profile
viewpoint

schlitzered/pyredis 36

Redis Client Implementation for Python

schlitzered/pep3143daemon 9

Implementation of PEP 3143

schlitzered/pylvs 2

Small wrapper around ipvsadm

schlitzered/foreman_dlm_updater 1

ForemanDlmUpdater, Linux client counterpart to the awesome Foreman DLM plugin.

schlitzered/aiotask-context 0

Contextual information for asyncio tasks

schlitzered/bonsai 0

Simple Python 3 module for LDAP, using libldap2 and winldap C libraries.

schlitzered/DLMEngineCLI 0

DLMEngineCLI

schlitzered/DLMEngineUpdater 0

WorkFlow tool to make automated system updates using DLMEngine

push eventnolar/kopf

Sergey Vasilyev

commit sha 75cb5789842807f1bb08062fd62a9e7b72a42789

Get rid of nonexistent jobs in the run status

view details

push time in 7 hours

push eventnolar/kopf

Sergey Vasilyev

commit sha 58497b46dcb544beccc93c7508d4fe69ff6cc3ba

Switch from Travis CI to GitHub Actions Travis CI has a new pricing model since Nov'2020 with "credits" per build-minutes. The credits were depleted quite fast. There is no clear way to buy more credits, there is no clear way to request more for an open-source project, there are no clear criteria on what counts as open-source. And even if requested, the build-minutes are used fast (mostly by nightly builds) — 10'000 credits were depleted in two weeks. That might work for tiny project, but for K8s tests matrix, those credits are not enough. Besides, Travis CI has introduced the limited capacity for open-source builds, so there were a few cases when the builds were waiting for 1 hour in the backlog to be executed. This kills all the optimisations made to get the PR feedback faster, in ~5 mins. GitHub Actions offer unlimited build-minutes for public repositories, i.e. for open-source. The pricing model is clear, if it would be ever needed. If and when GitHub will cancel free builds for open-source/public repositories, that approach can be revised again in favour of Travis CI or maybe other CI tools.

view details

push time in 8 hours

issue commentamaizfinance/redis-operator

internal/informers error

This error indicates that the K8s api server is either unresponsive or unreachable for some reason.

Can you reach this URL from inside other containers? How does the env look like in other containers?

This is an example of normal behavior with a reachable API server and for a pod that is not allowed to talk to the API server:

❯ k run lol --rm -ti --restart Never --image alpine
If you don't see a command prompt, try pressing enter.
/ # apk add --quiet curl jq && env | grep KUBE
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.43.0.1:443
KUBERNETES_PORT_443_TCP_ADDR=10.43.0.1
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.43.0.1:443
KUBERNETES_SERVICE_HOST=10.43.0.1
/ # KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
/ # curl -sSk -H "Authorization: Bearer $KUBE_TOKEN" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/default/pods/$HOSTNAME | jq
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "pods \"lol\" is forbidden: User \"system:serviceaccount:default:default\" cannot get resource \"pods\" in API group \"\" in the namespace \"default\"",
  "reason": "Forbidden",
  "details": {
    "name": "lol",
    "kind": "pods"
  },
  "code": 403
}
asumner

comment created time in 9 hours

issue commentnolar/kopf

Stop the handler execution after delete the object inside the handler

@OmegaVVeapon Please do. I didn't file a separate issue yet, I started isolating it but couldn't finish and got busy with other things.

Nonname123

comment created time in a day

issue openedamaizfinance/redis-operator

internal/informers error

Hi the operator seems to get unstable with this error. (We upgraded some time ago to K8s AKS version 1.18.8 and the cluster seemed to be working fine then errored, any clues what this process is doing that couldn't reach 10.0.0.1?

1123 23:41:35.966281 1 reflector.go:134] pkg/cache/internal/informers_map.go:196: Failed to list *v1.Pod: Get https://10.0.0.1:443/api/v1/pods?limit=500&resourceVersion=0: dial tcp 10.0.0.1:443: i/o timeout E1123 23:41:35.968999 1 reflector.go:134] pkg/cache/internal/informers_map.go:126: Failed to list *v1.ConfigMap: Get https://10.0.0.1:443/api/v1/configmaps?limit=500&resourceVersion=0: dial tcp 10.0.0.1:443: i/o timeout E1123 23:41:36.019562 1 reflector.go:134] pkg/cache/internal/informers_map.go:126: Failed to list *v1.Service: Get https://10.0.0.1:443/api/v1/services?limit=500&resourceVersion=0: dial tcp 10.0.0.1:443: i/o timeout E1123 23:41:36.020778 1 reflector.go:134] pkg/cache/internal/informers_map.go:126: Failed to list *v1.StatefulSet: Get https://10.0.0.1:443/apis/apps/v1/statefulsets?limit=500&resourceVersion=0: dial tcp 10.0.0.1:443: i/o timeout E1123 23:41:36.021841 1 reflector.go:134] pkg/cache/internal/informers_map.go:126: Failed to list *v1alpha1.Redis: Get https://10.0.0.1:443/apis/k8s.amaiz.com/v1alpha1/redis?limit=500&resourceVersion=0: dial tcp 10.0.0.1:443: i/o timeout E1123 23:41:36.023000 1 reflector.go:134] pkg/cache/internal/informers_map.go:126: Failed to list *v1beta1.PodDisruptionBudget: Get https://10.0.0.1:443/apis/policy/v1beta1/poddisruptionbudgets?limit=500&resourceVersion=0: dial tcp 10.0.0.1:443: i/o timeout

created time in a day

issue commentnolar/kopf

Export prometheus metrics at `/metrics`

I've tried to add it in a simple way:

import kopf
import prometheus_client as prometheus

prometheus.start_http_server(9090)  
REQUEST_TIME = prometheus.Summary('request_processing_seconds', 'Time spent processing request') 

@kopf.on.create('zalando.org', 'v1', 'kopfexamples')
@REQUEST_TIME.time() 
def create_fn(spec, **kwargs):
    print(f"And here we are! Creating: {spec}")
    return {'message': 'hello world'}  # will be the new status

The only important thing here is to call kopf.on before the stat.

IMHO, just documenting this allow anyone to use it or choose any other client/monitoring system, doesn't add any other dependencies, etc.

kopf-archiver[bot]

comment created time in 2 days

created tagsaltedsignal/puppet-certmonger

tagv2.4.0

Certmonger puppet module for integration with IPA CAs

created time in 2 days

release saltedsignal/puppet-certmonger

v2.4.0

released time in 2 days

issue commentnolar/kopf

Stop the handler execution after delete the object inside the handler

I just ran into this issue.

Deleting the KopfFinalizerMarker did the trick for me as well.

@akojima Did you end up opening a separate bug?

If not, I'll try to find out what causes the issue and open it myself.

Nonname123

comment created time in 2 days

delete branch zalando-incubator/es-operator

delete branch : compliant-docker

delete time in 2 days

push eventzalando-incubator/es-operator

Oliver

commit sha b0eeeac1a5d796a634f1ec4d7836608a6e684920

Use compliant Docker image Signed-off-by: Oliver <oliver.trosien@zalando.de>

view details

Oliver Trosien

commit sha f4de741f52fe426562ecee9bd3eacbaa9929a626

Merge pull request #132 from zalando-incubator/compliant-docker Use compliant Docker image

view details

push time in 2 days

PR merged zalando-incubator/es-operator

Reviewers
Use compliant Docker image

Uses the new alpine Docker base image to become compliant with the company's docker build policy.

+4 -4

2 comments

2 changed files

otrosien

pr closed time in 2 days

pull request commentzalando-incubator/es-operator

Use compliant Docker image

👍

otrosien

comment created time in 2 days

delete branch zalando-incubator/es-operator

delete branch : cluster-role-e2e

delete time in 2 days

push eventzalando-incubator/es-operator

Mikkel Oscar Lyderik Larsen

commit sha fe497e07a46881611646649915560d1fa14ef5d9

Avoid overriding existing clusterrole/binding Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>

view details

Oliver Trosien

commit sha 43585a4f4a85d474a54439a7ae85860ce43ca8a4

Merge pull request #133 from zalando-incubator/cluster-role-e2e Avoid overriding existing clusterrole/binding

view details

push time in 2 days

PR merged zalando-incubator/es-operator

Reviewers
Avoid overriding existing clusterrole/binding

Add -e2e suffix to the clusterrole/binding used in the e2e tests to avoid overriding what may be already deployed in the cluster.

+3 -3

2 comments

1 changed file

mikkeloscar

pr closed time in 2 days

pull request commentzalando-incubator/es-operator

Avoid overriding existing clusterrole/binding

👍

mikkeloscar

comment created time in 2 days

PR opened spotahome/redis-operator

Reviewers
sentinel service append metrics port

Hi,

Sentinel service don't have metrics port when sentinel exporter is configured.

This PR add metrics in the generateSentinelService function.

+11 -1

0 comment

1 changed file

pr created time in 3 days

push eventsaltedsignal/puppet-certmonger

Raildo Mascena de Sousa Filho

commit sha b90fbe56779692422cc7ceebc2f64d086c1cef16

Adding key_size option on the certmonger_certificate docs (#28) Adding the key_size on the certmonger_certificate example on the README.md

view details

push time in 6 days

PR merged saltedsignal/puppet-certmonger

Adding key_size optin on the certmonger_certificate docs

Adding the key_size on the certmonger_certificate example on the README.md

+2 -0

0 comment

1 changed file

raildo

pr closed time in 6 days

issue openedsaltedsignal/puppet-certmonger

Ask for a new tag/release for puppet-certmonger

We did some improvements on puppet-certmonger and it has been a while that we don't have a release for this repository.

Would be nice to have a new tag and release created for it.

created time in 6 days

issue commentnolar/kopf

Use it? Tell us.

We are experimenting with it to manage Beam/Flink applications on our IoT platform. The main motivation is to enable an administrator to use the platform without expertise in any of the components apart from Kubernetes. Therefore, we do not want them to necessarily know how Flink deployments work, if they can use Kubernetes resources to deploy their applications.

We preferred Kopf since it is so much less boilerplate than any other framework, our initial implementation was done quite quickly.

kopf-archiver[bot]

comment created time in 6 days

issue openedopennode/python-freeipa

login_kerberos is inefficient

Hi,

while I was assisting @abompard with a problem in Fedora Account System, I noticed that python-freeipa's Kerberos login is inefficient. It requires two HTTP roundtrips to authenticate and uses cookie sessions, which are less efficient. The official IPA client library uses opportunistic authentication without sessions.

To make python-freeipa faster:

  • use opportunistic authentication
  • allow passing of GSS-API credentials
  • don't call login_kerberos
  • drop session_logout for GSS-API auth
try:
    import requests_gssapi
    import gssapi
    import gssapi.exceptions
except ImportError as e:
    # Will raise if the user tries to login via Kerberos.
    requests_gssapi = gssapi = e

in Client.__init__:

        self._session.verify = verify_ssl
    def login_gssapi(self, creds=None)
        if creds is None:
            try:
                creds = gssapi.Credentials(usage="initiate")
            except gssapi.exceptions.GSSError as e:
                raise Unauthorized(e)
        self._session.auth = requests_gssapi.HTTPSPNEGOAuth(
            opportunistic_auth=True, creds=creds
        )
        # optional check to get a 401 early
        self._request("ping")

created time in 7 days

push eventnolar/kopf

Sergey Vasilyev

commit sha a774df6c1bb523acef00eb84766ef8a807beaa6d

Switch from Travis CI to GitHub Actions Travis CI has a new pricing model since Nov'2020 with "credits" per build-minutes. The credits were depleted quite fast. There is no clear way to buy more credits, there is no clear way to request more for an open-source project, there are no clear criteria on what counts as open-source. And even if requested, the build-minutes are used fast (mostly by nightly builds) — 10'000 credits were depleted in two weeks. That might work for tiny project, but for K8s tests matrix, those credits are not enough. Besides, Travis CI has introduced the limited capacity for open-source builds, so there were a few cases when the builds were waiting for 1 hour in the backlog to be executed. This kills all the optimisations made to get the PR feedback faster, in ~5 mins. GitHub Actions offer unlimited build-minutes for public repositories, i.e. for open-source. The pricing model is clear, if it would be ever needed. If and when GitHub will cancel free builds for open-source/public repositories, that approach can be revised again in favour of Travis CI or maybe other CI tools.

view details

push time in 7 days

push eventnolar/kopf

Sergey Vasilyev

commit sha e5f862f9580267eab00631c78ddab4fed924f86b

Switch from Travis CI to GitHub Actions Travis CI has a new pricing model since Nov'2020 with "credits" per build-minutes. The credits were depleted quite fast. There is no clear way to buy more credits, there is no clear way to request more for an open-source project, there are no clear criteria on what counts as open-source. And even if requested, the build-minutes are used fast (mostly by nightly builds) — 10'000 credits were depleted in two weeks. That might work for tiny project, but for K8s tests matrix, those credits are not enough. Besides, Travis CI has introduced the limited capacity for open-source builds, so there were a few cases when the builds were waiting for 1 hour in the backlog to be executed. This kills all the optimisations made to get the PR feedback faster, in ~5 mins. GitHub Actions offer unlimited build-minutes for public repositories, i.e. for open-source. The pricing model is clear, if it would be ever needed. If and when GitHub will cancel free builds for open-source/public repositories, that approach can be revised again in favour of Travis CI or maybe other CI tools.

view details

push time in 7 days

push eventnolar/kopf

Sergey Vasilyev

commit sha 63a1e782f333761e77bbeb676088dbc72a1c444a

Finish parallel coveralls properly

view details

push time in 7 days

push eventnolar/kopf

Sergey Vasilyev

commit sha 3f238dbd63882062480ba54b5c9fc33cd221c33a

Finish parallel coveralls properly

view details

push time in 7 days

push eventnolar/kopf

Sergey Vasilyev

commit sha d27d9035eb2777999e49bbc4e81da91ac94fc5bf

Fix python versions in the build matrix

view details

push time in 7 days

push eventnolar/kopf

Sergey Vasilyev

commit sha 58dbcd47cf52e0f2cb3da1fc75c69d8ddc569d50

Be less verbose for CodeCov

view details

Sergey Vasilyev

commit sha 4cbf56e67450d854a846612d2a890864090d1ebb

Debug the failing pytest run

view details

push time in 7 days

push eventnolar/kopf

Sergey Vasilyev

commit sha c66e5b471fa869f5fd0fdba13750f2f52c50dd38

Revert Coveralls upload to a command instead of an action

view details

push time in 7 days

more