|
Nomnom Cookie posted:operators are very powerful but it should be rare that a cluster owner is writing an operator. if you own a cluster, and you're managing it with ansible (ugh wtf), then why on earth would you make an operator backed by ansible. just use ansible. the point of the operator is that you use go or something to do stuff your normal tooling can't handle well ansible operators are just playbooks that the cluster runs against itself when stuff happens. its good if you need that i agree that >99% of the time you dont need that and you should just use normal ansible, run by a human, for uploading your templated yamls to kubernetes or whatever other api you use that accepts yamls. ansible is very good at templating and shipping around yamls
|
# ¿ Oct 18, 2021 18:30 |
|
|
# ¿ Apr 27, 2024 10:41 |
|
i dont even know how you could hold the packets so wrong as to require layer 2 connectivity. that should be completely transparent to IP, which is a layer 3 protocol
|
# ¿ Jan 7, 2022 20:50 |
|
you have to figure this garbage came from google, which is primarily an adtech company, which (before they started just cheating at the adtech part) meant putting a bunch of network interfaces all around the world and saturating them fully as efficiently as possible it would be significantly harder to ship specialized mainframes around the world and janitor them all perfectly that it would be to buy whatever is available, abstract node performance out to "1000ths of a cpu" and "MiB of memory", and then write a lovely control plane on top so you can treat them all effectively the same just like any other adtech company there are likely multiple dozens of google SWE actively firefighting the internet firehose of poo poo at any given moment, since "just capturing it all" is the main challenge and your primary revenue driver (again, unless you just start cheating) there is certainly a part later down the road where the firehose of poo poo is processed by a relatively normal job processing system, for billing and customer metrics. IME this tends to be hp vertica but im sure google has their own thing
|
# ¿ Jan 7, 2022 22:52 |
|
eschaton posted:except you don’t need specialized mainframe hardware to do real transaction processing, even to do it fast; the specialized hardware is mainly for uptime and to continue scaling decades-old applications i dont know anything about these systems so i will take your word for it. out of genuine curiosity, no rhetoric intended, can I take a uhhh HP MPE (i dont know what this means) transaction processing system and run it at ~3000-3500 transactions/sec per node @ 2500 nodes in a regional datacenter? the transactions are inbound HTTP calls that happen when people load a website that i have a 1px transparent png on. is this something that would be meaningfully better on this tech from the 60s and 70s? the comparison points here are usually just using bare metal, vs using kubernetes (which is stupid).
|
# ¿ Jan 8, 2022 02:52 |
|
thank you for doing the research, that is pretty sick actually. i agree with your take on it, it sucks that the most successful technology company is google and they make all of their money from banner and video ads over http, and its probably poisoned computer for good
|
# ¿ Jan 8, 2022 03:52 |
|
containers auto terminate when their entrypoint finishes, so, a job in kubernetes is just a deployment that has a set of containers that spin up and do something. the containers probably run software specifically for this if that sounds stupid and way harder than celery for no benefit, thats because it is
|
# ¿ Jan 11, 2022 08:31 |
|
for a very brief period of time in 2019 azure aks was better than aws eks, these days i understand it is bad but not as bad as you would expect from an azure product
|
# ¿ May 23, 2022 15:57 |
|
trap sprung: yaml templates itself so every yaml document is technically a template
|
# ¿ Jun 3, 2022 22:42 |
|
you should use eks if you have a legitimate need for the k8s api, for example, because you or someone in your org couldn't figure out how to do something and started using a public helm chart if you just need to launch containers in AWS, use ecs instead
|
# ¿ Aug 30, 2022 16:51 |
|
it's more that you shouldn't need an entire infrastructure devoted to copy pasting "reality serialized to json" into a data store, especially if your only need is "put some yamls into k8s" it's better than helm because helm is, and was, absolute clown poo poo for operations teams who run off of blog posts and hn articles
|
# ¿ Sep 8, 2022 19:30 |
|
having the plan be off the shelf public helm charts/ansible galaxy roles/chef marketplace cookbooks/puppet forge modules/terraform registry modules/cfengine build packages has been a bad idea for about a decade, yea
|
# ¿ Sep 9, 2022 21:53 |
|
we have like 4 decades of HA load balancers, software and hardware, that are able to agree on when it's time for a node to stop receiving traffic it doesn't work in the kube because it was designed by an advertising company and adtech only cares about dumb and bad poo poo happening when it's happening 10 or 20k times per second
|
# ¿ Sep 10, 2022 03:12 |
|
it ends up being dumb as poo poo running on EKS only because you use the elb annotation on your service and it points traffic to all of your eks nodes which then use iptables dnat to, sometimes, make it to the right node + pod. why bother? you're like 2 steps away from just configuring normal aws poo poo which doesn't have this problem and properly connection drains even up to a million rps
|
# ¿ Sep 10, 2022 20:58 |
|
maybe 2 years ago i would have tried to convince you that its actually Always Worse, but in 2022 im more of the opinion that you need to use whatever your ops team is good at and you also need to pray to the almighty that your ops team has at least one thing they are good at
|
# ¿ Sep 10, 2022 21:30 |
|
if this is anyone's job IRL seriously just spend half of a workday reading the module loader documentation so you can avoid being the person who uses pipenv and virtualenv and pyenv inside of a container
|
# ¿ Sep 12, 2022 06:01 |
|
nudgenudgetilt posted:edit again after actually looking at the script: all it does these days is set your PATH env var yup. the python module loader is extremely stupid, it looks in a bunch of predictable folders for files that seem like modules, and then runs them. it goes cwd -> pythonpath -> site-packages folder, where both pythonpath and site-packages have a shim or prefix or whatever based on the installation -- whatever binary you ran the script with so, if you want to run two applications on the same python version with different dependencies, you can janitor pythonpath (prepend a per-app folder), you can install two pythons, or you can run your python inside of some kind of sandbox like a container. don't do all 3 of these at the same time because its annoying to me personally Armitag3 posted:I was convinced it was good practice to still use venvs inside containers, since it isolates your app's dependencies from the image's system python 12 rats tied together fucked around with this message at 17:35 on Sep 12, 2022 |
# ¿ Sep 12, 2022 17:32 |
|
its in the documentation but its extremely stupid, your experts are dumbasses (1 for suggesting terraform in the first place, 2 for whatever this is) are the environments just logical distinctions or do they need to be present in physically separate networks? if its the former, you can just have 1 eks cluster but chuck 3 namespaces onto it, one for each env if you need to have 3 EKS clusters you can just... create 3 of them. if you're stuck with terraform that's as simple as "mkdir prod". you could also click the button 3 times. or create 3 cloudformation stacks.
|
# ¿ Nov 15, 2022 18:53 |
|
creating a module for everything is usually bad. i highly recommend you read the documentation for when to write a module, module composition and (most importantly) dependency inversion if you're a software developer by trade this will probably be fairly remedial to you. its important for ops engineers who are conned into using terraform and who inevitably create a workspace root that invokes a single module called "thething" that invokes nested submodules that each contain 70+ optional resources that are toggled off and on with boolean parameters or by the presence of other related optional resources and which results in configuration that is impossible to inspect or reason about without just running a plan and seeing what breaks rules of thumb: do not put a count = ??? 1 : 0 in your module without thinking about it really hard. if you must have a conditional resource, always explicitly specify the on and off states. never, for any reason, call another module from within a module.
|
# ¿ Nov 15, 2022 20:38 |
|
|
# ¿ Apr 27, 2024 10:41 |
|
if you have any sort of cross-cluster dependencies or shared data you are going to wish you had them in the same file later anyway e: dont use a module though just use a resource foreach
|
# ¿ Dec 2, 2022 05:25 |