profile
viewpoint
Roland Huß rhuss Red Hat Pegnitz, Germany https://ro14nd.de I'm a software engineer and 🌶 head, author of the O'Reilly book "Kubenetes Patterns", together w. @bibryam (k8spatterns.io). Knative, Jolokia, d-m-p

fabric8io/docker-maven-plugin 1531

Maven plugin for running and creating Docker images

operator-framework/operator-lifecycle-manager 1161

A management framework for extending Kubernetes with Operators

knative/client 236

Knative developer experience, docs, reference Knative CLI implementation

Project31/ansible-kubernetes-openshift-pi3 196

Ansible playbooks for setting up a Kubernetes Raspberry Pi 3 cluster

fabric8io/shootout-docker-maven 83

A comparison between the four major docker-maven-plugins

rhuss/aji 41

Ají - Jolokia's fancy sister

atlasmap-attic/atlasmap-ui 7

An Angular2 module for designing Atlasmap mapping definitions

jolokia-org/jolokia-it 5

Jolokia's Integration Test Suite & Protocol documentation

rhuss/ansible-kubernetes-openshift-pi3 4

Ansible playbooks for setting up a Kubernetes Raspberry Pi 3 cluster

atlasmap-attic/atlasmap-runtime 3

AtlasMap runtime engine and design time services

PullRequestReviewEvent

issue commentknative/client

Create broker object with spec.config pointer

the config: field can point to any object ? Would it be good enough that kn supports only ConfigMaps as references ? That would make the UI much easier (e.g. --config kafka-broker-config)

matzew

comment created time in 3 hours

pull request commentknative/client

Add --tag flag to service create and allow traffic split <100 when @latest is specified

Sorry for being so late. I will give the whole traffic refactorings a spin today (or early next week).

vyasgun

comment created time in 3 hours

issue commentknative/client

kn service create with `--log-http` is pending for a long time

/remove-lifecycle stale

daisy-ycguo

comment created time in 3 hours

issue commentknative/client

dont create new revision if image is unchanged

/remove-lifecycle stale

guillaumeblaquiere

comment created time in 3 hours

issue commentknative/client

Removed hard-coded "kn" in usage/error messages

no worries.

@hzliangbin yes, ideally everywhere where kn is hardcoded, that should be replaced by the real command name, without path.

rhuss

comment created time in 3 hours

push eventskarsaune/jolokia

Roland Huß

commit sha 44d22bd929ef6c261aa16cacdb14896f65305510

Make clear that this is about JSR-160 based connections in the download page

view details

push time in 3 hours

pull request commentrhuss/jolokia

Document MBeanServerConnection with jolokia or kubernetes

I adjusted the wording a bit and cleaned up the formatting. @skarsaune please check, if this looks ok for you then we could merge.

One thing for the future: It would be cool to have a section with which options are possible when creating the connection, maybe as a table or so. The examples are a good start but I think people want to know what options are all possible. For common JSR-160 options we can refer to the official JMX documentation.

skarsaune

comment created time in 3 hours

push eventskarsaune/jolokia

Roland Huß

commit sha 31484ae876b69173717e32ad44b28b70886b1543

Adjust wording a bit + formatting

view details

push time in 3 hours

issue commentrhuss/jolokia

1.7.1 release missing gpg public keys for asc files

@philjb Isn't it that when you do a gpg --verify jolokia-1.7.1-bin.tar.gz.asc jolokia-1.7.1-bin.tar.gz that it will show you with which key it was signed, so that you can fetch it from a keyserver ? True, you still would need to verify this (by eg. pinging one of the email addresses or calling me to get the fingerprint), but you have some context info (including a nice embedded picture ;-)

For the next release I will try to a KEYS file, just need to find out how to add it to the automation of the Maven release plugin.

philjb

comment created time in 4 hours

pull request commentrhuss/jolokia

Document MBeanServerConnection with jolokia or kubernetes

Thanks a lot, the PR looks good in general.

However, I think we need some tuning wrt/ formatting and wording. Would you mind if I push some polishing updates to your branch ?

skarsaune

comment created time in 14 hours

PullRequestReviewEvent

pull request commentknative/client-pkg

[main] Upgrade to latest dependencies

/approve /lgtm

knative-automation

comment created time in 20 hours

issue commentknative-sandbox/kn-plugin-func

Refactor flag handling to avoid duplication

/remove-lifecycle stale

Not sure if this is still relevant, though

rhuss

comment created time in 21 hours

issue commentknative-sandbox/kn-plugin-func

Use `kn function` in help message when run as a plugin to kn

/remove-lifecycle stale

rhuss

comment created time in 21 hours

pull request commentknative-sandbox/kn-plugin-func

In cluster dialer

@rhuss @markusthoemmes When I exec command in a pod it there a way to send a signal to the created process?

Maybe with a second exec sh -c "cat /tmp/pid.txt | xargs kill" (and writing the PID to a pid file in the first exec) ?

matejvasek

comment created time in 21 hours

Pull request review commentknative-sandbox/kn-plugin-func

In cluster dialer

+package k8s++import (+	"bytes"+	"context"+	"errors"+	"fmt"+	"io"+	"net"+	"time"++	coreV1 "k8s.io/api/core/v1"+	metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"+	"k8s.io/apimachinery/pkg/fields"+	"k8s.io/apimachinery/pkg/util/rand"+	"k8s.io/apimachinery/pkg/watch"+	"k8s.io/client-go/kubernetes"+	"k8s.io/client-go/kubernetes/scheme"+	v1 "k8s.io/client-go/kubernetes/typed/core/v1"+	restclient "k8s.io/client-go/rest"+	"k8s.io/client-go/tools/remotecommand"+)++const (+	socatImage = "quay.io/mvasek/socat:alpine"+)++type ContextDialer interface {+	DialContext(ctx context.Context, network string, addr string) (net.Conn, error)+	Close() error+}++// NewInClusterDialer creates context dialer that will dial TCP connections via POD running in k8s cluster.+// This is useful when accessing k8s services that are not exposed outside cluster (e.g. openshift image registry).+//+// Usage:+//+//     dialer, err := k8s.NewInClusterDialer(ctx)+//     if err != nil {+//         return err+//     }+//     defer dialer.Close()+//+//     transport := &http.Transport{+//         DialContext: dialer.DialContext,+//     }+//+//     var client = http.Client{+//         Transport: transport,+//     }+func NewInClusterDialer(ctx context.Context) (ContextDialer, error) {+	c := &contextDialer{}+	err := c.startDialerPod(ctx)+	if err != nil {+		return nil, err+	}+	return c, nil+}++type contextDialer struct {+	coreV1    v1.CoreV1Interface+	restConf  *restclient.Config+	podName   string+	namespace string+}++func (c *contextDialer) DialContext(ctx context.Context, network string, addr string) (net.Conn, error) {+	if !(network == "tcp" || network == "tcp4" || network == "tcp6") {+		return nil, fmt.Errorf("unsupported network: %q", network)+	}++	execDone := make(chan struct{})+	pr, pw, conn := newConn(execDone)++	go func() {+		defer close(execDone)+		errOut := bytes.NewBuffer(nil)+		err := c.exec(addr, pr, pw, errOut)+		if err != nil {+			err = fmt.Errorf("failed to exec in pod: %w (stderr: %q)", err, errOut.String())+			_ = pr.CloseWithError(err)+			_ = pw.CloseWithError(err)+		}+	}()++	return conn, nil+}++func (c *contextDialer) Close() error {+	ctx, cancel := context.WithTimeout(context.Background(), time.Minute*1)+	defer cancel()+	delOpts := metaV1.DeleteOptions{}++	return c.coreV1.Pods(c.namespace).Delete(ctx, c.podName, delOpts)

@rhuss @markusthoemmes When I exec command in a pod it there a way to send a signal to the created process?

Maybe with a second exec sh -c "cat /tmp/pid.txt | xargs kill" (and writing the PID to a pid file in the first exec) ?

matejvasek

comment created time in 21 hours

PullRequestReviewEvent

Pull request review commentknative-sandbox/kn-plugin-func

In cluster dialer

+package k8s++import (+	"bytes"+	"context"+	"errors"+	"fmt"+	"io"+	"net"+	"time"++	coreV1 "k8s.io/api/core/v1"+	metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"+	"k8s.io/apimachinery/pkg/fields"+	"k8s.io/apimachinery/pkg/util/rand"+	"k8s.io/apimachinery/pkg/watch"+	"k8s.io/client-go/kubernetes"+	"k8s.io/client-go/kubernetes/scheme"+	v1 "k8s.io/client-go/kubernetes/typed/core/v1"+	restclient "k8s.io/client-go/rest"+	"k8s.io/client-go/tools/remotecommand"+)++const (+	socatImage = "quay.io/mvasek/socat:alpine"+)++type ContextDialer interface {+	DialContext(ctx context.Context, network string, addr string) (net.Conn, error)+	Close() error+}++// NewInClusterDialer creates context dialer that will dial TCP connections via POD running in k8s cluster.+// This is useful when accessing k8s services that are not exposed outside cluster (e.g. openshift image registry).+//+// Usage:+//+//     dialer, err := k8s.NewInClusterDialer(ctx)+//     if err != nil {+//         return err+//     }+//     defer dialer.Close()+//+//     transport := &http.Transport{+//         DialContext: dialer.DialContext,+//     }+//+//     var client = http.Client{+//         Transport: transport,+//     }+func NewInClusterDialer(ctx context.Context) (ContextDialer, error) {+	c := &contextDialer{}+	err := c.startDialerPod(ctx)+	if err != nil {+		return nil, err+	}+	return c, nil+}++type contextDialer struct {+	coreV1    v1.CoreV1Interface+	restConf  *restclient.Config+	podName   string+	namespace string+}++func (c *contextDialer) DialContext(ctx context.Context, network string, addr string) (net.Conn, error) {+	if !(network == "tcp" || network == "tcp4" || network == "tcp6") {+		return nil, fmt.Errorf("unsupported network: %q", network)+	}++	execDone := make(chan struct{})+	pr, pw, conn := newConn(execDone)++	go func() {+		defer close(execDone)+		errOut := bytes.NewBuffer(nil)+		err := c.exec(addr, pr, pw, errOut)+		if err != nil {+			err = fmt.Errorf("failed to exec in pod: %w (stderr: %q)", err, errOut.String())+			_ = pr.CloseWithError(err)+			_ = pw.CloseWithError(err)+		}+	}()++	return conn, nil+}++func (c *contextDialer) Close() error {+	ctx, cancel := context.WithTimeout(context.Background(), time.Minute*1)+	defer cancel()+	delOpts := metaV1.DeleteOptions{}++	return c.coreV1.Pods(c.namespace).Delete(ctx, c.podName, delOpts)

btw, what do you mean with 'upon' completion ? When all containers in the pod stop ?

matejvasek

comment created time in 21 hours

PullRequestReviewEvent

Pull request review commentknative-sandbox/kn-plugin-func

In cluster dialer

+package k8s++import (+	"bytes"+	"context"+	"errors"+	"fmt"+	"io"+	"net"+	"time"++	coreV1 "k8s.io/api/core/v1"+	metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"+	"k8s.io/apimachinery/pkg/fields"+	"k8s.io/apimachinery/pkg/util/rand"+	"k8s.io/apimachinery/pkg/watch"+	"k8s.io/client-go/kubernetes"+	"k8s.io/client-go/kubernetes/scheme"+	v1 "k8s.io/client-go/kubernetes/typed/core/v1"+	restclient "k8s.io/client-go/rest"+	"k8s.io/client-go/tools/remotecommand"+)++const (+	socatImage = "quay.io/mvasek/socat:alpine"+)++type ContextDialer interface {+	DialContext(ctx context.Context, network string, addr string) (net.Conn, error)+	Close() error+}++// NewInClusterDialer creates context dialer that will dial TCP connections via POD running in k8s cluster.+// This is useful when accessing k8s services that are not exposed outside cluster (e.g. openshift image registry).+//+// Usage:+//+//     dialer, err := k8s.NewInClusterDialer(ctx)+//     if err != nil {+//         return err+//     }+//     defer dialer.Close()+//+//     transport := &http.Transport{+//         DialContext: dialer.DialContext,+//     }+//+//     var client = http.Client{+//         Transport: transport,+//     }+func NewInClusterDialer(ctx context.Context) (ContextDialer, error) {+	c := &contextDialer{}+	err := c.startDialerPod(ctx)+	if err != nil {+		return nil, err+	}+	return c, nil+}++type contextDialer struct {+	coreV1    v1.CoreV1Interface+	restConf  *restclient.Config+	podName   string+	namespace string+}++func (c *contextDialer) DialContext(ctx context.Context, network string, addr string) (net.Conn, error) {+	if !(network == "tcp" || network == "tcp4" || network == "tcp6") {+		return nil, fmt.Errorf("unsupported network: %q", network)+	}++	execDone := make(chan struct{})+	pr, pw, conn := newConn(execDone)++	go func() {+		defer close(execDone)+		errOut := bytes.NewBuffer(nil)+		err := c.exec(addr, pr, pw, errOut)+		if err != nil {+			err = fmt.Errorf("failed to exec in pod: %w (stderr: %q)", err, errOut.String())+			_ = pr.CloseWithError(err)+			_ = pw.CloseWithError(err)+		}+	}()++	return conn, nil+}++func (c *contextDialer) Close() error {+	ctx, cancel := context.WithTimeout(context.Background(), time.Minute*1)+	defer cancel()+	delOpts := metaV1.DeleteOptions{}++	return c.coreV1.Pods(c.namespace).Delete(ctx, c.podName, delOpts)

You can do this if you are using a higher-level abstraction like Deployment or ReplicaSet if you want them to manage the lifecycle of your pod, otherwise, you have to do it on your own.

matejvasek

comment created time in 21 hours

PullRequestReviewEvent

pull request commentknative-sandbox/.github

Add a check to prevent CVE-2021-42574 and CVE-2021-42694

Looks good in general, but I wonder whether we should forbid all uni-code characters. When I checked the current Knative code base, I found out that some dependencies and/or YAML descriptors used unicode chars like non-breaking spaces etc. for good.

Maybe we should limit the filter on only BiDi unicode characters ?

pierDipi

comment created time in a day

PullRequestReviewEvent

issue commentrhuss/jolokia

1.7.1 release missing gpg public keys for asc files

So you mean to add the public key for 8ADF74511D217D2835EAA59381D53EB87CDFBC34 as KEYS file ? Not sure if this enhances security because if GitHub is compromised the key could easily be forged along with the signatures, too.

Currently, the public key (it's my personal key) is available on the usual PGP keyservers.

Maybe it's better to provide a download option from the website for the public key or some other means ?

philjb

comment created time in a day

pull request commentrhuss/jolokia

[WIP] move to JakartaEE

@agebhar1 thanks for kicking off this discussion ! My first question would be how backwards compatible Servlet 5.0 is and then, how much Jolokia should support back wrt/ the Servel spec. At the moment the smallest support servlet spec is 2.5 (IIRC), and since there are still a lot of legacy installations out there we should try to keep this level as minimum bar.

Maybe we need an additional artefact for the new spec ?

agebhar1

comment created time in a day

issue commentrhuss/jolokia

Jolokia returns wrong content type

So I guess it behaves wrong by the HTTP spec (wrong mime-type that describes what the content is)

I wouldn't say that it behaves wrong as JSON is also plain/text (i.e. every JSON document is also a text document, but not every text document is a JSON document).

Tbh, I hesitate to switch the default because of possible backward compatibility issues that I can't foresee, but I would expect quite some considering the age of Jolokia and that it is still used in many productions sites so that I would still like to keep Jolokia updatable without changes when e.g. fixing CVEs (the only reason possibly for such installation to consider an update).

You can switch the default content type on a per-request basis, but also in the startup configuration of the agent, so that it is globally changed. That is what I would recommend for your use case.

fabianfrz

comment created time in a day

issue commentfabric8io/docker-maven-plugin

support for DOCKER_BUILDKIT=1 environment variable

Hey, @agudian that's an awesome investigation of the situation and very very helpful ! Thanks a ton !

I agree that probably having a separate mvn docker:buildx goal would be the way to go, as it also matches the user experience that Docker itself has chosen (having two different build implementations, probably for some reason). (although having a single abstraction would have been super cool :)

wrt/ the challenge to have the built image available for e.g. mvn docker:run without pushing it to a registry first: I wonder whether we could leverage the /images/load API endpoint to load the image directly into the Docker daemon at hand (much like buildx --load would probably do).

Creating a local registry is probably out of scope, except that there would be already a Java library that would handle that. Registries are hard to implement correctly.

Said all that, unfortunately, I can't really invest time in helping to implement that (as much as I wanted it, but I'm currently totally overloaded with completely different work). But we (@rohanKanojia and I) are happy to help to integrate PRs that go into this direction.

dominikzalewski

comment created time in 3 days

issue commentfabric8io/docker-maven-plugin

java.lang.UnsatisfiedLinkError: could not load FFI provider jnr.ffi.provider.jffi.Provider

You can try a workaround like proxying via socat from a TCP port to a Unix socket like described in https://stackoverflow.com/questions/39411126/access-docker-daemon-remote-api-on-docker-for-mac

However, for the full solution, we need support by jnr-unixsocket, so you might want to monitor and popularize https://github.com/jnr/jnr-unixsocket/issues/95 as well.

skumar4120

comment created time in 3 days

PullRequestReviewEvent
more