profile
viewpoint
Michael Hausenblas mhausenblas @aws Galway, Ireland https://mhausenblas.info cloud native security, observability, and networking

aquasecurity/kube-hunter 2196

Hunt for security weaknesses in Kubernetes clusters

aquasecurity/microscanner 742

Scan your container images for package vulnerabilities with Aqua Security

aquasecurity/manifesto 158

Use Manifesto to store and query metadata for container images.

label-schema/label-schema.org 118

Static content for Label Schema Spec

k8s-cookbook/recipes 100

Kubernetes Cookbook

kubectl-plus/kcf 83

A CLI tool providing you with status & configuration of a Kubernetes cluster fleet

aws/amazon-cloudwatch-logs-for-fluent-bit 69

A Fluent Bit output plugin for CloudWatch Logs

aws/aws-app-mesh-controller-for-k8s 69

A controller to help manage App Mesh resources for a Kubernetes cluster.

mhausenblas/5stardata.info 58

Information around TimBL's 5 star Open Data plan

aws/amazon-kinesis-firehose-for-fluent-bit 42

A Fluent Bit output plugin for Amazon Kinesis Data Firehose

issue closedaws/aws-service-operator-k8s

Is this project still active ?

Hi,

Is there an ETA for this operator ? It would be great if we can have an officially supported operator for AWS services. Looking forward for it !

closed time in 18 hours

aelbarkani

issue commentaws/aws-service-operator-k8s

Is this project still active ?

We're working on the MVP, see #22.

aelbarkani

comment created time in 18 hours

push eventaws/aws-service-operator-k8s

Jay Pipes

commit sha 24cce2e741fa4aa4536397ac4dd5e6801c17e4f4

clean up and separate requeue package Requeues are not errors and the requeueError struct and NewRequeueError interface seemed clunky, so I've separated that code out into a new requeue package, changed the interface to be `requeue.Needed` and requeue.NeededAfter` and changed the calling structure in the runtime `reconciler.handlerReconcileError()` method.

view details

Michael Hausenblas

commit sha eb8d6adf353cbdb3a9176440980d24d7d34145ca

Merge pull request #43 from jaypipes/scaffolding clean up and separate requeue package

view details

push time in 4 days

PR merged aws/aws-service-operator-k8s

clean up and separate requeue package

Requeues are not errors and the requeueError struct and NewRequeueError interface seemed clunky, so I've separated that code out into a new requeue package, changed the interface to be requeue.Needed and requeue.NeededAfterand changed the calling structure in the runtimereconciler.handlerReconcileError()` method.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

+156 -107

1 comment

7 changed files

jaypipes

pr closed time in 4 days

pull request commentaws/aws-service-operator-k8s

clean up and separate requeue package

LGTM!

jaypipes

comment created time in 4 days

delete branch mhausenblas/awesome-eks

delete branch : patch-1

delete time in 4 days

issue commentaws/aws-eks-best-practices

Write blurb on using OPA as an alternative to PSPs

We should also include Gatekeeper's support for PSP here.

jicowan

comment created time in 4 days

PR opened realvz/awesome-eks

adds Kube security book; updates authorship of PK

Signed-off-by: Michael Hausenblas hausenbl@amazon.com

+2 -1

0 comment

1 changed file

pr created time in 4 days

push eventmhausenblas/awesome-eks

Michael Hausenblas

commit sha 3e4a80df2ffc01a697126bfa40e81827c92b3d6f

adds Kube security book; updates authorship of PK Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 4 days

fork mhausenblas/awesome-eks

A curated list of awesome tools for Amazon EKS 🌊

https://realvz.github.io/awesome-eks/

fork in 4 days

push eventmhausenblas/aws-container-security-survey-2020

Josh Larsen

commit sha 8bfd0923669b65c321515409c16b9c069c27141b

update Twistlock name Signed-off-by: Josh Larsen <jlarsen@gmail.com>

view details

Josh Larsen

commit sha 5fd702be5cfedaab35f6e887f48e7203062bf33a

suggestions for policy enforcement Signed-off-by: Josh Larsen <jlarsen@gmail.com>

view details

Michael Hausenblas

commit sha 4a62b5adc4cbae6ff5af737059e221058b00693b

Merge pull request #5 from joshlarsen/master Couple suggestions

view details

push time in 5 days

pull request commentmhausenblas/aws-container-security-survey-2020

Couple suggestions

Thanks, Josh!

joshlarsen

comment created time in 5 days

startedaws/aws-service-operator-k8s

started time in 5 days

startedmhausenblas/test-gh-action

started time in 5 days

push eventaws/aws-service-operator-k8s

Jay Pipes

commit sha 13d32731833b06a5e2dd6e9cfa546583675ffba5

add mocks for interface types in pkg/types Also includes mock generation using mockery and a basic Makefile that downloads mockery and uses it to generate the test mocks.

view details

Jay Pipes

commit sha c37fa04db024783748d54d481ad5841266e96a34

start mapping out reconciler runtime Introduce some reconciler implementation in the ACK runtime by wrapping the code that instantiates Kubernetes object "prototypes" (basically pointers to empty structs that implement the upstream runtime.Object interface) and code that uses a k8s client to fetch resource information from the k8s API server. Added in the requeue/error handling from ALB IC v1beta2 code (see pkg/runtime/error.go and pkg/runtime/reconciler.go) to wrap the handling of errors received from the AWS resource managers to gel with the `controller-runtime.Result` returned struct. In order to do the above cleanly, I created a new AWSResourceFactory interface, separate from the AWSResource interface. The AWSResourceFactory interface is responsible for returning empty Kubernetes object prototypes to callers and for producing AWSResource objects, which are in turn fairly simple wrappers over the Kubernetes runtime.Object.

view details

Jay Pipes

commit sha 7455db5511e7d47e04330b33233880fb098389ea

plumb up the sync/cleanup resource methods The reconciler's reconcile() method is now split into a sync() and cleanup() method. The sync() method handles the read-and-create-or-update path and the cleanup() method handles the read-and-delete code path.

view details

Michael Hausenblas

commit sha f094582d238693c49d83294f8bf7a7c46a1743b1

Merge pull request #40 from jaypipes/scaffolding start mapping out reconciler runtime

view details

push time in 5 days

PR merged aws/aws-service-operator-k8s

start mapping out reconciler runtime

Introduce some reconciler implementation in the ACK runtime by wrapping the code that instantiates Kubernetes object "prototypes" (basically pointers to empty structs that implement the upstream runtime.Object interface) and code that uses a k8s client to fetch resource information from the k8s API server.

Added in the requeue/error handling from ALB IC v1beta2 code (see pkg/runtime/error.go and pkg/runtime/reconciler.go) to wrap the handling of errors received from the AWS resource managers to gel with the controller-runtime.Result returned struct.

In order to do the above cleanly, I created a new AWSResourceFactory interface, separate from the AWSResource interface. The AWSResourceFactory interface is responsible for returning empty Kubernetes object prototypes to callers and for producing AWSResource objects, which are in turn fairly simple wrappers over the Kubernetes runtime.Object.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

+878 -58

1 comment

19 changed files

jaypipes

pr closed time in 5 days

pull request commentaws/aws-service-operator-k8s

start mapping out reconciler runtime

LGTM, thanks!

jaypipes

comment created time in 5 days

push eventmhausenblas/aws-container-security-survey-2020

Liz Rice

commit sha 077f0a610df5884e7b12a6989b791ac15a5db261

Adding Aqua for runtime and policy checks

view details

Michael Hausenblas

commit sha e0e0dc8a0f740213d5b8fde973606aa49d8b6246

Merge pull request #3 from lizrice/patch-1 Adding Aqua for runtime and policy checks

view details

push time in 5 days

pull request commentmhausenblas/aws-container-security-survey-2020

Adding Aqua for runtime and policy checks

Thank you, Liz!

lizrice

comment created time in 5 days

push eventmhausenblas/aws-container-security-survey-2020

Liz Rice

commit sha 19a9aa61efc56ef36358576c1e1bdefaa8ffdd1b

Option to not be using Network Policies

view details

Michael Hausenblas

commit sha de69d9e0e7c602ba48d75db88086c115f58490a6

Merge pull request #2 from lizrice/patch-2 Option to not be using Network Policies

view details

push time in 5 days

pull request commentmhausenblas/aws-container-security-survey-2020

Option to not be using Network Policies

Ha! Great catch :)

lizrice

comment created time in 5 days

issue commentmhausenblas/aws-container-security-survey-2020

Dev, testing questions

Thanks a lot for the suggestion @justincormack! I'm a little concerned about the scoping here since I want to keep the number of questions small and focused on security. Including the above mentioned questions properly would likely result in a suboptimal survey.

I'm really on the fence here since I think it would be an awesome survey in itself. Shall we jump on a call to hash this out, talking about potentially other options since I really, really, really would like to see a DX survey for Kubernetes (independent of AWS). WDYT?

justincormack

comment created time in 5 days

issue commentaws/amazon-eks-pod-identity-webhook

EKS ServiseAccount AWS_WEB_IDENTITY_TOKEN_FILE unix path notation on Windows nodes

Afraid, not from my side @ArturChe but maybe @micahhausler knows?

ArturChe

comment created time in 5 days

issue commentkubernetes/enhancements

Pod Security Policy

Just stumbled upon Kubernetes Pod Security Policies with Open Policy Agent. @tallclair can you share what's blocking us and where help is needed, happy to contribute as well.

erictune

comment created time in 5 days

issue commentcncf/sig-observability

Whitepaper on cloud-native observability

That sounds like a really good idea to me and I'm happy to contribute to this.

AloisReitbauer

comment created time in 5 days

issue openedaws/aws-service-operator-k8s

Create end-user docs

We need end-user documentation for the installation and usage of the software.

created time in 5 days

issue commentaws/aws-service-operator-k8s

Possibility of "adopting" existing AWS resources

Thanks for the clarification @marcindulak. Adopting of existing AWS resources is out of scope, at least for now. I will keep this issue open as a reminder, though for if and when we revisit this topic again.

marcindulak

comment created time in 5 days

issue commentaws/aws-service-operator-k8s

Possibility of "adopting" existing AWS resources

Thanks @marcindulak and can you flesh out your proposal a little, please?

marcindulak

comment created time in 6 days

startedawslabs/ssosync

started time in 6 days

push eventmhausenblas/aws-container-security-survey-2020

Michael Hausenblas

commit sha 74b78f535603b8ffa208b9b6e7b8d6708359f65e

updates plan Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 6 days

startedstakater/Reloader

started time in 6 days

issue openedkubernetes-sigs/aws-alb-ingress-controller

Update docs to IAM Roles for Service Accounts

In the echo server walkthrough kube2iam is used for enforcing least-privileges access control of the IC to the ALB. In late 2019 we introduced the IAM Roles for Service Accounts (IRSA) feature in EKS and this is now considered a good practice to use for pod-level access control to AWS services. I recommend to update the docs with IRSA.

created time in 7 days

push eventmhausenblas/aws-container-security-survey-2020

Michael Hausenblas

commit sha c5219f2d5a57905b782953d157b113b1581646f5

fixes TOC link Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 7 days

push eventmhausenblas/aws-container-security-survey-2020

Michael Hausenblas

commit sha 43df72731406c290df9c3aab41fa26741a1d2051

updates plan Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 7 days

push eventmhausenblas/aws-container-security-survey-2020

Michael Hausenblas

commit sha c73f077aad0b9c7a1140cb84155a9edb22e4e124

inits proposed questions Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 7 days

push eventmhausenblas/aws-container-security-survey-2020

Michael Hausenblas

commit sha f161878121c776798da8bd7aeee2ee065affc5a9

inits content Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 8 days

create barnchmhausenblas/aws-container-security-survey-2020

branch : master

created branch time in 8 days

created repositorymhausenblas/aws-container-security-survey-2020

Questions and results of the AWS container security survey 2019

created time in 8 days

push eventmhausenblas/test-gh-action

Michael Hausenblas

commit sha 9ce99e79c2ab0709a7ea4853a9e16947bca1d59a

bumps GH action Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 11 days

created tagaws-actions/amazon-eks-fargate

tagv0.1

Creates an EKS on Fargate cluster

created time in 11 days

release aws-actions/amazon-eks-fargate

v0.1

released time in 11 days

push eventaws-actions/amazon-eks-fargate

Michael Hausenblas

commit sha 5e78a04dfc904c15f19a2f5c6336e4940924c8ef

relaxes script to accept unset env variables Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 11 days

push eventmhausenblas/test-gh-action

Michael Hausenblas

commit sha 086be0925f0855dd9aa08e86a594c9b9ac213157

fixes creds action Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 11 days

push eventmhausenblas/test-gh-action

Michael Hausenblas

commit sha cf0677d5869fb8d909130b5d7c73612e5d9060f6

tests GH action Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 11 days

created tagaws-actions/amazon-eks-fargate

tagv0

Creates an EKS on Fargate cluster

created time in 11 days

release aws-actions/amazon-eks-fargate

v0

released time in 11 days

create barnchmhausenblas/test-gh-action

branch : master

created branch time in 11 days

created repositorymhausenblas/test-gh-action

created time in 11 days

created repositorymhausenblas/test-ef-ghaction

created time in 11 days

push eventmhausenblas/temporal-opa

Michael Hausenblas

commit sha d3f0f6c4659c62a40d6d53a420f3062163e807e5

adds GitOps use case Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 13 days

push eventmhausenblas/rbac.dev

Michael Hausenblas

commit sha ab0060aa487019fd0b389a40c6b93da1be4602bf

makes tool naming consistent Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 14 days

push eventmhausenblas/rbac.dev

Michael Hausenblas

commit sha 1e7c9e4d58ef356c7856ed99c4c7efb1b1580d9b

adds krane Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 14 days

startedappvia/krane

started time in 14 days

push eventaws/aws-service-operator-k8s

Jay Pipes

commit sha 3c263fc2028c6ba8bb94c206a37497c2756d005b

build out basic runtime and type system Each service controller generated by ACK will have a consistent feel and handle individual service resources using a common interface. This patch defines that common interface in two new packages: pkg/types contains interfaces/types and pkg/runtime contains common implementation code for controllers. Following patches will bring in an example controller for a fake Bookstore API that is built to mimic an aws-sdk-go API interface for a fake API that handles Book resources. The example controller will validate the types and interfaces introduced in this patch.

view details

Jay Pipes

commit sha 842981ad81c8cce80aee1f6339a458cb76859c90

add fake Bookstore API sdk Adds an AWS SDK for a fake Bookstore API. The example service controller will use this SDK when communicating with the backend fake Bookstore API.

view details

Jay Pipes

commit sha df845f1b0e3c8a358b7b9b11f4efb381a8dcbef4

add example service pkg/resource package adds the pkg/resource package to the example service controller. There is a single bookResourceManager[Factory] that implements the types/AWSResourceManager[Factory] interface and glues the faked aws-sdk-go BookstoreAPI bindings that were introduced in the previous patch into the ACK runtime.

view details

Jay Pipes

commit sha 73023fa788713e8dc8a64ff3441c9ca600add7a2

add example controller binary entrypoint and docs Adds an example controller binary entrypoint (`services/example/cmd/controller/main.go`) that represents the code that `ack-generate controller` will generate for a particular AWS service API. Adds some basic docs to the pkg/runtime package to describe how the structs relate to each other.

view details

Michael Hausenblas

commit sha e9a8ab08ed40f06f4c1ea65593dd0fcc0db02798

Merge pull request #39 from jaypipes/scaffolding introduce ACK runtime and types collection

view details

push time in 14 days

PR merged aws/aws-service-operator-k8s

introduce ACK runtime and types collection

This set of three commits adds common ACK types and a runtime system. There are two primary packages:

  • pkg/types contains the core interfaces and type definitions that ACK service controllers use
  • pkg/runtime contains concrete objects that provide a common controller, resource management and reconciler implementation along with all the glue code that ties the aws-sdk-go into the AWS service-specific resource managers.

Included is an example bookstore service that represents how the generated controller scaffolding might look like.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

+3197 -1

0 comment

29 changed files

jaypipes

pr closed time in 14 days

Pull request review commentaws/aws-service-operator-k8s

introduce ACK runtime and types collection

+# `pkg/runtime`++This package contains a set of concrete structs and helper functions that+provide a common controller *implementation* for an AWS service.++The top-level container struct in the package is `ServiceController`. A single+instance of `ServiceController` is created (using `NewServiceController()`)+from the `cmd/controller/main.go` file that contains the ACK controller+entrypoint for a specific AWS service API.++`ServiceController` primarily serves as a way to glue the upstream

upstream?

jaypipes

comment created time in 14 days

Pull request review commentaws/aws-service-operator-k8s

introduce ACK runtime and types collection

+# `pkg/runtime`++This package contains a set of concrete structs and helper functions that+provide a common controller *implementation* for an AWS service.++The top-level container struct in the package is `ServiceController`. A single+instance of `ServiceController` is created (using `NewServiceController()`)+from the `cmd/controller/main.go` file that contains the ACK controller+entrypoint for a specific AWS service API.++`ServiceController` primarily serves as a way to glue the upstream+`sigs.k8s.io/controller-runtime` (here on called `ctrlrt` for short since that+alias we use in the ACK codebase to refer to that upstream repository)+machinery together with ACK types that handle communication with the AWS+service API.++The main `ctrlrt` types that `ServiceController` glues together+are the `ctrlrt.Manager` and `ctrlrt.Reconciler` types. The `ctrlrt.Manager`+type is used to bind a bunch of `sigs.k8s.io/client-go` and+`sigs.k8s.io/apimachinery` infrastructure together into a common network+server/listener structure. The `ctrlrt.Reconciler` type is an interface that+provides a single `Reconcile()` method whose job is to reconcile the state of a+single custom resource (CR) object.++The `ServiceController.BindControllerManager()` method accepts a+`ctrlrt.Manager` object and is responsible for creating a reconciler for each+kind of CR that the service controller will handle.++But how does the `ServiceController` know what kinds of CRs that it will+handle?++There is a `ServiceController.WithResourceManagerFactories()` method+that sets the `ServiceController`'s collection of objects that implement the+`types.AWSResourceManagerFactory` interface.++These resource manager factories *produce* objects that implement the+`types.AWSResourceManager` interface, which is basic CRUD+L operations for a

not sure if CRUD+L is widely known outside of AWS

jaypipes

comment created time in 14 days

Pull request review commentaws/aws-service-operator-k8s

introduce ACK runtime and types collection

+# `pkg/runtime`++This package contains a set of concrete structs and helper functions that

"concrete structs" as opposed to?

jaypipes

comment created time in 14 days

push eventmhausenblas/temporal-opa

Michael Hausenblas

commit sha 89a7beae70f51eee0948db547ef9e260cd6dd1f0

updates auditing Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 14 days

push eventmhausenblas/temporal-opa

Michael Hausenblas

commit sha 0f8846581ba618e5211f5a467a00916d82a6ae7c

updates narrative Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 15 days

startedwebcamoid/webcamoid

started time in 18 days

push eventmhausenblas/temporal-opa

Michael Hausenblas

commit sha 58f14175808ca5788c5485d81aeb91b130a5d467

inits time window input Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 18 days

push eventmhausenblas/temporal-opa

Michael Hausenblas

commit sha 40053e63b44adac7ed7971a0d8caa58a94b4124e

inits time window rules Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 18 days

push eventmhausenblas/temporal-opa

Michael Hausenblas

commit sha 565f75a01203715940bcec6e1409d2dbd26e78bd

completes validating time window example Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 18 days

push eventmhausenblas/temporal-opa

Michael Hausenblas

commit sha c5c119ef3f725a611840590388da4903c65844bb

completes basics Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 19 days

issue commentmhausenblas/mkdocs-deploy-gh-pages

Add support for Pymdown-extensions 7.0

I just cut 1.12, wanna give it a try?

runningcode

comment created time in 19 days

created tagmhausenblas/mkdocs-deploy-gh-pages

tag1.12

GitHub Action to deploy an MkDocs site to GitHub Pages

created time in 19 days

release mhausenblas/mkdocs-deploy-gh-pages

1.12

released time in 19 days

push eventmhausenblas/temporal-opa

Michael Hausenblas

commit sha 722407218da6ed50bb7b1c8be16ccef2abbaccb8

inits basics Rego file Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 20 days

push eventmhausenblas/temporal-opa

Michael Hausenblas

commit sha 780c4b31abf8001a0c8dc10ab55ac424e86436e3

updates basics Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 20 days

push eventaws/aws-service-operator-k8s

Jay Pipes

commit sha 6f35e38025d7f1cbb9bed631bdd3ad9463436c00

don't output empty enums.go file For the `ack-generate types` command, do not output an enums.go file if there are no enum definitions. Also, fixes up a copy/pasta mistake when we renamed from Resource to CRD.

view details

Jay Pipes

commit sha f7255302682d26d01bdf5fc88cb48b89835cb542

Sort CRDs before returning from schema.Helper

view details

Jay Pipes

commit sha 9c1c0c8b71db517a1a8772259a2578b3195b85d7

place types templates in separate directory We're going to be generating the controller implementations in coming patches so in order to do that cleanly, we first move the types-specific templates into a subdirectory.

view details

Michael Hausenblas

commit sha 614130458dfa0494240933a009d07075e72bf17f

Merge pull request #38 from jaypipes/scaffolding types-specific template fixes and cleanup

view details

push time in 21 days

PR merged aws/aws-service-operator-k8s

types-specific template fixes and cleanup

Preparing for generation of controller implementations, this PR includes some rearrangement of the types-specific templates into a subdirectory, a fix to not output enum definitions if there are none and sorts CRDs by exported Go name in order to achieve a consistent types file output.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

+14 -7

0 comment

13 changed files

jaypipes

pr closed time in 21 days

push eventmhausenblas/temporal-opa

Michael Hausenblas

commit sha 6428b4f552b918d995282ef1cc5da2b69708cd9b

renames basics to validating, inits real basics Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 21 days

PR merged mhausenblas/cinf

Guarding monitoring output against wrong pids as well.

Signed-off-by: Matthias Schmidt matthias.schmidt@gmail.com

+6 -0

0 comment

1 changed file

ms140569

pr closed time in 22 days

push eventmhausenblas/cinf

Matthias Schmidt

commit sha 5d78cbd8e138176a9f19571b496be090cf91a0ea

Guarding monitoring output against wrong pids as well. Signed-off-by: Matthias Schmidt <matthias.schmidt@gmail.com>

view details

Michael Hausenblas

commit sha 38b2165b7a0ee52bcf1190f82dfdf0bbe1950b09

Merge pull request #7 from ms140569/master Guarding monitoring output against wrong pids as well.

view details

push time in 22 days

pull request commentmhausenblas/mkdocs-deploy-gh-pages

Update action.sh

Thanks anyways, appreciated!

RemiRigal

comment created time in 22 days

push eventmhausenblas/cinf

Michael Hausenblas

commit sha ffd668b29bbc3d1dd0cb701a20815af4dd1be68d

fixes docs Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 22 days

created tagmhausenblas/cinf

tagv0.6.0

Command line tool to view namespaces and cgroups, useful for low-level container prodding

created time in 22 days

push eventmhausenblas/cinf

Michael Hausenblas

commit sha 4033a2228bac5ee69759c18ef6af7796c0118057

fixes install instructions Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 22 days

push eventmhausenblas/cinf

Michael Hausenblas

commit sha fe31bd9413faeae7feb2bffe2453dd866c9cfab9

fies version rendering issue Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 22 days

created tagmhausenblas/cinf

tagv0.5.0

Command line tool to view namespaces and cgroups, useful for low-level container prodding

created time in 22 days

push eventmhausenblas/cinf

Michael Hausenblas

commit sha 4b1eadd4a1decd7d29995935a69298b98406f123

inits Go mod Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

Michael Hausenblas

commit sha f0d9762f4adffa040bfe77d320819a33e47c45ac

inits make Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

Michael Hausenblas

commit sha 01e0d67669222218b93b031d0a89b499b7827062

inits Goreleaser Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 22 days

push eventmhausenblas/cinf

Michael Hausenblas

commit sha 332759921eb23b032a915189586afb6244538754

inits GH action for release Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 22 days

push eventmhausenblas/cinf

Michael Hausenblas

commit sha 15f1c57055087ca7be45c3af27fb3aa189063434

removes obsolete test env from docs Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 22 days

push eventmhausenblas/mkdocs-deploy-gh-pages

Michael Hausenblas

commit sha fac2eec84aaa3d3de08f0eeb835b1b3f0dfbaa60

fixes build (again) Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 22 days

push eventmhausenblas/mkdocs-deploy-gh-pages

Michael Hausenblas

commit sha c2f30dc9d6916918419b542701c18fe6433d8bb5

fixes build Signed-off-by: Michael Hausenblas <hausenbl@amazon.com>

view details

push time in 22 days

issue closedmhausenblas/mkdocs-deploy-gh-pages

Missing requirements.txt?

As of version 1.10. the action fails unless there's a requirements.txt file in the root of the deployed project. I don't think this is a requirement for mkdocs.

I think the fix is either to document that you must have a requirements.txt file in the root of the project or put an if around the pip install command in the action.sh file. I'm not sure what your intent is though.

Here's the error:

ERROR: Could not open requirements file: [Errno 2] No such file or directory: '/github/workspace/requirements.txt'

closed time in 22 days

berniedurfee

push eventmhausenblas/mkdocs-deploy-gh-pages

RemiRigal

commit sha 84899ade92db2df24ef296b1a211614f25dfa07e

Update action.sh (#16) Added options to specify custom location for requirements.txt file. Signed-off-by: Rémi Rigal <remi.rigal@orange.com>

view details

push time in 22 days

PR merged mhausenblas/mkdocs-deploy-gh-pages

Allow specifying custom location/name for requirements.txt

Currently the action assumes that the requirements.txt file is located at the root of the project, I think it would be better to let the user specified a custom path if needed.

The proposed change first check if the REQUIREMENTS variable has been set, if it is the case it checks that the file does exists, else it defaults to the previous behavior of installing the requirements.txt file at the root of the project only if it exists.

+7 -4

1 comment

1 changed file

RemiRigal

pr closed time in 22 days

pull request commentmhausenblas/mkdocs-deploy-gh-pages

Allow specifying custom location/name for requirements.txt

That makes a lot of sense, thank you @RemiRigal!

RemiRigal

comment created time in 22 days

issue closedmhausenblas/cinf

Panic while trying to inspect cgroup

I'm following your walkthrough.md, using a Vagrant box, and got a panic.

Looking at the namespace,

vagrant@ubuntu-14:~$ sudo cinf --namespace 4026532177

 PID    PPID   NAME   CMD                   NTHREADS  CGROUPS                                                                                  STATE

 12397  12379  nginx  nginx: master proces  1         11:hugetlb:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1      S (sleeping)
                                                      10:perf_event:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      9:blkio:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      8:freezer:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      7:devices:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      6:memory:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      5:cpuacct:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      4:cpu:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      3:cpuset:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      2:name=systemd:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
 12434  12397  nginx  nginx: worker proces  1         11:hugetlb:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1      S (sleeping)
                                                      10:perf_event:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      9:blkio:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      8:freezer:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      7:devices:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      6:memory:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      5:cpuacct:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      4:cpu:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      3:cpuset:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1
                                                      2:name=systemd:/docker/9d46982572191c4b7f8a11598102068ce6d8fed1b09d53b742f4e0598ce614f1

Then by process ID,

vagrant@ubuntu-14:~$ sudo cinf --cgroup 12397:4

 CONTROLFILE            VALUE

 cpu.cfs_quota_us       -1
 cpu.shares             256
 cpu.stat               nr_periods 0 nr_throttled 0
                        throttled_time 0
 notify_on_release      0
 tasks                  12397 12434
 cgroup.clone_children  0
 cgroup.procs           12397 12434
 cpu.cfs_period_us      100000

And that's all as-expected. However, I didn't realize at first that I needed to supply the PID not the namespace ID, and so instead tried:

vagrant@ubuntu-14:~$ sudo cinf --cgroup 4026532177:4
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x0 pc=0x472261]

goroutine 1 [running]:
panic(0x54f520, 0xc8200160d0)
        /usr/local/go/src/runtime/panic.go:481 +0x3e6
github.com/mhausenblas/cinf/namespaces.usage(0x7fff7662e97f, 0xa, 0x7fff7662e98a, 0x1, 0x2, 0x0, 0x0)
        /Users/mhausenblas/Dropbox/dev/work/src/github.com/mhausenblas/cinf/namespaces/namespaces.go:198 +0xb11
github.com/mhausenblas/cinf/namespaces.LookupCG(0x7fff7662e97f, 0xc)
        /Users/mhausenblas/Dropbox/dev/work/src/github.com/mhausenblas/cinf/namespaces/namespaces.go:275 +0x331
main.main()
        /Users/mhausenblas/Dropbox/dev/work/src/github.com/mhausenblas/cinf/main.go:85 +0xdf

I realize this isn't a valid cgroup identifier, 4026532177:4, however, cinf shouldn't outright crash, eh?

For context, I'm using:

vagrant@ubuntu-14:~$ cat /etc/os-release
NAME="Ubuntu"
VERSION="14.04, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"

vagrant@ubuntu-14:~$ docker --version
Docker version 18.06.1-ce, build e68fc7a

vagrant@ubuntu-14:~$ cinf --version
     ___                    ___          ___
    /\__\                  /\  \        /\__\
   /:/  /       ___        \:\  \      /:/ _/_
  /:/  /       /\__\        \:\  \    /:/ /\__\
 /:/  /  ___  /:/__/    _____\:\  \  /:/ /:/  /
/:/__/  /\__\/::\  \   /::::::::\__\/:/_/:/  /
\:\  \ /:/  /\/\:\  \__\:\~~\~~\/__/\:\/:/  /
 \:\  /:/  /  ~~\:\/\__\\:\  \       \::/__/
  \:\/:/  /      \::/  / \:\  \       \:\  \
   \::/  /       /:/  /   \:\__\       \:\__\
    \/__/        \/__/     \/__/        \/__/

This is cinf in version 0.4.0
See also https://github.com/mhausenblas/cinf

Thanks for this awesome tool and small Go utility! It is encouraging me to dig deeper into my understanding of containers. (updated to fix markdown escaping)

closed time in 22 days

clebio

push eventmhausenblas/cinf

Matthias Schmidt

commit sha f7f778a7bf2176513cc4d4550663133065993857

Fixing https://github.com/mhausenblas/cinf/issues/2 Signed-off-by: Matthias Schmidt <matthias.schmidt@gmail.com>

view details

Michael Hausenblas

commit sha 47bb463f45e87829cc75bb7c460b61f89c2385b1

Merge pull request #5 from ms140569/master Fixing https://github.com/mhausenblas/cinf/issues/2

view details

push time in 22 days

PR merged mhausenblas/cinf

Fixing https://github.com/mhausenblas/cinf/issues/2

Signed-off-by: Matthias Schmidt matthias.schmidt@gmail.com

+6 -0

0 comment

1 changed file

ms140569

pr closed time in 22 days

push eventmhausenblas/cinf

Matthias Schmidt

commit sha ebb342d8623e24eb98c72dd9d7076817230aa651

Sort default output by namespace id. Avoids having different output everytime. Signed-off-by: Matthias Schmidt <matthias.schmidt@gmail.com>

view details

Michael Hausenblas

commit sha 31879c13d9f2653660857d21a9eff049094c1cc2

Merge pull request #4 from ms140569/master Sort default output by namespace id. Avoids having different output e…

view details

push time in 22 days

push eventaws/aws-service-operator-k8s

Jay Pipes

commit sha 9f8121886ce6ca8133454ce7f8528cb9e696398e

add unit tests for enum definitions Discovered an issue in outputting integer-based enum definitions while writing the unit tests here. That issue (conversion from float64 to string representation of the integer values) has been corrected in this patch.

view details

Jay Pipes

commit sha 567a6ecf7b6c53eacf10cd2d7234f41de4de1dd4

Output enum defs in separate enums.go file Separates the output of enum definitions into a separate enums.go file. Also now sorts the type and enum definitions before returning from `schema.Helper.GetEnumDefs()` and `schema.Helper.GetTypeDefs()`

view details

Jay Pipes

commit sha 3a60e8216549e765fd3827a4c61937a0f6680821

introduce testutil package Splits out the helper functions for creating a schema.Helper from either a file (relative to "testdata/") or a YAML snippet out into a separate pkg/testutil.

view details

Michael Hausenblas

commit sha 584871e194758466113d1980ef3fe3ca90d3b450

Merge pull request #37 from jaypipes/scaffolding add unit tests for enum definitions

view details

push time in 22 days

PR merged aws/aws-service-operator-k8s

Reviewers
add unit tests for enum definitions

Discovered an issue in outputting integer-based enum definitions while writing the unit tests here. That issue (conversion from float64 to string representation of the integer values) has been corrected in this patch.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

+314 -40

0 comment

12 changed files

jaypipes

pr closed time in 22 days

more