29/09/2024

On Kubernetes

Recently I had a nice discussion on a forum on Kubernetes, for me the topic was crystal clear since the first time I used it and understood a little bit about it, but sometimes this discussion repeats on the web, so I decided to save here my thoughts on this, so I can copy and paste it in the future to save some time…


I have to be honest, my experience with K8s always been the 2nd image…

When I first came in contact with K8s my first impression was: “this is a fantastic tool to solve a problem… that almost nobody has”.

Now after two years working as a sysadmin in a company extremely involved in K8s, where I learned, teached, installed, configured, fixed countless K8s cluster my conclusion is: “this is a fantastic tool to solve a problem… that almost nobody has”.

At the end of the day, despite all the buzzwords the main reason to use K8s is scalability, horizontal scalability, there are no other advantages.

Some people thinks the main advantage is the declarative approach to infrastructure, but I disagree; first of all K8s does not force you to use a declarative approach, you can do everything with an imperative approach (kubect create bla bla bla… instead of using manifests).
On the other hand also docker (with docker-compose) can do the same, so why use a more complex tool (K8s, which is much more complex) to get the same result?

No K8s approach, its objects, its object relations everything is built with one purpose: scalability.

But honestly who cares about scalability?

If you’re a Facebook or Amazon or Microsoft of Google obviously it’s important and necessary.
If you’re a big campus lab with thousands of services or the Cern datacenter or other examples like that it’s important and almost necessary.

But even if you’re a big company honestly nobody gives a damn about scalability from a technical point of view.

Ok HA is important, maybe distribute load on a couple of nodes makes things easier for maintenance, but in most of the case if you plan a good maintenance window and announce it correctly to your users nobody cares.

On top of that scalability works well with stateless applications, but in reality in my experience (25 years in the IT industry) stateless applications are the exception, the vast majority of applications are stateful, so it’s not that simple to scale up and make everything work ok, you have to deal with a lot of details (persistent data, sticky sessions, concurrency and so on…).

So what’s the end result in so many companies?

K8s cluster everywhere (in a lot of case single node “clusters”) requested by some manager who don’t understand a thing about them, installed by some consultant company, completely abandoned and managed by nobody, with a couple of applications made with statefulsets or deployments with only one replica.

Logging management is a pain in the a$$, backups are a paint in the a$$, and everybody hopes it will run forever because nobody in the company knows how to deal with problems, exceptions, certificates expirations and so on…

The very opposite of the basic principle that should be applied in the IT, the KISS principle.

02/03/2024

Using KeeAgent with Cygwin OpenSSH

As I said in the previous post I’m in love with Cygwin… but I’m also in love with Keepass… and I also live with ssh… so how to make my life easier?

The answer is simple: KeeAgent

KeeAgent is a Keepass plugin that can work as a ssh agent, in this way:

  1. you can save you ssh private keys in a safe and encrypted Keepass database –> NO MORE PRIVATE KEYS ON FILESYSTEM
  2. you don’t have to deal with ssh private keys passphrases, because they’re stored in the Keepass entries where you’ll save private keys –> NO MORE UNENCRYPTED PRIVATE KEYS
  3. you can easily retrieve public keys to authorize hosts access without searching like a hound on your filesystem, in a couple of clicks KeeAgent will provide them

Apparently the setup of all this thing may seem complex, in reality it’s quite simple:

  1. download and install KeeAgent from https://github.com/dlech/KeeAgent/releases
  2. in KeeAgent options (Tools -> Options -> KeeAgent) put this string into “Cygwin/MSYS Integration” Path
    %UserProfile%/.keeagent.sock
  3. restart Keepass and check if there’s the file .keeagent.sock in your home and it’s a socket file
    file ~/.keeagent.sock
  4. export SSH_AUTH_SOCK variable and put it on your .bashrc file, the value of the variable should be the path of the socket file you set at the point number 2.
    echo "export SSH_AUTH_SOCK=~/.keeagent.sock" >> ~/.bashrc
  5. make sure you have installed Cygwin OpenSSH and you’re not using Windows ssh

The setup is complete, now you only have to create key entries in your Keepass database, attach private key files, fill the password field and enable those entries to be loaded with KeeAgent.

For more details check the super clear KeeAgent documentation.

17/02/2024

Windows home as Cygwin home

Working as a GNU/Linux sysadmin means working all day long on a terminal, it doesn’t matter if you’re dealing with a server, a container or a Kubernetes cluster, and for me terminal means Cygwin.

Microsoft made huge changes since Windows 10 to make it easy to work with GNU/Linux on a Windows workstation, think about OpenSSH available by default or WSL, but for me Cygwin is still the 1st choice, no virtualization, no  WSL network issues, (almost) all the GNU/Linux utils available, fast and native to Windows.

But sometimes having two home directories (one for Cygwin, one for your Windows user) is not convenient at all… but there’s a solution for that, it’s easy and it’s fast and do not involve any workaround or symlinks, you can tell Cygwin to use the Windows home directory as a Cygwin home.

For doing it you simply have to edit the /etc/nsswitch.conf file and change the db_home variable, using as value “/%H”, here’s the result:

tas@tas ~
$ grep ^db_home /etc/nsswitch.conf
db_home: /%H

The next terminal you’ll open will have its home into “C:\Users\<user>” or if you are a Cygwin lover “/cygdrive/c/Users/<user>” ;)

31/03/2021

Windows Server reboot log

Windows Even Log is PITA, it always has been, It will always be…
Today I had an alert about an unexpected reboot from one of the few Windows Servers I have and I want to find why it happened and who did it.
Everytime I try to search something in the Even Log I want to cry, it’s one the most time consuming and painful activities I can think about…

But today I found a nice Powershell command that will sort this out in no time… or at least the time taken by the system to search inside the damn Event Log, which usually is quite long…

Get-EventLog -LogName System |? {$_.EventID -in (6005,6006,6008,6009,1074,1076)} | ft TimeGenerated,EventId,Message -AutoSize –wrap

I hope this will come handy