Share this page!

K10g Profile picture
Twitter logo
27 Oct, 4 tweets, 1 min read
Has anyone yet written a compiler that will allow me to bundle bash with a makefile entrypoint into a distributable binary?
Oh right, Docker.
Wait wait...
Is there a self-executable docker image format yet?

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with K10g

K10g Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @KarlKFI

K10g Profile picture
28 Oct
Having put some time into #Kustomize now, I think it's probably a better solution than Helm for building permutations of configs for multiple clusters and environment.

It also makes it easier to integrate upstream config changes, because you're just applying patches/mixins.
Plus, you can also just render Helm charts with default values, and then apply Kustomizations afterwards. So you can still take advantage of published Helm charts, as long as they're just templating and don't use the advanced features like hooks.
Helm tries to replicate the “apt get” package management experience, but as you may recall, that doesn’t work very well in the cloud. That’s why Config Management exists.
Read 6 tweets
K10g Profile picture
1 Jan 19
I’m fairly convinced that hard multi-tenancy within a single k8s cluster is a use case it wasn’t designed for.
The harder I try to reduce the blast radius of potentially compromised service components, the harder it becomes to justify the effort.
Even best in class hosted k8s distributions are insecure out of the box. Wide open network policy, privileged mode required to deploy security daemons, unrestricted host volume mounting, BYO RBAC config, default public nodes, SSH enabled, unrestricted kubectl exec, etc.
Read 4 tweets
K10g Profile picture
20 Dec 18
#Spinnaker may be popular, but it has HUGE hidden cost when using with/on #Kubernetes.
1. The primitives are all IaaS-based
2. Many config changes require admin management and halyard reboot, meaning you need continuous deployment for your continuous deployment
3. There’s no abstraction for container platform in spinnaker, so you have to have a new “account” per k8s
4. There’s no namespace abstraction in Spinnaker, so you need a new account for each cluster+namespace permutation.
5. If you use RBAC in K8s, you have to synchronize Spinnaker permissions manually or write a tool.
6. The usability cliff to use Spinnaker is multiplicative when combined with the usability cliff of K8s, making onboarding new team members a nightmare.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @KarlKFI