Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
dads friend steve
Dec 24, 2004

my homie dhall posted:

connection draining in traditional setups is fine because the number of nodes is small, the price for keeping them in sync is fairly small. with kubernetes services, every node in your cluster becomes a load balancer lol

kube docs posted:

kube-proxy
Synopsis

The Kubernetes network proxy runs on each node. This reflects services as defined in the Kubernetes API on each node and can do simple TCP, UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP forwarding across a set of backends.

o yah, forgot about this part. I think that was what I was missing. thanks, and lol

Adbot
ADBOT LOVES YOU

Nomnom Cookie
Aug 30, 2009



distortion park posted:

I should point out that idk if the problem I originally posted is impossible to solve in general, but it definitely didn't occur using ECS Fargate and definitely did running the same system on eks. This was a pretty small system with light but consistent load

ECS was built by people who knew how to design for scale and it shows

Radia
Jul 14, 2021

And someday, together.. We'll shine.
k8s built on eks and properly maintained and setup by dedicated folks is the ideal world, but tbqh most companies can't or don't need to invest that much into it, and for those ECS is perfectly needs-suiting

12 rats tied together
Sep 7, 2006

it ends up being dumb as poo poo running on EKS only because you use the elb annotation on your service and it points traffic to all of your eks nodes which then use iptables dnat to, sometimes, make it to the right node + pod. why bother? you're like 2 steps away from just configuring normal aws poo poo which doesn't have this problem and properly connection drains even up to a million rps

distortion park
Apr 25, 2011


I like ECS because the documentation/public blogs about how to do basic poo poo is pretty good, and most people end up with similar setups. Can't say the same for k8s where there are a million options for everything

Bored Online
May 25, 2009

We don't need Rome telling us what to do.
kubernetes: whatre you gonna do? use nomad?

Radia
Jul 14, 2021

And someday, together.. We'll shine.

12 rats tied together posted:

it ends up being dumb as poo poo running on EKS only because you use the elb annotation on your service and it points traffic to all of your eks nodes which then use iptables dnat to, sometimes, make it to the right node + pod. why bother? you're like 2 steps away from just configuring normal aws poo poo which doesn't have this problem and properly connection drains even up to a million rps

i honestly think the ability to just switch to another k8s cluster if needed completely invisibly makes up for this. i think this is vaguely subjective so u can disagree

12 rats tied together
Sep 7, 2006

maybe 2 years ago i would have tried to convince you that its actually Always Worse, but in 2022 im more of the opinion that you need to use whatever your ops team is good at and you also need to pray to the almighty that your ops team has at least one thing they are good at

MononcQc
May 29, 2007

we’re on EKS and it’s probably nicer than custom chef stuff but there’s a tremendous amount of complexity to properly dealing with all the poo poo related to custom nodegroups and orderly shutdown that I wish I had never had to learn.

carry on then
Jul 10, 2010

by VideoGames

(and can't post for 10 years!)

MononcQc posted:

nodegroups

i'm sorry, this terminology is giving me terrible flashbacks to websphere nd stuff

MononcQc
May 29, 2007

carry on then posted:

i'm sorry, this terminology is giving me terrible flashbacks to websphere nd stuff

it’s essentially just “bring your own ASG” in EKS, so you can do some custom poo poo to your hosts before handing them to the EKS cluster.

nrook
Jun 25, 2009

Just let yourself become a worthless person!
I have a personal project where I need to deploy a django webapp + postgres (+ a staging instance of the same webapp), and since it's a personal project my budget is like $25/mo. In real life I would use k8s for this obviously but at home I'm not going to janitor a loving self-administered kubernetes cluster on a single VPS node. what should I do instead? I'm definitely using containers because there is no way I am going to try to deploy python apps without them.

I hear docker swarm is lightweight and easy to use but I also hear it is for clowns so I'm a bit reluctant. I guess I could just use docker compose

Jonny 290
May 5, 2005



[ASK] me about OS/2 Warp
i dont know what swarms or whatever are just spin up a couple containers, this should be 5 or 10 a month at DO

Hed
Mar 31, 2004

Fun Shoe

nrook posted:

I have a personal project where I need to deploy a django webapp + postgres (+ a staging instance of the same webapp), and since it's a personal project my budget is like $25/mo. In real life I would use k8s for this obviously but at home I'm not going to janitor a loving self-administered kubernetes cluster on a single VPS node. what should I do instead? I'm definitely using containers because there is no way I am going to try to deploy python apps without them.

I hear docker swarm is lightweight and easy to use but I also hear it is for clowns so I'm a bit reluctant. I guess I could just use docker compose

Use k3s if kubernetes is a tech you're strong with.
Or my favorite for home personal projects - tmux with docker-compose running in it

Progressive JPEG
Feb 19, 2003

for single node just use docker compose

outhole surfer
Mar 18, 2003

is argocd still the only gitops tooling with commit signature verification?

how is this not a standard feature by now? does everyone doing gitops just blindly trust that github will never get owned?

nrook
Jun 25, 2009

Just let yourself become a worthless person!
this seems reasonable, I'll just use docker compose

Tankakern
Jul 25, 2007

i'd use python manage.py runserver

nrook
Jun 25, 2009

Just let yourself become a worthless person!
there is very little I wouldn't do to avoid figuring out how to run two python servers with different versions of the same deps on the same server at the same time

Sapozhnik
Jan 2, 2005

Nap Ghost
Quadlet seems nice for managing single node containers but it doesn't seem to be widely packaged/available yet

Qtotonibudinibudet
Nov 7, 2011



Omich poluyobok, skazhi ty narkoman? ya prosto tozhe gde to tam zhivu, mogli by vmeste uyobyvat' narkotiki

nudgenudgetilt posted:

is argocd still the only gitops tooling with commit signature verification?

how is this not a standard feature by now? does everyone doing gitops just blindly trust that github will never get owned?

i mean, there's "github will never get owned" and "github will never get owned by someone who burns a github exploit on you"

Nomnom Cookie
Aug 30, 2009



nrook posted:

there is very little I wouldn't do to avoid figuring out how to run two python servers with different versions of the same deps on the same server at the same time

the way to do this is use docker

outhole surfer
Mar 18, 2003

Nomnom Cookie posted:

the way to do this is use docker

or venvs...

nine times out of ten that I see python in docker, they're still using a venv inside the docker container

DELETE CASCADE
Oct 25, 2017

i haven't washed my penis since i jerked it to a phtotograph of george w. bush in 2003
men are from mars, women are from venvs

Nomnom Cookie
Aug 30, 2009



nudgenudgetilt posted:

or venvs...

nine times out of ten that I see python in docker, they're still using a venv inside the docker container

until three months later when one app has upgraded and needs Python 3.9+ and the other app breaks on anything newer than 3.6 so now you’re managing interpreters too. just use docker

12 rats tied together
Sep 7, 2006

if this is anyone's job IRL seriously just spend half of a workday reading the module loader documentation so you can avoid being the person who uses pipenv and virtualenv and pyenv inside of a container

distortion park
Apr 25, 2011


nrook posted:

I have a personal project where I need to deploy a django webapp + postgres (+ a staging instance of the same webapp), and since it's a personal project my budget is like $25/mo. In real life I would use k8s for this obviously but at home I'm not going to janitor a loving self-administered kubernetes cluster on a single VPS node. what should I do instead? I'm definitely using containers because there is no way I am going to try to deploy python apps without them.

I hear docker swarm is lightweight and easy to use but I also hear it is for clowns so I'm a bit reluctant. I guess I could just use docker compose

this might be free using fly.io, which also has a very nice user experience

e: I think it should be, as long as you share the pg instance between staging and prod (use different dbs or schemas within the instance): https://fly.io/docs/reference/postgres/

distortion park fucked around with this message at 08:39 on Sep 12, 2022

Armitag3
Mar 15, 2020

Forget it Jake, it's cybertown.


12 rats tied together posted:

if this is anyone's job IRL seriously just spend half of a workday reading the module loader documentation so you can avoid being the person who uses pipenv and virtualenv and pyenv inside of a container

I was convinced it was good practice to still use venvs inside containers, since it isolates your app's dependencies from the image's system python

Corla Plankun
May 8, 2007

improve the lives of everyone

12 rats tied together posted:

if this is anyone's job IRL seriously just spend half of a workday reading the module loader documentation so you can avoid being the person who uses pipenv and virtualenv and pyenv inside of a container

can you explain this more? i feel like i should know what you're talking about since I've done a shitload of python but this doesn't make any sense to me

are you just talking about configuring the pip stuff and installing instead of running a script?

Jonny 290
May 5, 2005



[ASK] me about OS/2 Warp
dont nest virtualization or containers unless you have a specific reason to, basically

outhole surfer
Mar 18, 2003

Jonny 290 posted:

dont nest virtualization or containers unless you have a specific reason to, basically

venv really isn't virtualization or containerization in any meaningful way. it's just a wapper for configuring the PYTHONHOME environment variable to look for your dependencies in an application specific path instead of system paths.

unless you want to use only system python package or you're comfortable with pip replacing your system python packages, you want something like venv managing where your application dependencies live.

edit: too early, typed PYTHONPATH instead of PYTHONHOME

edit again after actually looking at the script: all it does these days is set your PATH env var -- I'd have sworn in the past there was a python specific env var that was also set. either way, nothing to do with virtualization or containerization

outhole surfer fucked around with this message at 17:13 on Sep 12, 2022

12 rats tied together
Sep 7, 2006

nudgenudgetilt posted:

edit again after actually looking at the script: all it does these days is set your PATH env var

yup. the python module loader is extremely stupid, it looks in a bunch of predictable folders for files that seem like modules, and then runs them. it goes cwd -> pythonpath -> site-packages folder, where both pythonpath and site-packages have a shim or prefix or whatever based on the installation -- whatever binary you ran the script with

so, if you want to run two applications on the same python version with different dependencies, you can janitor pythonpath (prepend a per-app folder), you can install two pythons, or you can run your python inside of some kind of sandbox like a container. don't do all 3 of these at the same time because its annoying to me personally

Armitag3 posted:

I was convinced it was good practice to still use venvs inside containers, since it isolates your app's dependencies from the image's system python
imho if you're using containers you should build a base container image that doesnt have this problem

12 rats tied together fucked around with this message at 17:35 on Sep 12, 2022

Corla Plankun
May 8, 2007

improve the lives of everyone
this discussion just reminded me of a time when i made a snowflake.py script in a project and its existence broke the whole entire snowflake db module for some reason :laugh:

Hed
Mar 31, 2004

Fun Shoe

12 rats tied together posted:


imho if you're using containers you should build a base container image that doesnt have this problem

agree, but it’s super annoying you can’t add an —I-know-what-I’m-doing flag to pip install so your container builds don’t warn you about installing to the system python

Share Bear
Apr 27, 2004

possibly dumb question but: youre not running the python slim image and its pip? or even making and storing a copy of it to internal artifact repo?

Qtotonibudinibudet
Nov 7, 2011



Omich poluyobok, skazhi ty narkoman? ya prosto tozhe gde to tam zhivu, mogli by vmeste uyobyvat' narkotiki

Jonny 290 posted:

dont nest virtualization or containers unless you have a specific reason to, basically

our CI system:

kind running on VMs go brrrrrrrrrrrrrr

Qtotonibudinibudet
Nov 7, 2011



Omich poluyobok, skazhi ty narkoman? ya prosto tozhe gde to tam zhivu, mogli by vmeste uyobyvat' narkotiki
not sure which i hate more:

- Azure deciding as of 1.24 that HTTP LoadBalancer Services must have mandatory HTTP healthchecks that just default to "GET /", because it's a well-known part of the HTTP standard that you just have to respond with 200s to those requests, even though the standard Pod readiness/liveness mechanism is right there and was working fine before. to their credit, they at least let you configure the path (so they're not as boneheaded as GCP), but this isn't of much use for our HTTP service that doesn't allow any requests that don't present a client cert first.
- Azure support apparently not knowing about this at all and just saying "idk, no idea why it doesn't work anymore, just flip the appProtocol to tcp" like yeah, sure, we'd love to just change the setting that's been there forever (for everyone) to have other customers test how that changes behavior on other cloud providers
- Random sales engineer saying "just make it configurable!" like they aren't the same people constantly complaining how there are too many settings and we don't produce ready-made manifests for the exact config they happened to want that day

Progressive JPEG
Feb 19, 2003

1.24 of what

Progressive JPEG
Feb 19, 2003

oh god are you using aks

Adbot
ADBOT LOVES YOU

git apologist
Jun 4, 2003

VSOKUL girl posted:


- Random sales engineer saying "just make it configurable!" like they aren't the same people constantly complaining how there are too many settings and we don't produce ready-made manifests for the exact config they happened to want that day

:smugmrgw:

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply