Posts

Every few months, someone posts about how painfully slow TRAMP is. And honestly, they’re not wrong (opening a remote file and waiting for that modeline to stop spinning is one of those small frustrations that add up). So when two new projects showed up promising to fix this, I got curious. tramp-rpc uses a Rust server speaking MessagePack-RPC, flit.el uses a Go server with JSON-RPC. Both claim significant speedups. I decided to actually measure it. ...

It’s been a few months since I started using Guix as the Operating System of my personal laptop. I’m found of how easy it is to enable some services or install packages. Now that I’ve become more familiar with Guile as a programming language, I took some time to deploy a Virtual Machine in OpenStack (through the Public Cloud offering of OVHcloud), and used guix deploy to manage this VM. This post summarize my experience doing so. ...

In Kubernetes, NodePort allows external traffic to access services via a specific port range, typically 30000-32767. But while starting at port 30000 makes sense because Kubernetes does not want to conflict with other ports of the host, I wondered why Kubernetes supports only 2767 NodePorts by default. After digging a little bit, I found that the value 32767 represents the maximum for a 15-bit unsigned integer. Limiting the range to 32767 was therefore chosen to ensure the compatibility with systems that may treat ports as signed integers. This prevents potential issues in networking software. ...

My daily job requires me to maintain multiple Helm Charts released to multiple Kubernetes Clusters. I’ve encountered mutiple limitations with Helm. The Go templating engine sometimes is not enough. The only functions available to Chart Helm maintainers have been added explicitely. You cannot add custom ones easily. The values.yaml file is great at reducing the interface between the Helm Chart maintainer and the users, but when an option is missing, the only ways are to fork or contribute a pull request, and this lead to complex values.yaml Chart like those of bitnami (1427 lines): https://github.com/bitnami/charts/blob/main/bitnami/argo-workflows/values.yaml. ...

This post discusses about the limit of Prometheus crawlers when a software exposes too much metrics, and provides a solution to limit the number of metrics exported by Softwares that cannot be modified. Sometimes you’re just crawling too much The number of metrics exported on the /metrics endpoint of a Software can impact the performances of Prometheus crawlers. There is at least two ways crawlers could fail to fetch metrics for a software. ...

Kubernetes clusters rarely come alone. If you have access to at least one, in no time you’ll need to switch your kubectl context to access other clusters. But what if you need to access two clusters simultaneously? This is a problem I had multiple times per week (even per day) for a few months. When comparing two Kubernetes clusters, if often had to switch the kubectl context between each command. ...

Kube State Metrics is a service that listen to the Kubernetes API server and generates metrics about the state of the resources (Pods, Deployments, Namespaces…). The metrics are exported on the HTTP endpoint /metrics on the listening port (default 8080). They are served as plaintext and can be crawled directly by Prometheus. For each Kubernetes resource, some metrics are available. For Pods for instance, the metrics listed in this file are available. This includes kube_pod_info and kube_pod_status_phase. ...

One of the challenges of using Docker is that images can often be quite large, especially for interpreted languages. Large Docker images increase pull time and disk space usage, making it difficult to manage and deploy applications. In this article, we’ll take a look at a tool called “dive” that can help to optimize the size of Docker images. Dive is a command-line tool that allows users to analyze the addition of each layer to the filesystem of a Docker image. This information can be used to identify unused or unnecessary files, which can then be removed to reduce the size of the image. Let’s take a look at how I used dive to optimize the size of the Docker image for the open-source web scanner Wapiti. ...

Dans la partie précédente, j’ai créé une paire de clé GPG primaire sur un trousseau temporaire, puis 3 clés secondaires pour chaque usage : signer, chiffrer et authentifier. Je peux maintenant sauvegarder la clé primaire sur un support physique déconnecté d’internet et transférer les clés secondaires sur le trousseau système. En cas de maintenance sur les clés secondaires, comme une extension de leur durée de validité ou encore leur renouvellement, il sera nécessaire d’utiliser la clé principale, et nous allons voir comment le faire. ...

Les outils pour créer des clés GPG existent depuis une vingtaine d’années maintenant, et pourtant la gestion des clés est toujours aussi rugueuse. Dans cet article je vais essayer de résumer tout ce que j’ai compris et mis en place pour respecter les Best Practices. Pour résumer, après avoir configurer GPG, je vais créer une clé primaire, 3 sous-clés spécifiques à chaque usage puis la clé primaire sera sauvegardée sur un support offline et retirée du trousseau. ...