maelvls dev blog

maelvls dev blog

Systems software engineer. I write mostly about Kubernetes and Go. About

25 Sep 2021

mitmproxy hangs on TLS renegotiation: a debugging story

I often use mitmproxy in order to see the HTTP calls that programs are making under the hood. vcert, a tool used for operating Venafi TPP and Venafi Cloud, did not seem to be working with mitmproxy. This post presents the steps I took to discover that the issue comes from an unsupported feature of mitmproxy: TLS renegotiation.
05 Jun 2021

Writing useful comments

We often talk about avoiding unnecessary comments that needlessly paraphrase what the code does. In this article, I gathered some thoughts about why writing comments is as important as writing the code itself, and how to spot comments that should be refactored using the 'what' and the 'why'.
07 Jul 2020

Understanding the Available condition of a Kubernetes deployment

Although the Kubernetes documentation is excellent, the API reference does not document the conditions that can be found in a deployment's status. The Available condition has always eluded me!
03 Jul 2020

Pull-through Docker registry on Kind clusters

Kind offers an excellent UX to Kubernetes developers but lacks support for caching images; each time you recreate a new cluster, all the previous downloaded images are gone. In this post, I explain why the default Docker network is a trap and how to set up a registry & make sure that it actually works.
01 Jul 2020

Using mitmproxy to understand what kubectl does under the hood

Mitmproxy is an excellent tool that helps us understand what network calls are made by programs. And kubectl is one of these interesting programs, but it uses a mutual TLS authentication which is tricky to get right.
30 May 2020

Epic journey with statically and dynamically-linked libraries (.a, .so)

Dynamic libraries and PIC (position-independant code) are great features of modern systems. But trying to get the right library built can become a nightmare as soon as you rely on other libraries that may or may not have these features in the first place... In this post, I detail the hacks I made to the ./configure-based build system of Yices, a C++ library.
09 May 2020

Github Actions with a private Terraform module

Terraform makes it easy to manage infrastructure at scale; you might want to share code between modules, and that's where it becomes tricky. In this post, I try to give some clues on how to use terraform across private Github repos.
22 Apr 2020

Learning Kubernetes Controllers

Kubernetes' extensibility is probably its biggest strength. Controllers and CRDs are all over the place. But finding the right information to begin writing a controller isn't easy due to the sheer amount of tribal knowledge scattered everywhere. Here are some links to help you start.
15 Apr 2020

The Client-go Transitive Hell

Client-go is the client library that allows anyone (including Kubernetes itself) to talk to the Kubernetes apiserver. Recently, the Kubernetes team chose to release a breaking version of client-go that adds support for context.Context, without really giving anyone notice. In this post, I detail the workaround and what that happened.
13 Apr 2020

How do packets find their way back?

In one of my previous posts, I studied how traffic flows when using Kubernetes Services. While drawing the last diagram, I did not clearly see how traffic could make its way back to the user. In this post, I focus on how packets find their way back and what makes stateless rewriting interesting.
30 Mar 2020

The evolution of my home office from 2019 to 2022

I present what hardware I have been using and what changed between 2019 and 2022!
22 Mar 2020

Migrating from GKE to Civo's K3s

My free trial on GKE was ending in 2 days and I had to find a way to migrate away. I decided to switch to Civo's managed K3s.
14 Mar 2020

The Packet's-Eye View of a Kubernetes Service

The Service and Ingress respectively brings L4 and L7 traffics to your pods. In this article, I focus on how traffic flows in and what are the interactions between the ingress controller and the service-lb controller (the thing that creates the external load balancer). I also detail how the `hostPort` approach shapes traffic.
26 Jan 2020

Debugging Kubernetes Networking: my kube-dns is not working!

Some pods were unable to connect to the kube-proxy pod on one of my GKE Kubernetes clusters. This post present an in-depth investigation using tcpdump, wireshark and iptables tracing.
20 Jan 2020

Avoid GKE's expensive load balancer by using hostPort

I want to avoid using the expensive Google Network Load Balancer and instead do the load balancing in-cluster using akrobateo, which acts as a LoadBalancer controller.
06 Jan 2020

What to do when Go ignores HTTP_PROXY for 127.0.0.1

At some point, the Go team chose to disable the proxy for requests coming from localhost or 127.0.0.1. This is annoying when debugging services locally.
23 Nov 2019

Go Happy Path: the Unindented Line of Sight

Readability is a property we all love about Go. In other languages, it might be fine to have a lot of nested if statements; in Go, it is a good practice to keep away from overly-nested logic.
13 Nov 2019

Why is GO111MODULE everywhere, and everything about Go Modules (updated with Go 1.20)

GO111MODULE is all over the place. It appears in README install instructions, in Dockerfiles, in makefiles. On top of that, the behavior of GO111MODULE has changed from Go 1.11 to 1.12, changed again with Go 1.13 and Go 1.15 and changed a last time in Go 1.16, and is stable since then.
12 Nov 2019

What the heck are Conditions in Kubernetes controllers?

Although progress is being made, Kubernetes controllers and operators still require prior knowledge about Kubernetes internals. Information on how to set the status is scattered across comments, issues, PRs and the Kubernetes code itself. Conditions may be a good solution for your controller, but for what?