GoCD

I've installed GoCD into my Kubernetes cluster over this weekend, the system came with some high praise from a new coworker, initial thoughts were positive, it looks ok and install instructions via a Helm chart into Kubernetes were easy enough to follow, though a number of problems arise from the install process. The most severe of which involves open access to all users. By default the containers spin up a sample project and leaves everything open, including the configuration of an ingress endpoint that goes ahead and provisions an IP address in cloud services like GCP. Essentially allowing anyone to create pipelines in the cluster.

  • The GoCD chart provides no easily understood way to add users, default or otherwise to the system.

  • In order to checkout private Github code, an SSH key must be generated for the GoCD server/clients and added to Github in order to pull code. This was then configured on host and workers as private key to facilitate this communication.

  • The default user system, which is none at all, gives full access to everyone visiting from the outside. This is a really bad idea, especially when the chart installs a load balancer by default.

  • Adding a user is a manual process that involved creating a file within a pod with the users credentials. This login is one of two types I tried to get working with GoCD, the other was LDAP using my Synology as server. This turned out to get into a weird state where no user could log in because a user needs to be known before they can log in, thus leading back to the file based user accounts.

  • There is no easy way to deploy to kubernetes, not installed by the chart, a Cluster Role needs to be added to an appropriate service account to grant deployment access, and no container came with kubectl to use it properly, instead a call has to be made to the kubernetes RESTful API to deploy.

To take inspiration from a system I actually think is awesome: Google Cloud Build still feels simpler, but being an external system I would have to jump through some hoops in order to get it to talk to my cluster since I don't export those ports to the internet at large.

Pipeline steps is defined in code and executed within given container images or building their own container from scratch is a great idea but what I really feel I need by this point is the ease to deploy to Kubernetes wrapped with these containers, as currently these things feel a little obtuse.

Onwards and upwards

It is easy to stress in times of change, but remember always that as you shed the tattered remains of the old that you are stepping into new clothes. Embracing change is never easy, but as you grow in life change is inevitable.

I have taken the bold new steps forward into my new home, a fine apartment with plenty of new space into which to grow, it is certainly a step up from a dorm room that really should be no more than a sleeping spot. However being the creature of the internet that I ultimately am it was also the place where I spent most of my time. Moving to new digs is probably not going to change that fact, but with more space that I can call my own I am hoping to expand beyond my four walls into the space of the other rooms. My rooms. My kitchen. Responsibilities that I am inexperienced in handling. At last it is time to learn for real.

One bump on this road to perfection is the delay at which it takes a man with the very physical duty of bringing me the much needed internet. With an estimate as vague and long as three to four weeks, I fret for my mobile broadband limits which is an absurd 15~ish gigabytes of data; I mean, cute cuddly animal pictures, err.. dragons and other weirdness that I come across on my daily journies.

It is also time to address the fact that I have not been making several dozens of posts as I promised myself I would, truly a grave injustice. I am lazy as fuck. Projects stay thoughts and any desire to practice and grow quickly turn into a dozen more cute animal picture views and less to none practice. I am disappointed in these aspects of my personality that allow this to go on.

Broadly sweeping HTTPS

It has been a long time coming, but I am enacting HTTPS across all of the stormweyr sites and services, at the time of writing this is not yet complete. With LetsEncrypt it has never been easier to acquire certificates. And without bullshit restrictions and costly additions either.

It is important to note that these certificates guarantee only that trafic that came from a server with the stormweyr.dk/stormweyr.com certificate has been delivered to you, the reader, without a third party being able to feasibly intercept or decode anything usable. Of course, these silly posts provide nothing worth intercepting in the first place.

2014 Christmas

Some time in the middle of december, the courses are all coming to a close. The compiler is working perfectly, and despite being hard hard work, I wish only that we continue on the more advanced topics of compiler design.

I will write a few more times before the winter solstice but I may as well wish all readers happy holidays, at present that is probably only those who will read this in the distant future.

At present I am beginning to think more about my own projects, as the importance of reading for exams grows, so does the interest and desire to work on anything else. I can only reach the conclusion that my brain is wired in a really dumb way, unfortunately, bugfixes in this realm is something that I believe to be beyond me still even though I would relish the chance to view and modify the codebase for my own brain.

Compilers

We've finally finished the compiler, it reads toy tiger language files and emits a functioning x86 assembly language file without any optimization, garbage collection or other fancy magic. Despite every instruction doing about twenty pointless moves back and forth between memory and registers it still feels fast, of course we're not doing things more complicated than simple maths anyway.

It has been a long and arduous process, and I hope only that I can do well at the exam, I know I've certainly coded the project with much needed encouragement from the team who in turn handled the reporting and investigative aspects of the project.

Sleepy Days

Wrecking your sleep schedule with long days of sitting at your project trying to meet the upcoming deadline is a terrible terrible thing. On the plus side, you get the project done, but on the negative, you spend the next two weeks hazily trying to catch back up to all that sleep you missed out on.

The dOvs saga continues, when battling the sleepy demons and heinous bugs that pour from the battered corpse of what appears to be a compiler, the end is in sight. We are hoping to finish up by emitting a horrible mess of assembly for the GAS compiler to finish up, translating the stuff directly to machine code.

dOvs2014 - IR Generation

Together with Semantic Analysis, the Intermediate Representation represents one of the harder tasks offered by the compiler course. If you're visiting from another university, you probably won't enjoy the course too much. You will be spending your time productively thinking about some terrible arbitrary obsolete programming language that nobody in their right mind would ever use.

It is amazing how little it takes to push you over the edge when you sit trying to write test cases during the twenty hour working stint, I made the mistake of eating a little too much breakfast, and needed a few hours of sleep just before finishing up the project.

Getting things done

The second of these posts may as well detail the efforts involved in migrating from an old old apache webserver and moving on over to nginx, such that I too may claim experience and faster serving of my currently very limited content. In doing so I migrated my python scripts which were earlier running on mod_wsgi for apache onto the dedicated uwsgi servers, I'm still getting to terms with how this all works, but I am hopeful that there won't be many issues.

One of the projects that I am now writing is a python event service passing messages through an event queue like Rabbit and out via Server Sent Events to web pages I am hosting. This is one of the steps that I am performing in modernizing the domain and exposing as many services through port 80/443 as I possibly can.

HTTPS will follow soon, maybe the site will be all HTTPS too, we will see.

Recharging

First post, well on the new system anyway. The general idea is that I will be making a post roughly on fridays, resulting in no less than 52 posts a year.

The purpose is to get into the groove of writing. But also to get my head in order by creating externalizations (these posts) of what I have been doing the past week.