Engaging in conversation is one of the core principles when building and maintaining a remote culture! It is then intuitive to say that certain jargon, abuse or harassment, even if not originally said with a malicious intent, stop people from contributing to conversations, or even worse, stop them from engaging altogether, this can also be extended to counter-productive vocabulary such as the use of negatively associated words and poor machine translations. …
Or knowing the minimum amount so that you can build something…
Just hearing “Machine Learning”, “Neural Networks”, etc can be exhausting and honestly incredibly confusing to understand, but does it have to be?
In some respects, it will have to be, as with learning any new subject there is core knowledge that is needed and with ML it is quite steep.
Uber has recently released Ludwig which is “a toolbox built on top of TensorFlow that allows to train and test deep learning models without the need to write code.”
Fantastic! Now I don’t need to learn to code to produce initial models! …
Ever wanted to know a field in your Kubernetes yaml definition, but found it ridiculously difficult to find out what it means or even how to use it 😥?
kubectl is to the rescue!
To get started we can familiarise ourselves with what API resources we have available to use. To do this we can run
kubectl api-resources, looking at the output of this command we can start to paint a picture of what resources our cluster is composed of.
Let’s take the deployment resource as our first example. Interestingly we can see that multiple definitions exist for this resource, once for the API Group
extensions and one for
Understanding the performance profile of your Node.js applications can be a difficult process, particularly while dealing with an ever-changing landscape in an evolving ecosystem.
In this post, I am going to explore looking at Node.js application performance using tools that are compatible with other programming languages, to provide a cross-language profiling toolset, that can be used on Linux systems with a recent Kernel.
We will be using a bunch of tools that are part of the Linux Kernel but don’t let that scare you, they are pretty simple once you understand the basics.
The first tool of the bunch is found in the “linux-tools” package and is suitably named
perf, it can also be referred to as
perf_events because poor SEO of
perf and that the supporting documentation from Brendan Gregg and Vince Weaver uses
perf_events. In our case
perf_events samples the Linux Kernel to provide a statistically relevant set of data of the runtime of your application without capturing all data points, that would either be too much or even more importantly slow down your application/machine. …
Providing access to Kubernetes with multiple teams of developers, handling new joiners or people leaving means that the rotation of user access can be a daunting task. Kubernetes provides a few methods from X509 Client Certs, Static Token Files, Static Password File, Service Account Tokens, OpenID Connect Tokens and Anonymous Access.
But choosing the right authentication method is a difficult task, and it may have severe security implications if implemented incorrectly. This article will demystify the available options and provide an implementation that is Open-Source, in use by us at YLD and our clients.
Lets start with what should be avoided as much as possible, Static Token and Static Password Files, why? No method of token revocation exists, as well as any other changes require the kube-apiserver to be restarted. So the question is, do you trust the team handling user creation and deletion to have access to restart and modify the kube-apiserver? Even the docs mention “Note that basic authentication is currently supported for convenience while we finish making the more secure modes described above easier to use”. So if you must use these, please, proceed with caution! …
Securing your Kubernetes cluster is one thing, keeping it secure is a continuous uphill struggle. However, with the introduction of new features to Kubernetes it is becoming much easier to do both.
Kubernetes (as of version 1.6) has introduced the concept of Role-Based Access Control (RBAC), allows administrators to define policies to restrict the actions of users of your cluster. This means it is possible to create a user with limited access, allowing you to restrict access to resources such as Secrets, or by limiting access of that user to a specific Namespace.
This blog post will not look at how to implement RBAC, as there are many decent sources of information that cover it in vast…
This post will explore extending the Kubernetes API Admission Controllers by using Webhooks and my own heart rate.
The Kubernetes API has a core concept of an “Admission Controller”, these controllers are compiled into the
kube-apiserver binary and intercepts API requests before they are persisted to the Kubernetes storage back-end (etcd).
As these admission controllers are compiled into a binary, it restricts changes to a cluster administrator, which can enable the pre-compiled options by using the
--enable-admission-plugins or by modifying the
kube-apiserver binary to patch in the functionality that is needed, a scary thought.
There are other ways though, as of Kubernetes 1.8, the concept of Dynamic Admission Controllers was introduced with the alpha API addition of Admission Controller Webhooks, these graduated to beta in 1.9 …
Getting to grips with Kubernetes can be extremely difficult, with so much information floating around on the seas of the internet, it is sometimes very difficult to find the “core” pieces of information to understand Kubernetes, especially when seeing how dense the information is on kubernetes.io’s concepts pages and documentation. In part one of this “Kubernetes” blog series, we will explore the core concepts of Kubernetes to gain a base level of knowledge, so that we can together demystify Kubernetes.
Kubernetes provides the fundamentals and building blocks to construct a usable platform for your team to develop and release to.
Users can administer their Kubernetes clusters through a graphical user interface as well as an imperative and declarative command line interface, designed to manage the entire life-cycle of your containerised applications and services. …
A fictional dialog.
The Uninformed: You must use Docker, I know we are only a team of 5, but everyone else is using it!
Developer: But we are building a simple service, which will bring us excellent value, we need to ship now.
The Uninformed: Sorry, we build everything using Docker, however as we haven’t got any infrastructure in place, you will have to wait a few months.
The Informed: Don’t use Docker! We need to provide value before we even need to consider using something complex like Docker.
The Informed: We are going to make the operational decision that all new services in our business, which will be deployed to our new infrastructure, will be required to use Docker. Our platform is ready to go; the added benefit of security and consistent environments allow us to ensure what is tested in our continuous delivery pipeline is the same as what is deployed. …