Scotts Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers,

Time 2020-11-22 18:04:44

Web Name: Scotts Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers,

WebSite: http://blog.scottlowe.org

ID:124048

Keywords:

an,of,pro,Cloud,Containers,Kubernetes,K8s,Docker,CNI,CRI-O,OCI,Linux,CLI,Network

Description:

Scott s Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking Review: CPLAY2air Wireless CarPlay Adapter 10 Nov 2020 In late September, I was given a CPLAY2air wireless CarPlay adapter as a gift. Neither of my vehicles support wireless CarPlay, and so I was looking forward to using the CPLAY2air device to enable the use of CarPlay without having to have my phone plugged into a cable. Here s my feedback on the CPLAY2air device after about six weeks of use.In general, the device works reasonably well. Setup with the factory radio in my GMC Sierra truck was pretty straightforward, and only took a few minutes. Since then, the device connects to my phone every time I start the vehicle, and all CarPlay functions music, maps, Siri, sending/reading messages, etc. all work as expected. I can leave my phone in my pocket and still gain all the benefits of CarPlay, which is incredibly convenient.The CPLAY2air is not without a few caveats, however. The wireless connection between the CPLAY2air and my iPhone does introduce some noticeable latency. When switching music tracks, for example, it will take between one and three seconds to stop playing the old track and start playing the new track. (By comparison, the same operation using traditional wired CarPlay is nearly instantaneous.) Similarly, when talking on the phone, there is latency in the conversation almost like the latency one might experience on international calls. Fortunately, the latency does not adversely affect the ability to use Siri, even though the latency is still there.The other noticeable caveat regarding the CPLAY2air is the startup time. It often takes several minutes after I start the vehicle before the CPLAY2air makes the necessary connection to my iPhone and to the factory radio and wireless CarPlay starts working. Occasionally there will be an error connecting (this is reflected with an error message on the screen) and it takes even longer to retry. In general, though, this is more of a be aware of this -type item as opposed to a significant limitation.Despite these drawbacks, I remain a fan of the CPLAY2air for the added convenience it offers.Feel free to contact me on Twitter if you have any questions, or if you d like to share your experience with this device (or related devices). Thanks for reading! Resizing Windows to a Specific Size on macOS 8 Nov 2020 I recently had a need (OK, maybe more a desire than a need) to set my browser window(s) on macOS to a specific size, like 1920x1080. I initially started looking at one of the many macOS window managers, but after reading lots of reviews and descriptions and still being unclear if any of these products did what I wanted, I decided to step back to using AppleScript to accomplish what I was seeking. In this post, I ll share the solution (and the articles that helped me arrive at the solution).My first stop was this blog post by Ethan Banks. I tried replicating the AppleScript he used, but couldn t get it to work. I m still running macOS 10.14 Mojave, so perhaps his code was specific to macOS 10.15 Catalina. I moved on, never realizing there was another section to his post that had the information I needed (and would eventually find). Let that be a lesson to be sure to read the entire post next time.Moving on, I arrived at this post. OK, this used a different mechanism than Ethan s post. I tried it, and it sort of worked, but it didn t create the window geometry I was expecting. As I ll later learn, it was just due to an incomplete understanding on my part of how the set bounds command works in AppleScript.Finally, I found this article that shared how to use AppleScript in conjunction with Automator to create a macOS Service to resize the current window of the active application. After trying it for a while, and not getting the results I wanted, I started digging again to see what it was that I was doing wrong.I found the answer to what I was doing wrong here. The parameters to the set bounds command had been illustrated as x-position, y-position, width, height, but they should be more accurately described as starting-x-position, starting-y-position, ending-x-position, ending-y-position. My mistake was that I was providing the desired window size (like 1920x1080 or 1280x720) as the last two parameters, when what I needed to be providing was the desired window size plus the starting X and Y position, respectively. So, if the window was placed 300 pixels away from the left edge and I wanted to the window to be 1920 pixels wide, then the third parameter needed to be 2220 (300 + 1920 = 2220). Ah! I had seen one of the examples doing this but didn t understand why, so I hadn t included the portion of the code. Once I fixed my code accordingly, then it started working exactly as expected.(This piece of missing information, by the way, is also found at the bottom of Ethan s post the one I started with. Go figure!)Nothing earth-shattering here, I know, but I wanted to share it nevertheless just in case it would benefit others. Contact me on Twitter if you have any questions. Technology Short Take 133 6 Nov 2020 Welcome to Technology Short Take #133! This time around, I have a collection of links featuring the new Raspberry Pi 400, some macOS security-related articles, information on AWS Nitro Enclaves and gVisor, and a few other topics. Enjoy!NetworkingPratik Mankad shows how to use DNS hostnames as targets for an AWS NLB. If we re honest, it s a bit of a hack; it uses AWS Lambda to periodically resolve the hostname and update the NLB target IP address(es) accordingly. Native DNS hostname support in NLBs would be a far better solution.Netflix has a good post on how they use prioritized load shedding to provide a good user experience during system outages.The Raspberry Pi 400 is a neat offering. See this post for more details.Raphael Yoshiga provides an Azure-to-AWS mapping of services.Ben Bridts has four tips to help you level up your CloudFormation usage.Chip Zoller explains how to use custom registries with Tanzu Kubernetes Grid (TKG). His method is enabled by the fact that TKG leverages Cluster API, and Cluster API builds on other community efforts like kubeadm. (See, this is why learning kubeadm still has value in a Cluster API-based world!)Validating Kubernetes manifests in some sort of automated fashion is something I ve been interested in for a while (I ve had a draft blog post sitting around for nigh on a year now), and kube-linter falls right into that area. Check out the kube-linter GitHub repository, and read the Stackrox blog post announcing the project.vSphere administrators may find this guide to day 2 operations with Tanzu Kubernetes Grid helpful.Google has a guide on how users can help prepare their Google Cloud environments for the Docker Hub pull request limits that will, by the time this post is published, have been live for almost two weeks.Forrest Brazeal provides his take on the rumor that AWS will announce a multi-cloud management tool.I haven t (yet) had the chance to walk through it, but this tutorial looks to be very promising, providing exposure to both AWS Lambda and using Go. It s definitely on my list!David Stevens has a write-up on how to backup vCenter v7 using SMB.AWS Nitro Enclaves look like very interesting technology; see this blog post from AWS. Also, this post by Aidan Steele has some great information on Nitro Enclaves as well. If I m honest, this is an opportunity VMware should have capitalized on a long time ago with vSphere. (If you re wondering why this is under the Virtualization section, go read the blog post!)Sam Perrin has a list of useful automation/orchestration resources.Ian Lewis and Michael Pratt have a good post on gVisor and how it uses the concept of a platform in its functionality.That s all I have for now hopefully you found something useful and informative! Feel free to hit me on Twitter if you have any feedback or suggestions for improvement. I m also open to items that I should consider for inclusion in a future Tech Short Take. Technology Short Take 132 23 Oct 2020 Welcome to Technology Short Take #132! My list of links and articles from around the web seems to be a bit heavy on security-related topics this time. Still, there s a decent collection of networking, cloud computing, and virtualization articles as well as a smattering of other topics for you to peruse. I hope you find something useful!NetworkingI think a fair number of folks may not be aware that the Nginx ingress controller for Kubernetes both the community version and the Nginx-maintained open source version do suffer from timeouts and errors resulting from changes in the back-end application s list of endpoints (think pods being added or removed). This performance testing post lays out all the details. In particular, see the section titled Timeout and Error Results for the Dynamic Deployment. Ivan Pepelnjak attempts to answer the question, How much do I need to know about Linux networking? Speaking of Linux networking Marek Majkowski of Cloudflare digs deep into conntrack, used for stateful firewalling functionality.Normally I talk about server hardware and such here, but with so much moving to public cloud providers, let s expand that focus a little bit: in this post, Jeramiah Dooley provides his perspective on the Surface Duo after a month of use.I recently stumbled across this utility to help protect your macOS-based system against persistent malware.I m not sure if I should put this under Hardware or here under Security : Apple s T2 chip has an unfixable vulnerability that could lead to significant system compromise. There s more detail available in this post as well.Here s an interesting read: the story of some security researchers who hacked on Apple for three months.Brad Geesaman has a write-up on CVE-2020-15157, aka ContainerDrip, that you may want to review.Intel has released a security advisory for BlueZ, which is related to Bluetooth support in the Linux kernel.It appears that Apple may have left themselves a network backdoor in macOS Big Sur. This article provides links to a Twitter thread that outlines the backdoor in more detail, but the gist of the situation is that kernel extensions have been deprecated in Big Sur and their replacement appears not to affect some Apple applications (most notably the App Store).Brandon Willmott has a post outlining the important directories to know when working with Kubernetes (it s also helpful for the CKA exam).Docker recently open-sourced the Docker Compose integration for Amazon ECS and Microsoft ACI. This code hasn t made it into the docker-compose CLI yet. This Docker blog post has more details.This is a slightly older post, but Rich Burroughs has a nice summary/recap of KubeCon EU 2020.Ahmed Bham and Marcelo Boeira of AWS have a walkthrough for migrating a self-managed Kubernetes cluster on EC2 to Amazon EKS.Yann Hamon of Contentful shares that they have open-sourced a Kubernetes operator to sync Kubernetes Secrets from AWS Secrets Manager.In this post, Docker shares they they are delaying the enforcement of their new image retention policy, and reminds folks of the image pull rate limits that are due to start on November 1. I know that Docker Hub must consume enormous resources for the company (and thus has a large associated cost), but limiting the ubiquity of Docker Hub and thus driving developers/users elsewhere seems shortsighted. I guess time will tell.Duncan Epping walks readers through VMware Cloud Disaster Recovery, which if I m reading this correctly is the evolution of the Datrium product.Alex Edwards has compiled a list of surprises and gotchas that come from working with Go s encoding/json package.Ben Kuhn shares some information on how to create more immersive video calls.In a post written in the context of network engineers learning automation tools, Ethan Banks shares that you don t need to become a developer but simply use their tools. I think that this maxim holds true for other disciplines as well, not just network engineers.That s all for now, folks! Thanks for taking the time to read, and I hope that I was able to share something you ll find useful. If you have any feedback on this post, or on the site in general, feel free to hit me on Twitter. I d love to hear your feedback! Considerations for using IaC with Cluster API 8 Oct 2020 In other posts on this site, I ve talked about both infrastructure-as-code (see my posts on Terraform or my posts on Pulumi) and somewhat separately I ve talked about Cluster API (see my posts on Cluster API). And while I ve discussed the idea of using existing AWS infrastructure with Cluster API, in this post I wanted to try to think about how these two technologies play together, and provide some considerations for using them together.I ll focus here on AWS as the cloud provider/platform, but many of these considerations would also apply in concept, at least to other providers/platforms.In no particular order, here are some considerations for using infrastructure-as-code and Cluster API (CAPI) specifically, the Cluster API Provider for AWS (CAPA) together:If you re going to need the CAPA workload clusters to have access to other AWS resources, like applications running on EC2 instances or managed services like RDS, you ll need to use the additionalSecurityGroups functionality, as I described in this blog post.The AWS cloud provider requires certain tags to be assigned to resources (see this post for more details), and CAPI automatically provisions new workload clusters with the AWS cloud provider when running on AWS. Thus, you ll want to make sure that the IaC tool you re using is assigning the correct tags on the AWS resources.Continuing on the tag theme, you ll also need to make sure that the tags match the cluster name assigned in the workload cluster YAML manifest. So, for example, if your workload cluster YAML manifest defines a cluster name of blue , the AWS tag must be kubernetes.io/cluster/blue. Otherwise, the AWS cloud provider won t function correctly.When it comes to bastion hosts, both CAPA and your IaC tool of choice can create them. You ll probably want to have them handled by the IaC tool (presumably you have other AWS resources you re managing to which you may also need access), in which case the first bullet point above about using the additionalSecurityGroups functionality to enable access to other AWS resources applies.CAPA will need access to information about the infrastructure it is consuming. Per the upstream docs, CAPA needs the VPC ID and the IDs of all the subnets. Ideally, you ll want some sort of automated (or relatively automated) means of getting this information out of your IaC solution and into CAPA. For a few ideas of how this might be done with Pulumi, check out this repository that I created to accompany my Cloud Engineering Summit session.Keep in mind that using IaC to manage infrastructure but using CAPI/CAPA to manage your Kubernetes clusters creates a split management scenario. One potential benefit to CAPI/CAPA is that it can handle the lifecycle of both Kubernetes clusters and the underlying infrastructure. Leveraging IaC with CAPI/CAPA means giving up that potential benefit. On the flip side, using IaC for infrastructure may provide greater flexibility and more options for customization. As with so many things in technology, making this decision is all about weighing the trade-offs.No doubt there are more considerations worth discussing, but this short list should get you started. Feel free to contact me on Twitter or find me on the Kubernetes Slack if you re interested in talking more about this topic. Technology Short Take 131 2 Oct 2020 Welcome to Technology Short Take #131! I m back with another collection of articles on various data center technologies. This time around the content is a tad heavy on the security side, but I ve still managed to pull in articles on networking, cloud computing, applications, and some programming-related content. Here s hoping you find something useful here!Read more... Updating AWS Credentials in Cluster API 2 Sep 2020 I ve written a bit here and there about Cluster API (aka CAPI), mostly focusing on the Cluster API Provider for AWS (CAPA). If you re not yet familiar with CAPI, have a look at my CAPI introduction or check the Introduction section of the CAPI site. Because CAPI interacts directly with infrastructure providers, it typically has to have some way of authenticating to those infrastructure providers. The AWS provider for Cluster API is no exception. In this post, I ll show how to update the AWS credentials used by CAPA.Read more... Behavior Changes in clusterawsadm 0.5.5 31 Aug 2020 Late last week I needed to test some Kubernetes functionality, so I thought I d spin up a test cluster really quick using Cluster API (CAPI). As often happens with fast-moving projects like Kubernetes and CAPI, my existing CAPI environment had gotten a little out of date. So I updated my environment, and along the way picked up an important change in the default behavior of the clusterawsadm tool used by the Cluster API Provider for AWS (CAPA). In this post, I ll share more information on this change in default behavior and the impacts of that change.Read more... Technology Short Take 130 21 Aug 2020 Welcome to Technology Short Take #130! I ve had this blog post sitting in my Drafts folder waiting to be published for almost a month, and I kept forgetting to actually make it live. Sorry! So, here it is better late than never, right?Read more... Creating an AWS ELB using Pulumi and Go 29 Jul 2020 In case you hadn t noticed, I ve been on a bit of a kick with Pulumi and Go recently. There are two reasons for this. First, I have a number of learning projects (things that I decide I d like to try or test) that would benefit greatly from the use of infrastructure as code. Second, I ve been working on getting more familiar with Go. The idea of combining both those reasons by using Pulumi with Go seemed natural. Unfortunately, examples of using Pulumi with Go seem to be more limited than examples of using Pulumi with other languages, so in this post I d like to share how to create an AWS ELB using Pulumi and Go.Read more... Review: Anker PowerExpand Elite Thunderbolt 3 Dock 24 Jul 2020 Over the last couple of weeks or so, I ve been using my 2017 MacBook Pro (running macOS Mojave 10.14.6) more frequently as my daily driver/primary workstation. Along with it, I ve been using the Anker PowerExpand Elite 13-in-1 Thunderbolt 3 Dock. In this post, I d like to share my experience with this dock and provide a quick review of the Anker PowerExpand Elite.Read more... Technology Short Take 129 17 Jul 2020 Welcome to Technology Short Take #129, where I ve collected a bunch of links and references to technology-centric resources around the Internet. This collection is (mostly) data center- and cloud-focused, and hopefully I ve managed to curate a list that has some useful information for readers. Sorry this got published so late; it was supposed to go live this morning!Read more... Working Around Docker Desktop s Outdated Kubernetes Version 8 Jul 2020 As of the time that I published this blog post in early July 2020, Docker Desktop for macOS was at version 2.2.0.4 (for the stable channel). That version includes a relatively recent version of the Docker engine (19.03.8, compared to 19.03.12 on my Fedora 31 box), but a quite outdated version of Kubernetes (1.15.5, which isn t supported by upstream). Now, this may not be a problem for users who only use Kubernetes via Docker Desktop. For me, however, the old version of Kubernetes specifically the old version of kubectl causes problems. Here s how I worked around the old version that Docker Desktop supplies. (Also, see the update at the bottom for some additional details that emerged after this post was originally published.)Read more... Creating an AWS Security Group using Pulumi and Go 1 Jul 2020 In this post, I m going to share some examples of how to create an AWS security group using Pulumi and Go. I m sharing these examples because as of this writing the Pulumi site does not provide any examples on how this is done using Go. There are examples for the other languages supported by Pulumi, but not for Go. The syntax is, to me at least, somewhat counterintuitive, although I freely admit this could be due to the fact that I am still pretty new to Go and its syntax.Read more... Adopting the Default Route Table of an AWS VPC using Pulumi and Go 25 Jun 2020 Up until now, when I used Pulumi to create infrastructure on AWS, my code would create all-new infrastructure: a new VPC, new subnets, new route tables, new Internet gateway, etc. One thing bothered me, though: when I created a new VPC, that new VPC automatically came with a default route table. My code, however, would create a new route table and then explicitly associate the subnets with that new route table. This seemed less than ideal. (What can I say? I m a stickler for details.) While building a Go-based replacement for my existing TypeScript code, I found a way to resolve this duplication of resources. In this post, I ll show you how to adopt the default route table of an AWS VPC so that you can manage it in your Pulumi code.Read more... Getting AWS Availability Zones using Pulumi and Go 24 Jun 2020 I ve written several different articles on Pulumi (take a look at all articles tagged Pulumi ), the infrastructure-as-code tool that allows users to define their infrastructure using a general-purpose programming language instead of a domain-specific language (DSL). Thus far, my work with Pulumi has leveraged TypeScript, but moving forward I m going to start sharing more Pulumi code written using Go. In this post, I ll share how to use Pulumi and Go to get a list of Availability Zones (AZs) from a particular region in AWS.Read more... Fixes for Some Vagrant Issues on Fedora 23 Jun 2020 Yesterday I needed to perform some testing of an updated version of some software that I use. (I was conducting the testing because this upgrade contained some breaking changes, and needed to understand how to mitigate the breaking changes.) So, I broke out Vagrant (with the Libvirt provider) on my Fedora laptop and promptly ran into a couple issues. Fortunately, these issues were relatively easy to work around, but since the workarounds were non-intuitive I wanted to share them here for the benefit of others.Read more... Technology Short Take 128 19 Jun 2020 Welcome to Technology Short Take #128! It looks like I m settling into a roughly monthly cadence with the Technology Short Takes. This time around, I ve got a (hopefully) interesting collection of links. The collection seems a tad heavier than normal in the hardware and security sections, probably due to new exploits discovered in Intel s speculative execution functionality. In any case, here s what I ve gathered for you. Enjoy!Read more... Using kubectl via an SSH Tunnel 16 Jun 2020 In this post, I d like to share one way (not the only way!) to use kubectl to access your Kubernetes cluster via an SSH tunnel. In the future, I may explore some other ways (hit me on Twitter if you re interested). I m sharing this information because I suspect it is not uncommon for folks deploying Kubernetes on the public cloud to want to deploy them in a way that does not expose them to the Internet. Given that the use of SSH bastion hosts is not uncommon, it seemed reasonable to show how one could use an SSH tunnel to reach a Kubernetes cluster behind an SSH bastion host.Read more... Making it Easier to Get Started with Cluster API on AWS 10 Jun 2020 I ve written a few articles about Cluster API (you can see a list of the articles here), but even though I strive to make my articles easy to understand and easy to follow along many of those articles make an implicit assumption: that readers are perhaps already somewhat familiar with Linux, Docker, tools like kind, and perhaps even Kubernetes. Today I was thinking, What about folks who are new to this? What can I do to make it easier? In this post, I ll talk about the first idea I had: creating a bootstrapper AMI that enables new users to quickly and easily jump into the Cluster API Quick Start.Read more...

TAGS:an of pro Cloud Containers Kubernetes K8s Docker CNI CRI-O OCI Linux CLI Network

<<< Thank you for your visit >>>

Hot Websites