Skip to content

Instantly share code, notes, and snippets.

View the-maldridge's full-sized avatar

Michael Aldridge the-maldridge

134 followers · 6 following
View GitHub Profile
@the-maldridge
the-maldridge / README.md
Last active April 13, 2022 16:50
Prefect on Nomad

Prefect

Prefect is a workflow engine that manages the directed acyclic graph as a generated artifact from its individual nodes. It is a highly performant system that can scale across an external Dask cluster for pretty insane throughput.

Prefect does not currently have a nomad provider, so this file uses the local agent running in docker instead.

@the-maldridge
the-maldridge / README.md
Created August 5, 2021 15:56
Pomerium on Nomad with Traefik

Pomerium on Nomad - Forward Auth

Pomerium is a potential implementation of a BeyondCorp architecture that is similar to ORY OathKeeper or GCP IAP. This architecture is a newer security model than traditional VPNs and allows you to guard your internal services while still having them be directly internet facing. This makes both your individual machine story much easier as well as your BYOD story.

Pomerium has several limitations that may make it unsuitable for your network.

  • In order to work with a consul service mesh you are limited to forward-auth mode. This has only limited upstream support and can be fiddly to get working due to questionable documentation surrounding it both with proxy implementations and with Pomerium itself.
  • Even though Pomerium isn't proxying the traffic, the policy that you can create is limited by what Envoy (which is vendored into Pomerium as a binary artifact...) is capable of matching. This is why Pomerium has a static port attached to its consul service registratio
@the-maldridge
the-maldridge / README.md
Last active July 8, 2022 13:24

Loki is a complex, unfriendly service that can sometimes store your logs. It does this via multiple services to handle the overhead of working with unstructured text inherent to working with logs. Its a massive set of microservices with the operational complexity inherent to the larger k8s ecosystem (read: upstream answers all questions in terms of kubernetes), but with some effort it can be made to run on Nomad.

@the-maldridge
the-maldridge / keybase.md
Created October 25, 2018 01:57

Keybase proof

I hereby claim:

  • I am the-maldridge on github.
  • I am maldridge (https://keybase.io/maldridge) on keybase.
  • I have a public key ASAvfDMQuLHiiPRYLVec-R_0IDiLTrJjzzsWrMNg9EzIrAo

To claim this, I am signing this object: