Tweets of March 31 2021

miek
#twitter  @twitter 

Rescheduled to now

Wed Mar 31 15:17:55 +0000 2021

Replying to @miekg

Wed Mar 31 15:40:37 +0000 2021

Replying to @miekg

We think the surstromming is bad, didn’t cause any vomit. Smell is bad though

Wed Mar 31 15:44:50 +0000 2021

Replying to @TonKersten

Why not?

Wed Mar 31 16:11:33 +0000 2021

Replying to @miekg

Do I have covid-19

Wed Mar 31 16:15:18 +0000 2021

Replying to @pigero

Don’t worry this is how our generic plates look. We also eat Dutch food off of it 😬

Read more →

Tweets of February 26 2021

miek
#twitter  @twitter 

Replying to @BillJelavich, @pletterpet, @fanf and @andrewtj

don’t worry there seems plenty of opportunity to redo decades of provisioning ... but now through port 53 \(zonemd, catalog zones, etc\. etc\.\) Let’s do that first and then solve issues people other than dnsops care about

Fri Feb 26 15:19:58 +0000 2021

Replying to @odintsov_pavel

Yes!

Fri Feb 26 17:21:37 +0000 2021

Replying to @odintsov_pavel

And then start with the Auth and in a few years we can extend it to \(stub\)resolvers

Read more →

DNS with K3s and systemk

miek
#k8s  #dns  #systemk  @k8s 

In a DNS zone that I had laying around, I’ve come with the following scheme to have a working DNS with systemk. Note this does not deal with the control plane, those are routed via tailscale and I’m using IP addresses there. If naming is required here, it can be fitted in the scheme as well.

Using example.org as the domain here.

Scheme

An m “subdomain” (it’s not delegated) holds all the names and IP address of the machines of interest.

Read more →

Provisioning K3s and systemk

miek
#k8s  #debian  #systemk  @k8s 

Due to a previous job I’m calling nodes, “machines”, also because this is about systemk, it’s more likely you are actually using a real machine. So I’ll keep on using “machines” in this post.

First up: I needed an easy way to build packages of the software I’m using. For this I’ve setup a small CI using GitHub workflows that builds Debian packages for me: https://github.com/miekg/debian. (A Debian package repository would even be better, so I can more easily do upgrades).

Read more →

Tweets of November 30 2020

miek
#twitter  @twitter 

Even though everything mandates TLS in k8s/k3s there is no good answer to updating/rotating/distributing them??

Mon Nov 30 13:14:59 +0000 2020

Replying to @bboreham

looks too high level, i.e more focused on application getting certs not the lower level infra bits.

Mon Nov 30 13:22:51 +0000 2020

Replying to @bradfitz

ugh :(

Mon Nov 30 13:27:18 +0000 2020

Replying to @GuerillaNerd

I need to restart k3s for that too work \(at the correct time\). Also does that magically update the kubelet’s cert \(or mine virtual kubelet thing?\)

Read more →

Kubernetes Control Plane for Debian?

miek
#k8s  #debian  @k8s 

The everything is a object in Kubernetes is a very nice abstraction. The ability to influence it with just kubectl makes for only one control plane (to learn).

The networking, ingress, discovery, installation, etc. are all not that great. So I’m pondering marrying the things I love: have a plain Debian system, “normal” networking (no overlay/underlay/whatever), Debian packages, etc. And controlling it all via kubectl.

This should include a sane installation and allow for rollbacks. Metrics and observability should be supported, but will probably be more of the same (install the binaries and push configuration = k8s objects).

Read more →

Tweets of September 30 2020

miek
#twitter  @twitter 

I see no reason to change everything, so I use caddy v1, but “panic: qtls.ConnectionState not compatible with tls.ConnectionState” damnit

Wed Sep 30 05:52:54 +0000 2020

Replying to @_francislavoie

Probably will do that, thanks! I have a couple of plugins and no intent to rewrite them for caddy v2

Wed Sep 30 06:18:21 +0000 2020

Replying to @empijei, @_francislavoie and @mholt6

go get http://github.com/lucas-clemente/quic-go@latest fixes this. Thanks.

Wed Sep 30 07:57:32 +0000 2020

Read more →

Tweets of June 30 2020

miek
#twitter  @twitter 

Replying to @sszuecs

not starting is a pretty good way to get your attention?
Log more - if read those... How about the metrics change we did in 1.7.0..?

Tue Jun 30 07:08:45 +0000 2020

Replying to @sszuecs

I think not start is one of the fews ways of doing this. The major downside of this is pushing new config and having coredns auto-reload. It will refuse to use the new config \(and keep running\). Until you restart it, then it will Fatalf and make you write a post mortem

Read more →

Tweets of April 30 2020

miek
#twitter  @twitter 

RT @dgnijmegen: EOD razend druk: door corona werken meer mensen in de tuin en halen meer explosieven boven
https://www.gelderlander.nl/berg-en-dal/eod-razend-druk-door-corona-werken-meer-mensen-in-de-tuin-en-halen-meer-explosieven-boven~a409f2b7/ https://…

Thu Apr 30 05:52:08 +0000 2020

Replying to @miekg

More progress in the last view days

Thu Apr 30 09:55:30 +0000 2020

Replying to @miekg

*few #sigh

Thu Apr 30 10:14:13 +0000 2020

And still causes confusion. #dns #protolol https://twitter.com/BillJelavich/status/1255935053516988417

Thu Apr 30 19:29:18 +0000 2020

Read more →

Tweets of March 31 2020

miek
#twitter  @twitter 

Once an SRE, always an SRE. I’m trying to automate \(mostly via tests\) every style nit that shows up in CoreDNS and isn’t caught by the standard go tooling.
Like this:
https://github.com/coredns/coredns/blob/master/test/metric_naming_test.go
https://github.com/coredns/coredns/blob/master/test/presubmit_test.go

Tue Mar 31 18:09:24 +0000 2020

Replying to @advance_lunge

jesus....

Tue Mar 31 18:46:20 +0000 2020

Replying to @rikribbers and @berkes

Yes and yes

Tue Mar 31 20:27:05 +0000 2020

Read more →

Tweets of February 28 2020

miek
#twitter  @twitter 

When you are better prepared for Brexit than the UK.
“Neighbouring countries including France, the Netherlands and Ireland launched customs officials recruitment drives last year, with six-month training schedules considered a minimum”
https://www.theguardian.com/politics/2020/feb/28/extra-50000-border-staff-needed-for-post-brexit-trade-says-gove

Fri Feb 28 13:21:08 +0000 2020

Read more →

Tweets of January 31 2020

miek
#twitter  @twitter 

Replying to @craig_tracey

https://github.com/coredns/coredns/issues/1999

Fri Jan 31 09:17:00 +0000 2020

Replying to @toraton

it can work, but it still DNS so you’re at the mercy of clients. Also k8s networking is fubar, so in the current IPv4 NAT setup there will also be a difference between in-cluster addresses and outside. IPv6 can solve this neatly

Fri Jan 31 09:18:45 +0000 2020

RT @ByDonkeys: A message to Europe, this morning on the White Cliffs of Dover. Sound on.

Read more →

Tweets of December 31 2019

miek
#twitter  @twitter 

RT @mdlayher: After just a few days of development, I’ve got an alpha build of CoreRAD running on my router and successfully advertising pr…

Tue Dec 31 17:11:11 +0000 2019

RT @mipsytipsy: wrong
wrong
so wrong
annnnd wronger 🌈✨

But if you’re looking for an object lesson in how to drain your software engineeri…

Tue Dec 31 18:05:37 +0000 2019

Replying to @olix0r and @ibuildthecloud

The \(discussed in Google\) alternative is to just do it all in code... Write it in Go - jury is still out if this is a better idea

Read more →

Tweets of November 30 2019

miek
#twitter  @twitter 

Replying to @tompusateri

3a:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter \(rev 32\)
w/
firmware-atheros 20190917-1
\(works flawlessly in 5\.3\.x\)

Sat Nov 30 08:13:46 +0000 2019

RT @thedarktangent: To tie back to the first post, how the community, ICANN, and ISOC responds to the insider sale of .org will determine h…

Sat Nov 30 09:15:15 +0000 2019

RT @RedHat: Imagine a plume of smoke rising from the hood of your car. Now, imagine being unable to pop it open and investigate.

Read more →