Prefetch Technologies // Keeping your cache lines cozy

Archive

Posts from 2020

Viewing Kubernetes RBAC permissions for users and groups

kubernetesMay 10, 2020 3 min read

As a security conscious Kubernetes operator, I take security extremely seriously. When new services are rolled out, I do everything in my power to ensure roles and clusterroles have the minimum number of permissions they need. Creating permissions is easy to do with audit2rbac, but how do you view them once they are in place? I use the Kubectl Krew plug-in manager, which provides a way to easily install a number of useful plug-ins…

$ read more →
earlier

Listing Linux SD device queue depth sizes

linuxMay 9, 2020 1 min

While investigating a disk performance issue this week, I needed to find the queue depth of a block device. There are several ways to do this, but I think the lsscsi "-l" option takes the cake: Simple, easy and elegant. Noting this for future reference.

$ read more →

Using Terraform for_each statements and dynamic nested blocks to simply AWS security group Ingress statements

terraformApr 29, 2020 1 min

Over the past few months, I've been updating various Terraform modules to utilize the new features in 0.12. Among these, is the ability to iterate over dynamic blocks with for_each. Utilizing this new feature has allowed me to reduce the size of my security groups, while making them more readable. To show this feature in action, I will create a new map variable with the port as a key, and a list of CIDR blocks to allow in as the value: To populate the Ingress statements, you can define a dynamic block, and then use for_each to iterate through the map and populate each ingress stanza: The final result will be one or more Ingress statements, each defining the CIDR block source IPs that are allowed to connect to the port: I've been able to drastically reduce the amount of HCL in my custom modules, which is always a good thing…

$ read more →

Adding default tags to AWS resources with Terraform

terraformApr 29, 2020 1 min

If you've worked with the various cloud providers, you've probably realized the value that comes with tagging resources. For billing and searching, I like to create a default set of tags that are applied to every resource. These include the group that owns the resource, the application type, and one or more operational tags. To keep things DRY, I keep a tags.tf file with entries similar to the following: This file then becomes a one-stop-shop for defining tags that apply to everything in a project…

$ read more →

Using the terraform console to debug interpolation syntax

terraformApr 27, 2020 2 min

I am a long time Terraform user. The number of providers that are available for Terraform, and having a resource for pretty much every cloud service makes it super appealing. But even with several years of production usage, I still find myself scratching my head at times when I'm writing my interpolations. Terraform provides a really nice shell to assist with this, and it can be accessed with the terraform "console" option: Once you are in the shell, typing an expression will produce immediate feedback: The expression above creates a list, and then displays the first element in it…

$ read more →