I recently went down a very deep rabbit hole to understand why, some months, Cloudflare was charging us 3x what we were expecting for their Cloudflare Images service. I’m posting this write-up because back then, a quick search didn’t turn anything up; and Cloudflare support has totally ghosted us for more than 8 months now. » read more...
I recently investigated a warning message on Kubernetes that said: DNSConfigForming ... Nameserver limits were exceeded, some nameservers have been omitted
. This was technically a Kubernetes event with type: Warning
, and these usually indicate that there’s something wrong, so I wanted to investigate it.
»
read more...
Six months ago, I started using Wayland (the graphics stack that will replace X11 on Linux). This is a summary of what worked, what didn’t, and a few tips and tricks for folks considering to do the same. » read more...
Once in a while, I need to install Archlinux on a new machine. This is the procedure that I follow. It has been recently updated to include root device encryption using LUKS, with the encryption keys stored in the machine’s TPM, and uses SecureBoot so that the device can be unlocked without typing a passphrase, while retaining a good(ish) security level. » read more...
This is a story of how we identified a performance issue in EphemeraSearch. The performance issue itself isn’t very interesting (there is a very low chance that you will run into the same issue), but the methodology that we used might be useful if you need to troubleshoot performance issues in Django. » read more...
To all my LGBT+ friends, peers, and fellow members of the Kubernetes and Cloud Native communities: you do belong here. No matter what others think or say; privately or publicly; you played (and are still playing) a major role in the success of this community. Many of you, through your code, your docs, your talks, your workshops, your pull requests, your comments thereon, your presence on social media and even in the world in general, have positively influenced and helped me in so many ways that I wouldn’t be able to list them all. » read more...
This is a list of recurring anti-patterns that I see when I help folks with their container build pipelines, and suggestions to avoid them or refactor them into something better. » read more...
Je suis abonné à une newsletter qui synthétise l’information quotidienne. Je la pensais objective, mais depuis quelques temps, j’ai des doutes. Je les partage pour créer une conversation. » read more...
I recently decided to check how much it would cost to offset the carbon footprint of my air travel. It was cheaper than I thought: for about 170 flights, it was about $1000. Here are some details and thoughts about the process. » read more...
env0 is a SaaS that can deploy Terraform plans, track their cost, and automatically shut them down after a given time. I’m going to show how to use it to deploy short-lived Kubernetes clusters and make sure that they get shut down when we don’t use them anymore. » read more...
If you are using Linux as your main operating system, you might wonder if it’s doable to use it to stream content, and how. In this article, I’ll tell you everything I learned about this: what works, what doesn’t, and the various hacks that I’m using to keep it working. » read more...
In this article, I’ll talk about the various services and tools that I tried to stream my presentations. I’m going to talk about [OBS Studio], why and how I use it. I will also review a bunch of video conferencing and streaming platforms like [Jitsi], Twitch, YouTube, Zoom. » read more...
This is a long description of the various equipment (cameras, lights, mics, and more) that I am using, or that I have tried to use, to deliver online training and tech talks. » read more...
In March 2020, I started delivering online training sessions (instead of doing it in person). In these series of blog posts, I describe how I’ve set up what I call my “video streaming studio”, hoping that my experience and feedback can be useful to others. » read more...
In the beginning of this series ([first part], [second part]), we covered the most common methods to optimize Docker image size. We saw how multi-stage builds, combined with Alpine-based images, and sometimes static builds, would generally give us the most dramatic savings. In this last part, we will see how to go even farther. We will talk about standardizing base images, stripping binaries, assets optimization, and other build systems or add-ons like DockerSlim or Bazel, as well as the NixOS distribution. » read more...
In the [first part], we introduced multi-stage builds, static and dynamic linking, and briefly mentioned Alpine. In this second part, we are going to dive into some details specific to Go. Then we will talk more about Alpine, because it’s worth it; and finally we will see how things play out with other languages like Java, Node, Python, Ruby, and Rust. » read more...
When getting started with containers, it’s pretty easy to be shocked by the size of the images that we build. We’re going to review a number of techniques to reduce image size, without sacrificing developers’ and ops’ convenience. In this first part, we will talk about multi-stage builds, because that’s where anyone should start if they want to reduce the size of their images. We will also explain the differences between static and dynamic linking, as well as why we should care about that. This will be the occasion to introduce Alpine. » read more...
There is a lot of material out there about services meshes, and this is another one. Yay! But why? Because I would like to give you the perspective of someone who wish service meshes did exist 10 years ago, long before the rise of container platforms like Docker and Kubernetes. I’m not claiming that this perspective is better or worse than others, but since service meshes are rather complex beasts, I believe that a multiplicity of points of view can help to understand them better. » read more...
I’ve just published a series of video of a one-day Kubernetes tutorial that I recently delivered in London. I would like to share the method and tools that I used, because although the result is far from perfect, I believe it can be useful for other speakers who want to share their work to a wide audience without a huge investment (in time and equipment). » read more...
Capacity planning with Kubernetes is a non-trivial challenge. How many nodes should we deploy? What should be their size? When should we add or remove nodes to accommodate variations in load? One solution is to not deploy nodes, and provision resources on-demand instead. Let’s see how to do that. » read more...
For anyone using containers, Docker is a wonderful development platform, and Kubernetes is an equally wonderful production platform. But how do we go from one to the other? Specifically, if we use Compose to describe our development environment, how do we transform our Compose files into Kubernetes resources? » read more...
Cette article est la suite du précédent. Aujourd’hui, on va entrer dans les détails pour voir comment adapter une application décrite par un fichier Compose afin de la faire tourner sur Kubernetes. » read more...
Dans le monde des conteneurs, Docker est une formidable plateforme de développement, et Kubernetes une tout aussi formidable plateforme de production. Comment passe-t-on de l’un à l’autre ? En particulier, si l’on utilise Compose pour décrire son environnement de développement, comment traduit-on ses fichiers Compose en ressources Kubernetes ? » read more...
I’m going to try to explain how I felt when I was struggling with depression. There will be gnomes and other lousy metaphors, but don’t let that distract you. » read more...
What’s the difference between a junior and a senior software engineer? Is it the responsibility of a company to provide learning resources (e.g. time or mentoring) to its engineers? What makes a good mentor anyway? » read more...
On parle souvent des conteneurs comme un moyen d’accélérer les cycles de développement, mais ils permettent aussi de dérisquer (ou réduire les risques, si le néologisme vous fait grincer des dents ☺) les opérations de déploiement. Comment donc ? Grâce à un pattern sûrement familier à certain·e·s d’entre vous : les « infrastructures immutables ». Nous allons voir comment ce pattern réduit les risques, et comment les conteneurs le rendent accessible à des structures de tailles et de compétences variées. » read more...
Depuis quelques années, l’industrie du logiciel parle énormément des containers ; notamment de deux projets phares de cet écosystème : Docker et Kubernetes. Cet article donne une introduction de haut niveau (à quoi servent les conteneurs?) et donne un exemple de feuille de route que vous pouvez utiliser dans votre “voyage” pour adopter cette technologie et en tirer le meilleur parti. » read more...
I was given the opportunity to test AppSwitch, a network stack for containers and hybrid setups that promises to be super easy to deploy and configure, while offering outstanding performance. Sounds too good to be true? Let’s find out. » read more...
This is a boring post about boring tax stuff. It’s boring but I wish I had known that when I moved to the US — it would have saved me more than $10K. » read more...
TL,DR: I have left Docker Inc. to take a sabbatical and recover from depression and burnout. I plan to dedicate the next six months to family, friends, meditation, music, and generally speaking, enjoy life to recharge for whatever will come next. » read more...
I want to share a few organizational tools that helped me to be more productive while dealing with stress, anxiety, and depression. They include post-it notes, Trello cards, calendars, and emojis (just to name a few). I’m sharing them in the hopes that they can be a source of ideas and inspiration for those struggling with similar conditions. » read more...
A few months ago, I started using a 2017 12” Macbook Air. This machine has only two ports: an audio jack, and one USB-C port. That USB-C port is the only thing you have to plug external storage and monitors, network connectivity, and of course, a power supply. I had to do some research to understand how USB-C works, and find the perfect adapters (at least, the perfect adapters for what I do). » read more...
A few months ago, I wrote and delivered a Kubernetes orchestration workshop, based on my Swarm orchestration workshop. While doing so, I hit a few snags; and since I’m attending KubeCon this week, I thought this would be the perfect occasion to track down Santa Kube and give them my wishlist for Christmas! 🎄🎅🏿❤️ » read more...
Just because we’re using containers doesn’t mean that we “do DevOps.” Docker is not some kind of fairy dust that you can sprinkle around your code and applications to deploy faster. It is only a tool, albeit a very powerful one. And like every tool, it can be misused. Guess what happens when we misuse a power tool? Power fuck-ups. Let’s talk about it. » read more...
You’ve accepted to be a “track host,” but you don’t know how to do it? Or you’ve done it before, but you’d love to swap a few tips, tricks, and new ideas to do it better next time? I got you covered! » read more...
I’d like to tell you a short story illustrating why training your employees is crucial to the success of your organization. » read more...
Have you heard about dotCloud? If you haven’t, I’m going to give you a hint: it is a PAAS company. Another hint: eventually, dotCloud open-sourced their container engine. That container engine became Docker. » read more...
If you are running apps in containers and are using Docker’s GELF logging driver (or are considering using it), the following musings might be relevant to your interests. » read more...
In conversations about sexism (in the tech industry or elsewhere), men are often surprised to hear how bad the situation is for some of their women coworkers and friends. We often are tempted to say “this wouldn’t happen in my company.” If you are an expatriate or travel abroad, there is also the variant “in my country, we treat women fairly!” I would like to share something that made me think twice about this. » read more...
I usually write in English, about container technology. This will be in French, and about very different topics. You’ve been warned! :-) » read more...
This is a short collection of tips and tricks showing how Docker can be useful when working with Go code. For instance, I’ll show you how to compile Go code with different versions of the Go toolchain, how to cross-compile to a different platform (and test the result!), or how to produce really small container images. » read more...
A while ago, I wrote about how to bind-mount the Docker control socket instead of running Docker-in-Docker. This is a huge win for CI use-cases, and many others. Here I want to talk about a more generic scenario: controlling any Docker setup (local or remote Engine, but also Swarm clusters) from a container, and the benefits that it brings us. » read more...
TL,DR: we all have different perceptions and experiences. Just because you’re fine with a picture, book, movie, etc., doesn’t mean that everybody will accept it equally well. Even if you are the nicest person in the world. Let’s accept it, and be aware of each other’s sensitivities. » read more...
Here are a few tips and tricks that I learned when building then delivering the Docker Fundamentals course at Docker Inc. This course is a 2 days training designed to be delivered to small groups (up to 20 people) but we also delivered the intro part many times at tech conferences, to groups of varying sizes (50 to 300). » read more...
The primary purpose of Docker-in-Docker was to help with the development of Docker itself. Many people use it to run CI (e.g. with Jenkins), which seems fine at first, but they run into many “interesting” problems that can be avoided by bind-mounting the Docker socket into your Jenkins container instead. » read more...
This number is wonderful. Not because it’s high or low, but because it exists. The fact that it is possible (and relatively easy) to compute this metric means that it will be possible (and relatively easy) to improve it, among other things. » read more...
In a Dockerfile, if you put data in a directory, and then declare that directory to be a volume, weird things can happen. Let’s see what exactly. » read more...
This morning, I watched AWS’ webinar presenting their container service. Here are some quick notes, for those of you who are as curious as I was about it! » read more...
It has been asked on #docker-dev recently if it was possible
to attach a volume to a container after it was started.
At first, I thought it would be difficult, because of how
the mnt
namespace works. Then I thought better :-)
»
read more...
This is my recipe for Gravlax (cured salmon). It makes a great appetizer. The only downside is that you must prepare it in advance, since it needs to cure 36 to 48 hours in the fridge. » read more...
This is a simple recipe showing how to run syslog in one container, and then send the syslog messages of multiple other containers to that one. » read more...
When they start using Docker, people often ask: “How do I get inside my containers?” and other people will tell them “Run an SSH server in your containers!” but that’s a very bad practice. We will see why it’s wrong, and what you should do instead. » read more...
If you build a lot of containers, and have a not-so-fast internet link, you might be spending a lot of time waiting for packages to download. It would be nice if all those downloads could be automatically cached, without tweaking your Dockerfiles, right? » read more...
If you upgraded your Docker installation to 0.9, you are now
using libcontainer to run your containers. And if you were
using lxc-attach
, you probably noticed that it doesn’t work
anymore. Here are two ways to recover the “attach” feature
with Docker containers.
»
read more...
If you’re using Docker on CentOS, RHEL, Fedora, or any other distro that doesn’t ship by default with AUFS support, you are probably using the Device Mapper storage plugin. By default, this plugin will store all your containers in a 100 GB sparse file, and each container will be limited to 10 GB. This article will explain how you can change that limit, and move container storage to a dedicated partition or LVM volume. » read more...
When you want to install a new machine, or boot in rescue mode, the usual method is to boot from a CD or USB stick. But virtually all modern computers with an Ethernet interface can also boot from the network. Here is how to setup a boot server super easily, by running it in a Docker container. » read more...
There are many ways to handle Python app dependencies with Docker. Here is an overview of the most common ones – with a twist. » read more...
Earlier this month, I attended the first Flynn meet-up in San Francisco, where the project was presented by its authors. Here’s what I have to say about it. » read more...
To help @EstelleDeau to refactor some code, I had a look at introspection and reflection features in IDL. It is a really weird language (especially when my primary languages are now Python and Go), but it was a fun ride. » read more...
A mimosa is half a mosa. A sesquimosa is one mosa and a half. If you like mimosas, you might like this beverage thrice as much :-) » read more...
By default, the Docker API is exposed over a local UNIX socket. If you want to control Docker from a remote host, you can configure Docker to expose its API over a TCP socket instead. However, Docker itself doesn’t implement authentication. We will see here how we can use SSL certificate authentication to encrypt and authenticate the Docker API. » read more...
A recurring question on the Docker mailing list and on the Docker IRC channel is “how can I change the network range used by Docker?”. While Docker itself doesn’t have a configuration option to change this network range (yet!), it is very easy to change it, and here is how. » read more...
Linux Containers rely on control groups which not only track groups of processes, but also expose a lot of metrics about CPU, memory, and block I/O usage. We will see how to access those metrics, and how to obtain network usage metrics as well. This is relevant for “pure” LXC containers, as well as for Docker containers. » read more...
When you install (or upgrade) a service, the package manager will try to
start (or restart) this service. If you are working on a normal server,
this is usually what you want. But if you are inside a chroot
environment,
or maintaining some kind of golden image, you don’t want to start services.
If you are using Debian/Ubuntu-based distros, there is a super easy way
to solve the problem: the /usr/sbin/policy-rc.d
script.
»
read more...
Gunsub means “GitHub Unsubscribe”. It lets you be aware of everything happening in a given Github repository (through GitHub’s e-mail notifications), without getting too much spam. It lets the first notification go through, then automatically unsubscribes you from further messages in the same thread (unless you comment or are mentioned in the thread). » read more...
This is the blog I should have setup 15 years ago. Here I will talk about cool hacks, cooking, cocktails, books I’ve read (or sometimes I haven’t), linguistics… And I decided to use Jekyll to run it. » read more...
This work by Jérôme Petazzoni is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.