latest posts

  • Producing a Software Bill of Materials the Easy Way

    A Software Bill of Materials, aka an SBOM, is a key component in software supply chain security. SBOMs are really just a fancy term for a nested list of all of the dependencies that make up a piece of software. There are a number of different utilities that can generate SBOMs for container images after the fact, but I like to get them for free without doing any additional work. That's where Cloud Native Buildpacks come in.

  • Installing Folding at Home on a Raspberry Pi

    Back when I was a kid I used to run Folding@Home on our old family computer -- a silver Gateway tower with a 1.8 GHz Pentium 4. I'm not sure how I found out about it, but I remember being inordinately excited by the prospect of contributing CPU cycles to simulate protein folding and help discover cures for cancer and other diseases. Today, you can buy a quad core Raspberry Pi that is more powerful than that Gateway for $35. Let's have some fun and see how well it can fold proteins!

  • Capturing Network Traffic from a Kubernetes Pod with Ephemeral Debug Containers

    The other day I had a situation where I needed to debug network traffic between an app and its sidecar proxy. The app was using a minimal distroless container image and didn't have easy access to tcpdump. Fortunately, newer versions of Kubernetes have alpha support for ephemeral debug containers which allow us to spin up temporary containers (with debug tools) inside a running pod! In this post we'll see how we can use ephemeral containers and tcpdump to capture network traffic from a running pod.

  • Public Routing to a Private Kubernetes Cluster

    For personal projects and hacking around on Kubernetes, I'm a fan of inexpensive managed clusters. For about ten bucks a month, I can spin up a small single-node cluster and hit the ground running. Unfortunately, with these small clusters you only get about a gig of usable RAM and a single vCPU at best. If you want more, prices quickly climb. At home, I've got a pretty decent Linux box with 12 vCPU and 48G of RAM that I've lovingly named `tomorrowlan`. A similar configuration on Digital Ocean would run about $240 a month! When I'm messing around on personal projects, I really don't care about resiliency or production worthiness. It would be awesome to use my existing hardware while retaining the ability to share what I've built with others on the wider internet. Thanks to a handful of open-source tools, I can make this dream a reality. With Inlets, Contour, KinD, and external-dns, I can easily spin up new clusters and get them externally routable within seconds.

    , updated
  • The Great Raspberry Pi Cooling Bake-Off

    Why is my Raspberry Pi 4 running so hot? You may know you need something to cool it down, but what? In this post we compare the performance of various Raspberry Pi coolers. All the way from the humble heatsink to a massive cooling tower complete with RGB fans.

    , updated
  • Save Money and Skip the Kubernetes Load Balancer

    LoadBalancer Services are super convenient. Create one and your cloud provider will provision a new cloud load balancer, external IP address, and firewall rules to make your workload reachable to the world. They also come with a cost. In this post I'll show how you can save money by skipping the load balancer for your development clusters. We'll see how with a few minor tweaks we can route traffic with an Ingress Controller and plain old fashioned DNS.

  • Using kbld to Rapidly Iterate on Kubernetes Deployed Apps

    When creating applications that extend or interact with Kubernetes, there are times when it's necessary to deploy and develop against a real K8s cluster. While Kubernetes makes it trivial to apply and roll out new changes, the building and pushing new dev Docker images for your application can be a rigamarole. On top of that, you also have to remember to configure the imagePullPolicyfor your containers to Always. Fortunately, there is a tool that can help solve all of these problems: kbld. The kbld CLI (pronounced "k build") assists with all things around image building and pushing for Kubernetes.

  • Leaving Breadcrumbs

    This post is going to be a bit meta. I'm going to write a bit about why I take notes publically and, to a lesser extent, blog in general. I started posting to this blog six years ago for kind of a lame reason. I had purchased the `` domain name and had no clue what to do with it! My earliest content is reflective of that lack of intentionality. Nowadays, I primarily write for three reasons: to cement my own understanding of a subject, to create content where there is none, and to leave digital breadcrumbs for myself and others to find in the future.

  • Desired State Versus Actual State in Kubernetes

    It was once acceptable — and even expected — for web services to go down for maintenance or when under heavy load. Today, however, services are measured in the number of nines of availability they provide. A single server no longer cuts it. One way to achieve higher availability is by running countless copies, or replicas, of our services across geographies. Now, though, we've got ourselves a distributed system to wrangle! In this post we touch on the CAP theorem and the concept of Desired vs Actual State in distributed systems.

  • 2020 Goals

    When it comes to goals and self-improvement, I have a nasty habit of being over-ambitious and over-committing myself -- as evidenced by the piles of technical books and unused yoga equipment cluttering my apartment. In this post I describe what goals, both technical and otherwise, that I will focus on for 2020.