I work at HubSpot (on Kafka) and so I was a "user" of this migration because kafka uses Zookeeper for coordination. Its pretty amazing how convenient Kube services made this whole transition and we actually learned a lot from this that we will likely end up applying similar strategies for migrating other services onto Kube. Allowing kube services to point to either external resources or pods/internal ones is a probably the best feature I have found in Kube so far (and there are a lot of great features)
I have this exact setup (vault/consul/nomad + glusterfs and zerotier for networking) and its pretty awesome. Still dependent on letsencrypt for SSL certificates. It runs plex amazingly well (though I am using some machines which are probably overkill for this purpose), even with the data coming from a glusterfs drive. Most of my nomad tasks can just launch anywhere because of gluster.
For internal DNS at least, you can just use consul. I set up dnsmasq to forward to consul on all of my machines which is super convenient (esp when that DNS just points to a docker container ipv6 address on the zerotier network, not port remapping on networking insanity needed)
After a quick scroll-through I have a very similar setup. One thing to watch out for is that you really want to set up TLS and ACLs for Consul, Vault and Nomad as early as possible (maybe ACLs for nomad is not as critical to have in place from day one) - if you can avoid bootstrapping that on an already running cluster you save yourself a lot of head-scratching.
Integrating these three systems, with Terraform on top, is pretty time-consuming with all the policies and TLS certificates, but it seems pretty smooth to maintain after the initial setup.
I'm learning terraform/consul/nomad/vault as I build this thing, so I think the learning curve for me is extra painful compared to some of y'all.
The docs seem really good if everything is cloud-hosted and really nonexistent if you're running it all on your own metal.
I'm thinking I'll build out my test stack with vagrant. I can use Dropbox or Keybase or something similar to store and sync my terraform state if I need to. Any other hints or helpful readings?
Cheers, haven't checked out zerotier before.
I'm curious, do you run GlusterFS on nomad or standalone? Seems like it could work fine as raw_exec, but I'm not sure if that's a good idea or not.
kinda a late response (sorry) but I run it standalone, setup via ansible. I have ansible scripts that bootstrap everything "below" nomad so it sets up zerotier, then vault, then consul, then dnsmasq (pointing to consul) and then nomad. You could probably run gluster in nomad but given that I give most nomad tasks a gluster directory that feels odd.
The only thing I still need to figure out about this setup is that I currently use a single glusterfs volume for most of my nomad tasks, I would love to have a nomad integration that could provision and mount the gluster volume when I specify a volume for a docker task in nomad.
I think the generally accepted solution to this is to set the allowed origin dynamically (IIRC nginx can do this) by looking at the request host header on the options request. If the origin is in some allowed list then you return that origin in `Access-Control-Allow-Origin`
When I started reading this article I found myself a bit annoyed. The author was complaining and pointing out the fact that some tech companies do some crazy/inane stuff, while ignoring all of the positive things that comes out of tech. Plus, even the crazy/inane stuff can end up having positive impact or side effects!
At the end of the article, however, I was pleased to find that the author came to the same conclusion. Yes, tech can be weird, and it seems especially so to those outside of tech, but I strongly believe that in the long run all of this experimentation will be a good thing.
Why does being a good coder preclude code reviews? Even experts make mistakes and even when there are no mistakes an outside perspective can often be useful. People think in different ways and may have something to add even if you are all really good programmers.
The kind of mistakes that good programmers make are not normally caught in code reviews. That's pretty much the definition of a good programmer; their mistakes are rare and subtle.
> The kind of mistakes that good programmers make are not normally caught in code reviews. That's pretty much the definition of a good programmer; their mistakes are rare and subtle.
I think the opposite is true. Good programmers know where the risks of subtle bugs are, and will use the appropriate tools (e.g. good use of a decent type system, well documented code with well designed abstractions) to make completely sure they don't exist.
This just leaves simple stupid bugs in the parts of the code where any such bug will manifest itself quickly and obviously, exactly the kind of thing caught by code review.
Another way to put it would be: good programmers design their code in such a way that all bugs are catchable by code review.
> The kind of mistakes that good programmers make are not normally caught in code reviews. That's pretty much the definition of a good programmer; their mistakes are rare and subtle.
That's just arrogance. Good programmers make stupid mistakes all the time as well. It's the ability to recognize and fix such mistakes that separate "good" programmers from "normal" programmers and that's precisely where code review comes in.
you have to get used to get go's backwards type declaration. This is defining a method on h which is a byteHandler struct called serve which takes a http.ResponseWriter and Request and returns nothing.
This is from the http.Handler interface, so defining this method causes byteHandler to conform to the http.Handler interface.
byteHandler is not a struct it's a byte slice. This is actually somewhat important since it highlights a nice feature of go where you can declare methods on any baseType by aliasing them to your own type.
There is no struct involved here and there doesn't need to be which is nice.
I've found that when discussing Go, the terms `struct` and `type` are usually used interchangeably. Yes it's factually incorrect, but the message is at least intelligible.
I was at the hackathon for most of the weekend and people were working on some really great projects. I think this Keurig was definitely the most ambitious though!
