Twitter | Search | |
Clayton Coleman
Developer - Kubernetes and OpenShift
122
Tweets
5
Following
1,076
Followers
Tweets
Clayton Coleman Mar 17
It’s a tyranny of the extroverts! Interesting question is whether we could structure our process and community to reduce the requirement to be political/social humans just a bit. We’re way past Dunbar’s number here
Reply Retweet Like
Clayton Coleman Mar 17
Replying to @bgrant0607
Annotations are the single most valuable tool in kubernetes for layering. They provide easy stateful glue and inherit all our consistency guarantees. I find them easier than crds for many quick and fast integrations. Idea: something like CRD for annotations with tooling integ
Reply Retweet Like
Clayton Coleman Mar 17
How about 10m? That’s a much more normal interval and also encourages you to think about efficiency in your sync loop (which pays dividends at scale). Most of openshift controllers are at that and has saved bacon in prod (allowed user to limp along until we could fix)
Reply Retweet Like
Clayton Coleman Mar 17
What’s crazy as kube commit rate goes way down the meta rate has gone way up. And for me personally the meta (sig-arch, community building, cross sig negotiating) is way more stressful, and also easier to feel guilty about ignoring. “What, you don’t want to build community?”
Reply Retweet Like
Clayton Coleman Mar 1
Replying to @pjc_nc @derekwaynecarr
Not yet. Focus for right now is making 4 be so awesome that faces melt, then focus on making it easy to move. Honestly I want 4 to be so awesome that people deploy a new cluster right away, but like everything needs some soak time first.
Reply Retweet Like
Clayton Coleman Mar 1
goes all Lone Gunman on what’s awesome about OpenShift 4 and operators for ALL THE THINGS
Reply Retweet Like
Clayton Coleman Dec 13
KubeCon - come for the tech, stay for the feels
Reply Retweet Like
Clayton Coleman Dec 13
The same - thank you both for the chance to get teary-eyed on stage
Reply Retweet Like
Clayton Coleman Dec 13
RHEL 7 to RHEL 8 is just a rolling update for us. Might even just do it in 4.0.5...
Reply Retweet Like
Clayton Coleman Oct 28
Replying to @asanso @evilsocket
We considered padding oracle but to our best knowledge that requires you have write access to etcd which is game over. Only reader/writer are effective root
Reply Retweet Like
Clayton Coleman Oct 28
Replying to @asanso
Also, at rest secret encryption is really a very weak defense and needs to be coupled with better key management, on disk encryption, and much tighter master control (any of which void at rest secret protections) (2/2)
Reply Retweet Like
Clayton Coleman Oct 28
Replying to @asanso
At the time, for large clusters, GCM key recovery due to limited IV space was a reason to choose CBC over GCM. At the time we also didn’t have golang support for better primitives, and the argument was to pick the simplest option possible and avoid risking a mistake. (1/2)
Reply Retweet Like
Clayton Coleman Jul 17
Interesting to contrast Ingress and Pod - Pod provides generic linux processes but can be more complex by process doing arbitrary things outside Kube API. Ingress is LCD across load balancers, but all complexity has to come in annotations. No more generic APIs?
Reply Retweet Like
Clayton Coleman Jul 17
Replying to @mfyk84
Sorry for the delay, it's hard to keep up with PRs. Please keep the contributions coming (hopefully we'll be less slow next time)!
Reply Retweet Like
Clayton Coleman Jun 8
Replying to @liggitt @jbeda
I wood like to know how familiar you are with these hypothetical splinter groups
Reply Retweet Like
Clayton Coleman Jun 8
Replying to @liggitt
I think you need to meat me in the middle here.
Reply Retweet Like
Clayton Coleman Jun 7
Replying to @liggitt
I rebut your argument.
Reply Retweet Like
Clayton Coleman May 20
I think it was just after 1.0 - . And it took 2 years to get them to GA. At 1.0 openshift had I think 20 or 22 Kube-like api extensions, including rbac. Anyway, openshift is a spork of Kubernetes, not a fork. Works with pudding AND steak.
Reply Retweet Like
Clayton Coleman May 20
And ultimately all of that work done outside of the core made crd, api extension, api groups, discovery, generic kubectl possible. And was done by the people who had to extend Kube. Seems silly to design extension without real world consumers.
Reply Retweet Like
Clayton Coleman May 20
Yeah, it was the “do something to get out the door” and not be totally insecure. But we didn’t have api groups then, or tpr. Adding extension points before you make your first use case work is astronaut architecture.
Reply Retweet Like