It helps standardize:
- deployments of containers
- health checks
- cron jobs
- load balancing
What is the "old way" of doing things? Once you have K8S, the extensibility feature kicks in to address issues such as:
- Encrypted comms between pods
- Rotating short lived certificates
I don't love K8S. #!/bin/sh
set -e
if [ -n "$VERBOSE" ]; then
set -x
fi
if [ "$1" = "--show" ] && [ $2 = "twitter" ]; then
echo "https://twitter.com/teaxyz_"
elif [ -n "$1" ]; then
# Hi, I know you’re excited but genuinely, pls wait for release
# I added this so I can do CI :/
case $(uname) in
Darwin) suffix=macOS-aarch64;;
Linux) suffix=linux-x86-64;;
*)
echo "unsupported OS or architecture" >&2
exit 1;;
esac
if [ "$1" = "brew" ]; then
d="$HOME"/.tea/bin
mkdir -p "$d"
curl https://tea.xyz/dist/tea-$suffix -o "$d"/tea
echo "$d" >> $GITHUB_PATH
else
mkdir opt
curl https://tea.xyz/dist/tea-$suffix -o ./opt/tea
chmod u+x ./opt/tea
shift
./opt/tea "$@"
fi
else
echo
echo "418 I’m a teapot"
echo
echo "thanks for your interest in tea."
echo "alas, we’re not quite ready to serve you yet."
echo
echo "while you wait why not follow us on Twitter:"
echo
echo ' open $(sh <(curl tea.xyz) --show twitter)'
echo
fi If you’re a very security-minded individual (or you use your computer for very sensitive tasks), before using Incoggo you may want to be aware that the application does the following:
Upon installation, Incoggo adds a file to your system’s sudoers.d folder that whitelists specific commands from requiring a sudo password to perform. (This allows Incoggo to manage your system proxy settings, kill certain processes on shutdown / restart, and perform tasks related to Incoggo’s auto-updating feature without requiring that a sudo password be prompted each time.)
Incoggo loads external Javascript files when you visit specific domains (i.e. those we filter paywalls / clear cookies on / clear storage on / etc.).
Incoggo overwrites a few system defaults (re: open page / process limits) at runtime for performance reasons.
Upon installation, Incoggo also installs a trusted root certificate in your system keystore. This is required for Incoggo’s advanced filtering functionality to work (unlike the issues above – which we intend to clean up shortly – this one is a hard requirement for the app to work). ... one might think implementing OAuth sign up is relatively trivial; after all, you just need to write a fetch request that redirects the user to the OAuth page, then another request that sends their email to the newsletter service of choice to sign them up. Well, the issue is that in order to do the second step of that process, one needs to hit an API endpoint that requires authentication (an API key). That is essentially a password and not something you want to expose on the front end and give everyone access to.
The OAuth Authorization Code Flow with Proof Key for Code Exchange (PKCE) solves this problem without needing a worker.
https://docs.aws.amazon.com/bedrock/latest/userguide/bedrock...