HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jonenst

no profile record

comments

jonenst
·2 bulan yang lalu·discuss
I wonder how the legal battle will develop : the trademark https://data.inpi.fr/marques/FR5133202 is France only I think ? So a Paris resident infringed upon by a NYC resident, with content on github and also a website registered with godaddy (according to whois) and using cloudflare dns servers. Good luck sorting everything out. Although maybe the relative fame of the project will act as a lubricant/privilege in this case ? (IANAL but if this case is as obvious as it looks, speed would be good. And ideally it would be fast for any such case, not just the famous ones)
jonenst
·tahun lalu·discuss
Since they had the reconciliation system because they decided the main use case was declarative, it makes sense that they used it to implement kubectl run. But they could have done it differently.

Imagine if pods couldn't reach other and you had to specify all networks and networking rules.

Or imagine that once you created a container you had to manually schedule it on a node. And when the node or pod crashes you have to manually schedule it somewhere else.
jonenst
·tahun lalu·discuss
To me the core of k8s is pod scheduling on nodes, networking ingress (e.g. nodeport service), networking between pods (everything addressable directly), and colocated containers inside pods.

Declarative reconciliation is (very) nice but not irreplaceable (and actually not mandatory, e.g. kubectl run xyz)
jonenst
·tahun lalu·discuss
What about kustomize and kpt ? I'm using them (instead of helm) but but:

* kpt is still not 1.0

* both kustomize and kpt require complex setups to programatically generate configs (even for simple things like replicas = replicasx2)
jonenst
·tahun lalu·discuss
I'm surprised the author doesn't mention environment secrets, which I think currently are the only way to avoid that anyone with push access to any repo also gets full access to all secrets (by pushing a new workflow file and triggering it). This makes org and repo secrets practically useless for any team where only admins or maintainers should have access to secrets.
jonenst
·tahun lalu·discuss
Neither Branch Protection nor the newer Rulesets allow to protect secrets from someone with push acces to the repo. From what I understand, only environment secrets provide this feature (and have the drawback that you can't share them among multiple repos in the same org without copying them everywhere, although you can script the copying with the github api)
jonenst
·2 tahun yang lalu·discuss
Duplicate of

https://news.ycombinator.com/item?id=41902873

https://news.ycombinator.com/item?id=41902808
jonenst
·2 tahun yang lalu·discuss
The factory must grow, to infinity and beyond !