Good Karma Kit

The Good Karma Kit is “a Docker Compose project to run on servers with spare CPU, disk, and bandwidth.” I like the idea in principle, but it is always a complex thing to do, because if you host unknown content, you can get in trouble easily (like pirated content or worst…)

Read More

In the last projects, I get used to use K8s CronJob(s) to schedule tasks.

The most effective way of doing it, is to create a super-tiny cronjob, which the sole purpose is to call a REST webbook(s) of a specific microservice, to fire some action in a predictable way.

Read More

I am always amused on how complex K8s/Docker Swarm are, and how easy “plain” docker is.

Read More

Bullet points:

1. 1979: Unix V7 Introduced the chroot command to isolate the filesystem a process "access" to.
2. Various technology was introduced up to 2006, like Virtuozzo (which patched Linux in a proprietary ways)
3. 2006: Process Containers Launched by Google in 2006 was designed for limiting, accounting and isolating resource usage (CPU, memory, disk I/O, network) of a collection of processes. It was renamed “Control Groups (cgroups)” a year later and eventually merged to Linux kernel 2.6.24.
4. 2008: LXC LXC (LinuX Containers) was the first, most complete implementation of Linux container manager. It was implemented in 2008 using cgroups and Linux namespaces, and it works on a single Linux kernel without requiring any patches.
5. 2013: Docker Docker used LXC in its initial stages and later replaced that container manager with its own library, libcontainer. Docker offered a way to configure and manage containers, i.e a standard de-facto for this technology. As you see Docker was based on cgroups and LXC, seven-years old technologies
6. On September 2014 Google published the first release of Kubernetes
7. In 2015 Docker, CoreOS and others founded the Open Container Initiative's (OCI). K8s does not need docker anymore to work, but Docker traction is still strong.

 

References:

Read More

My true personal opinion based on what customers asks and what co-worker uses:

1. docker , docker-compose is still the dev winner
   1. Podman is rising but it has no extra feature, because docker support the rootless mode too.
   2. Ignite – Use Firecracker VMs with Docker images (github.com/weaveworks) Super-fast VM based on container are gaining traction. Driving force are cloud providers, but this idea can eventually be helpful for some service providers.
2. K8s + Helm keep going K8s is "the" abstraction layer for Cloud providers, to some extent. K8s offers tons of extension points, for automation tools and for cloud providers. The only downside is its heavy lifting: for very simple deploy (less than 3 physicals nodes) it is still an overkill in pricing and management overhead. Also it needs at least a speedy 2-Core CPU to work. Cost rising due to inflation can have a negative impact on "Fat"-K8s solution.
3. Jenkins pipeline sucks It is sad to say, but GitHub actions & similia (like GitLab pipelines, Bitbucket pipelines and Cloud provider similar services like AWS CodePipeline) are a winner. Jenkins declarative pipeline are elegant, but its declarative language depends on Jenkins plugins, so you must keep track of them. Also, it is frequent to build groovy library on top of it And when you need to upgrade Jenkins from time to time, you face a lot of refactoring on pipeline syntax, and it is increasing difficult to estimate.

In this second article, I suggest to explore further two simple helm chart for getting a bit more inside K8s.

 

Grafana

Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream.

The Loki project was started at Grafana Labs in 2018, and announced at KubeCon Seattle. Loki is released under the AGPLv3 license

To install Grafana+Loki follow the instruction depicted here: the install will teach you how to use helm charts dependency too, so please take time to download the loki chart and study it

Read More

K8s is a very complex beast. But it give you a very good set of security defaults, and it is also a very well done implementation of a microservice application.

After installing Docker Swarm on some Customer, we are giving up on Swarm because the Enterprise version was acquired by Mirantis and now is marketed like “K8s” engine,  so Swarm seems K8s right now.

Read More

https://github.com/daitangio/misterio

Why

[UPDATED 21/3/2022]

I have a shiny mail server on gioorgi.com. I decided to manage it on first person because it is important to have tight control on your email, in my humble opinion. It is not strictly necessary, but lending your email address to big company like Googles, Microsoft, Yahoo and so on could be a issue if you get banned by them for whenever reason.

Read More

Hosting your own email server is not a mandatory task; it increase your attack surface too. But relaying too much on big emails provider (Gmail, Outlook, Aruba, Fastmail) could be a risk for our democracy. For instance, who decide how Spam is managed (i.e. what could be a Spam email)? Can we trust big providers? Email has legal value, and its content should stay as much as private as possible.

Read More

Use docker in docker to drive docker from a container Working under windows, sometimes docker slow down. Sometimes you need to access to the MobyVM. With this line:

docker run --rm  -ti -v "/var/run/docker.sock:/var/run/docker.sock" -v /:/host   docker  sh

you run a container which will removed upon exit. This container can access to docker daemon (via the docker in docker image) and has also access to MobyVM under the /host mount point. Keep in mind this container has total access to your windows C: disk too, so be careful! Find the total memory % used by your containers:

Read More

Sometimes your windows' HyperV Hypervisor will refuse to start.

The problem is tricky because the services seems started if you check them. Also the installation is successful, virtualization is enabled and so on. So what is wrong?

Read More