and separate addRule for each program; it doesn't matter.)

skiold

tmux cheat sheet

(C-x means ctrl+x, M-x means alt+x)

Prefix key

The default prefix is C-b. If you (or your muscle memory) prefer C-a, you need to add this to ~/.tmux.conf:

remap prefix to Control + a