Seriously though, I think that "fluent" interfaces are being re-branded as "monadic" -- I assume because you're creating or piping around bound state and unwrapping/re-wrapping it with the various constructs.
The Thanos query nodes have the same interface as Prometheus itself, including the web UI (with a few small changes), so you can just use the same Prometheus plugin pointed at Thanos.
Anyone working on K8s at Box or I guess anywhere else that has deployed it partially feel free to answer this, but:
How do you handle gatewaying traffic into Kubernetes from non-K8s services? I've been trying to get a basic cluster out the door with one of our most stateless services, but I'm having a having a hard time just getting the traffic into it.
The mechanism I'm using is having a dedicated K8s nodes that don't run pods hold onto a floating IP to act as gateway routers into k8s. They run kube-proxy and flannel so they can get to the rest of things, but ksoftirqd processes are maxing CPU cores on relatively recent CPUs trying to handle about 2Gbps of traffic (2Mpps) which is a bit below the traffic level the non-k8s version of the service is handling. netfilter runs in softirq context, so I figure that's where the problem is.
Are you using Calico+BGP to get routes out to the other hosts? What about kube-proxy?
Our network setup is constantly evolving due to a number of internal networking limitations related to nearly static ip-addressing and network acls. I'll describe our current setup and then describe where we'd like to go. The big piece of context is that we already have a number of services already being managed via puppet and a smaller number of new and transitioned services in Kubernetes so we need to allow interop though a number of different mechanisms.
We are currently using Flannel for ip-per-pod addressability within our cluster. No services are communicating inside the cluster so they aren't using kube-proxy yet. For services outside the cluster talking into the cluster we are using a heavily modified (https://github.com/kubernetes/contrib/tree/master/service-lo...) which we have contributed back yet. It supports SNI and virtual hosts. And we get HA and throughput for the individual loadbalancers by using anycast.
We have a number of internal services outside the cluster slowly moving to SmartStack. So I assume we will be figuring out interop with that and running it as a sidecar at some point. We would like to move to calico as we have some fairly high throughput services running outside of the cluster which we need to avoid bottlenecking on a loadbalancer for. We have separate project running internally to move our network acls from network routers to every host via Calico.
Thank you for that answer, it's helpful. We've also been considering Calico but it seems like a fair bit of work and the project's pretty overdue as it is.
The K8s slack channel is pretty good for things like this.
You can either bind the container to a host port and register the ip of the node (or use the k8s dns or api to find the ips). Otherwise register a service with a nodeport and all the nodes will accept traffic and load balance internally.
You can get a list of ips from the DNS (instead of just the service ip), and I think that interacts appropriately with host ports.
We ran into the same ksoftirqd issue in our own bare-metal deployment. Turns out there's a performance regression in the linux kernel that manifests when we configured the system with more receive queues than we had physical cores in a single socket.
We dropped the receive queues down to 12, from 48, and hit line rate. More info here:
I don't work at Box. It has also been 6 months since I touched K8S, so a lot of details I have about K8S in working memory is gone. I'm also interested in the answers to the question you raised.
Off the top of my head:
Have you thought about putting flanneld on the machines hosting the non-K8s services? Probably impractical, but it's something to consider.
The other is to treat the services inside the cluster as if it is in a different datacenter and explicitly expose nodeports that the other services need. If you're using HTTP as the transport, maybe use an http proxy running inside the cluster and proxying them to the services within the cluster. That's how I did it with getting AWS ELB to talk to the services within the cluster I set up.
The trick with flanneld on our other hosts is that AFAICT there's no way to run flanneld as purely a "grab routes and install them" without having it get a totally unnecessary (and completely unused) subnet lease.
I have considered just writing a quicky daemon that will do just the work of syncing routes without getting a lease (or trying to modify flanneld to do so).
The service in this case is memcache with a bunch of mcrouter pods in front of it to handle failure and cold cache warming. I still need to get traffic to the mcrouter instances and that's where I'm running into the bottleneck.
Not the parent poster, but needing GPU isn't necessarily the same as having UI. You can use GPU for a variety of general purpose math (Example: mining bitcoins, or doing stuff like Folding@Home), or for offline rendering.
yes, I understand offline rendering. I'm looking into egl off screen rendering. But due to historical reason, the current gpu drivers (NVIDIA) need x server.
I can't find a news story about the incident I'm thinking of, but there are SEC regulations about the release of information to investors. You basically have to try to ensure that they all get the same data at the same time.
There was a case where material news was released on Twitter. It lead to SEC adjusting their regulation to allow for social media to be an official news outlet for material information so long as the company discloses that it is a source of information ahead of time.
One other point is that what you were referring to is not related to what OP was suggesting. You're talking about how the information is distributed. oP was referring to when it is distributed (too close to earnings).
I believe OP was wrong with regards to a restriction on when information can be released relative to earnings. Elon could have tweeted it a few days ago and it wouldn't have made a difference to the SEC in regards to the timing of the release.
ING Direct implemented read-only credentials for Mint, after fighting with them about access for months. (ING kept blocking Mint, and then Mint would find a way around it.)
I used a Norwegian friend's Spotify account for a bit, and I'm now using rdio. I don't see any significant difference between them, other than the client, which ... eh? Rdio works in my web browser, and it works on my phone. That's pretty much all I care about.
The only advantage an actual app could have is responding to my hardware play/pause/next buttons, I think.
