The setup should be familiar. You have an app that is ready to ship, so you put it in a docker image. Any config after that is done mostly via env vars. For anything non-trivial like e.g - mounting and parsing secrets to env vars - making sure certain default values are overriden you need an init script that calculates the var’s desired value, then exports it like export MY_CONFIG_VAR=calculated_value And once done, you’d start the app with your equivalent of ...

There’s this quote that I hate Never meet your heroes The assumption being that our heroes should be seated on pedestals and admired from afar. Meeting them will uncover their human flaws and thus they’ll lose their glory and primary function. That’s why I love Colossus’ quote from the first Deadpool movie Everyone thinks it’s a full-time job. Wake up a hero. Brush your teeth a hero. Go to work a hero. Not true. Over a lifetime, there are only four or five moments that really matter. Moments when you’re offered a choice - to make a sacrifice, conquer a flaw, save a friend, spare an enemy. In these moments, everything else falls away. ...

Language is a terrific tool to get your message across. But it exactly that, a tool. Everyone uses it for their purposes. And if it succeeds we should be happy. After all, conveying a nuanced message is hard enough in itself. This is why I’ve stopped being pedantic about small errors in syntax or grammar, unless the sender has explicitly asked for comments on that. On the other hand, it’s almost magical when you notice a skilled speaker masterfully choosing the correct word to relay their message. In just as many words, they’ve communicated volumes more. But to understand and appreciate that you need to be prepared. ...

So, suppose my app that runs on k8s needs a postgres db to write to. I’ll set up an RDS that is reachable only within my VPC. Then a dev needs to connect to that DB from their local to troubleshoot some weird issue. What do I do? The tried-and-true solution is of course some VPN. If you have the time and resources to do it right, you’re golden. If not, a VPN is a surefire way to headaches. (new authentication pool, 2FA , maintenance, split DNS, slow connection speeds etc) ...

No, not that kind of olivetin, this one :-P OliveTin is a simple web UI that can be configured via yaml to run cli commands. You add a section such as actions: - title: Restart backend icon: restart shell: docker restart main-backend and in its UI you’ll find an icon with your title that, once pressed, will execute the shell command you specifed. You can even add arguments - title: Ping host shell: ping {{ host }} icon: ping arguments: - name: host title: host type: ascii_identifier default: example.com My only slight complaint is that while it sort of supports authorization it does not support authentication. If you’re deploying it to be publicly accessible, you’d need to configure your ingress to authenticate the user and only then redirect them to the app. ...

Ancient Greeks’ contribution to the foundation of sciences in undeniable. Euclidian Geometry, that accurately describes the space around us,the concept of “mathematical proof”, Aristarchus’ heliocentric theory, the foundation of medicine by Hippocrates, philosophy as expressed by Plato, Socrates and Aristotle are few examples to support this. It’s usual and familiar, whenever tracing back to the foundation of a scientific field, to find references to Ancient Greece. So it might surprise a scholar of the history of Probability Theory that its origins date back to the 16th century. And they might rightfully wonder why did Ancient Greeks not have Probability Theory? ...

I’ve always hated adding persistence in k8s workloads. There are valid reasons to avoid it, right? Adding a PV means people can store stuff there that they expect to find, regardless of where the app is deployed/redeployed (which could be in another region/zone/cluster/node etc where the original pv is not present) Thus adding another step in the deployment process that comes usually as an afterthought and may be easily overlooked and poorly documented. ...

WFH is great! But every once in a while, internet goes down mid-workday and you’re not sure when it will be back up. You’re forced to leave in a hurry for some nearby cafe. How can you know it’s back up so you can return? I solved this once and while I’m not proud of how it worked, it worked! Prerequisite: A host in that network and a Slack workspace or other service you’re allowed to create a webhook for. ...

Suppose you have access to an S3 bucket in some AWS account. You need to get the files to another bucket (same or different AWS account I think makes no difference to my eventual point) You do your due diligence and count the objects in the origin bucket aws s3 ls s3://originBucket --recursive --summarize | grep "Total Objects:" You get the total count and start your sync aws s3 sync s3://originBucket s3://destinationBucket --delete --exact-timestamps Great. It completed successfully. Now let’s count the objects in the destination bucket ...

It’s generally a good practice to differentiate between application endpoints than need to be accessible via Internet and endpoints that need to be accessible only internally via your private VPC. But what if I need one app’s endpoint temporarily accessible to my CICD runner that’s not in the VPC? e.g a /health to know if the deployment succeeded. If you’re on AWS, you may be correctly thinking PrivateLink, VPC Endpoints etc But that may be overkill for a short-lived connection from our CICD. The apps I’m interested in run mostly in kubernetes. To access an internal endpoint from my local, I’d just kubectl port-forward ...