HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ryanjkirk

no profile record

comments

ryanjkirk
·vor 4 Jahren·discuss
You definitely shouldn't be storing logs on giant PVCs; they should be injested into a log aggregator.
ryanjkirk
·vor 4 Jahren·discuss
"For Basecamp, we take a somewhat different path. We are on record about our feelings about sharding. We prefer to use hardware to scale our databases as long as we can, in order to defer the complexity that is involved in partitioning them as long as possible — with any luck, indefinitely."

— Mark Imbriaco, 37Signals

These quotes are from 2009 and 2010, and yet here most of us are in 2022, having learned the lesson the hard way over the last decade that there is no refuting this simple logic. I'll add my own truism: All else being equal, designing and maintaining simpler systems will always cost less than complex ones.

quote references:

https://signalvnoise.com/posts/2479-nuts-bolts-database-serv... http://37signals.com/svn/posts/1509-mr-moore-gets-to-punt-on...
ryanjkirk
·vor 4 Jahren·discuss
You're half right. The "bre" e is pronounced like pen or bed, not bray.
ryanjkirk
·vor 4 Jahren·discuss
It's not.
ryanjkirk
·vor 4 Jahren·discuss
I'd be incredibly grateful if someone could break this down for me.
ryanjkirk
·vor 4 Jahren·discuss
Are you from 2018? Everyone running OpenShift is using CRI-O and that footprint is not small. We made the switch in our EKS and vanilla k8s clusters in 2021. Docker has now even made their API OCI-compliant in order to not be left behind. And the point is that most people don't want a docker feature-for-feature running in prod. The attack surface is simply too large. I don't need an API server running as root on all my container hosts.

Use docker on your laptop, sure. Its time in prod is over.
ryanjkirk
·vor 4 Jahren·discuss
Docker is heavier (and more dangerous) because of dockerd, the management and api daemon that runs as root. Actual process isolation is handled by cgroup controls which are already built into the kernel and have been for years. You can apply them to any process, not just docker ones.

However, Docker is essentially dead; the future is CRI-O or something similar which has no daemon and runs as an unprivileged user. And you still get the flexibility and process isolation, but with more security.
ryanjkirk
·vor 4 Jahren·discuss
Up until recently, I was the steward of a large, distributed, and profitable app that used no containers. The infrastructure was managed with packages and puppet, and it worked well.
ryanjkirk
·vor 4 Jahren·discuss
Folders work perfectly in a pure hierarchical taxonomy. Many classifications defy this rigid of a structure, however. For example:

Widget 1: it is A and B but not C, so tag it with A and B.

Widget 2: it is A and B and C, so tag it A, B, and C.

Widget 3: it is B only, so tag it B.

That is pretty simple, but you couldn't represent that in a folder system without permutation folders, meaning you now have folder sprawl, making things harder to find.

This is how servers and ec2s are for almost everyone. Billing codes, environments, teams, business units, etc. A folder taxonomy to replace ec2 tags would be a nightmare.
ryanjkirk
·vor 4 Jahren·discuss
That would be a hard link, though they can't cross filesystem boundaries.
ryanjkirk
·vor 4 Jahren·discuss
Our current CloudFormation pipeline template is over 5,000 lines of yaml. That's probably on the high-end, but based on your statements, it sounds like you haven't seen a corporate cloud footprint.
ryanjkirk
·vor 4 Jahren·discuss
I worked at a company that had Target and other Fortune 500 retailers as clients, and we had very strict SLAs with financial penalties if we broke them. There was absolutely the possibility that we could have ended up our clients more than they paid us.
ryanjkirk
·vor 4 Jahren·discuss
>cloud is no panacea

That is the subtitle of this article I wrote last month - https://medium.com/@rykrk/everything-is-just-build-vs-buy-d7...

I note that the grandparent's premise for a catastrophe is that everything in a datacenter must necessarily be poorly configured. To that, I ask: how many corporate cloud footprints have they looked at?
ryanjkirk
·vor 4 Jahren·discuss
Yes, TCO can be higher, depending where you are on the curve of capex, amortization, and staffing costs. Don't forget you still need at least Developers, DevOps, and Security. If you're inefficient at cloud, spinning up ec2s left and right, using a lot of egress, storing a lot of hot/live data, your total cost is much higher, and will easily be more than the salary of that one sysadmin, or team of systems engineers, you would pay to maintain the colo space.

You have to do a lot of things right to get that Cloud Value, as the author of this blog post has shown. You have to do a lot of things right to get value out of on-prem bare metal as well, but those things are generally well-known, standardized, have less moving parts, and people with decades of experience and knowledge of best practices. The opposite of the current cloud landscape.

TCO is not a straight line.
ryanjkirk
·vor 4 Jahren·discuss
You're correct on staffing savings, but not on Ops savings.

I delved into this pretty thoroughly last month - https://medium.com/@rykrk/everything-is-just-build-vs-buy-d7...