It also allows using CEL in ValidatingAdmissionPolicies: - https://kubernetes.io/docs/reference/access-authn-authz/vali...

EDIT: typos and slight wording changes

I lost a couple days of new accounts/passwords because this[1] probably happened.

[1] https://github.com/dani-garcia/vaultwarden/discussions/4921

Why?! Even if you're not sure what to think about the queer movement; even if you have already made up your mind about the queer movement and oppose their ideas or some of them; I refuse to believe that any single person would not want to stop someone from bullying someone else into their own suicide!

hastily jotted rant for the folks who'd like to complain about "politics" from creeping into every discussion everywhere:

It's really sad to see so many folks disconnecting and immediately dismissing whole groups of other folks as soon as they start complaining about an issue they have because of "politics". :(

I get that you don't want to get involved in shit flinging shows and that its tedious to figure out who's in the right and who's in the wrong. Especially because there are never clear answers. If you feel like this and then proceed to complain about 'politics' creeping everywhere, please beware of this:

Pretending to be apolitical doesn't work most of the time, as politics is basically another word for "acting (or deliberately not-acting) in some kind of public sphere" which you all do, and when the "policitics" have arrived at a topic, then they'll stay there at least in that specific case you are witnessing! You just are part of a hyperconnected and confusing world with a lot of conflict, wether you like it or not.

Pretending to be apolitical also serves the upholding of whatever status quo is currently in place because anything that has even a slight chance of changing anything is inherently a political topic.

Please don't turn your heads on "political" topics or, at least, don't complain about it in that way as it mostly enables unjust behaviour to continue. It doesn't even matter if it's the person who brought up the "political" stuff who is acting unjust or the folks they're complaining about). In both cases it's probably better to either avoid commenting at all or to convey your critical thoughts to that "political" conversation.

I just saw the post about Glasskube - an open source package manager for kubernetes [1] and would like to throw package-operator in the ring for y'all to look at and get some feedback on it.

Disclaimer up front: I'm an engineer working on package-operator as part of my SRE work in Red Hat's service delivery org. Opinions are my own, though. :)

Package-Operator is a multi component ecosystem to tackle the package management story for kubernetes in a slighly novel- (and not so novel- when compared with OLM [2]) way:

- `package-operator-manager` is an actual operator running inside your kube-like cluster to control the rollouts and status reporting of your packages

- `kubectl package` is a kubectl cli-extension that helps you build package images and validate beforehands.

- packages are built into and distributed as very small regular OCI images, which let's you re-use the container registry you probably already use as part of your delivery pipeline.

If you're into kube: the really interesting part of package-operator is the way it handles packages within the kubernetes api:

1. Packages get extracted and the containing manifest templates get rendered into an `ObjectDeployment` (or a `ClusterObjectDeployment` if you're installing a cluster wide / non-namespaced `ClusterPackage`)

2. The `ObjectDeployment` in turn creates and manages an immutable `ObjectSet`.

3. The ObjectSet is ordered into reconciliation phases, which can be guarded by probes on status condition or field of objects, to serve as stopgaps before the next phase begins.

4. The ObjectSet uses this phased approach to create and manage the objects contained within the `Package` and also uses specified probes to report the workload status.

5. Status reporting bubbles back up to the `Package` object as you'd expect.

6. When rolling out an updated image by changing `.spec.image` on the parent `Package`, new objects get rendered and the `ObjectDeployment` gets updated.

7. The `ObjectDeployment` then creates a new `ObjectSet` and uses the phased approach again to roll forward from the old to the new `ObjectSet` (similar to how `Deployments` use `ReplicaSets` to manage `Pods`).

We took a lot of inspiration from `Deployments`/`ReplicaSets` for this project. There's still a lot of documentation missing, but if you're interested in playing around, there's a couple of example manifests in the folder `config` [3] in the main repo of PKO [4].

You don't need `Package` images and objects at all and you can directly write `ObjectDeployment` objects as well. Look into `config/examples/nginx` [5] to find some playground inspiration.

As of today, we're successfully using package-operator to deploy and operate managed workloads on top of managed OpenShift. :)

Here's a one-liner to install the latest version package-operator: `kubectl create -f https://github.com/package-operator/package-operator/release...`

[1] https://news.ycombinator.com/item?id=40789862

[2] https://olm.operatorframework.io/

[3] https://github.com/package-operator/package-operator/tree/df...

[4] https://github.com/package-operator/package-operator

[5] https://github.com/package-operator/package-operator/tree/df...

Edit: slightly fixed formatting (or made it worse?).

Comments URL: https://news.ycombinator.com/item?id=40798425

Points: 5

# Comments: 0

Rymdport [2] is a decent cross-platform app using it.

[1] https://github.com/psanford/wormhole-william [2] https://github.com/Jacalz/rymdport

Other books and authors I found really interesting:

- Estela Welldon and her Book "Mother, Madonna, Whore"

- Sándor Ferenczi, who was a close associate of Freud and pioneered the concept of "Identification with the Aggressor", which seems to be the driving force behind what we call "transgenerational inheritance" of trauma. His concept of the "confusion of tongues" between child and pathological adult is also very interesting!

- Mathias Hirsch, a german psychoanalyst who wrote a lot about trauma, love, sexual abuse and was not afraid to explore stigmatized topics. For example:

  - the effects of sexual relations between analysts and their patients (he saw parallels to incestous abuse in a parent-child relationship)
  - sexually abusive mothers and the idealization of motherhood
  - the fact that his pyschoanalyst Günther Ammon, who later became his boss at the Deutsche Akademie für Psychoanalyse, controlled the academy in a cult-like fashion

https://adnauseam.io/

Edit: it's an adblocker that is supposed to click on EVERY ad that it blocks.

Isn't rustls [1] also built on very unsafe groundwork? Namely ring [2], which, according to github, contains 47.3% Assembly and some C as well.

I'm not trolling here - we were discussing this a lot in my peer group lately.

[1] https://github.com/ctz/rustls [2] https://github.com/briansmith/ring

That is really a tough UX problem... Maybe a room could have a "sensitive content" flag that is enabled by default for one-on-one chats and can be manually enabled for group chats.

BTW: I absolutely love the cross-signing move and riot/matrix in general! :) Thanks for your great work on this!

Does anyone run their own image cache/proxy and is now happy that they are not affected by this issue? If so: what solution are you using?

https://en.wikipedia.org/wiki/Escrow

I feel your pain :( couple days ago someone posted this: https://jami.net

https://news.ycombinator.com/item?id=22755596

a simple dashboard to set up and manage a wireguard vpn server

Only heard coworkers rant about the XML stuff...

Edit: Taken from certmagic docs

Instead of:

// plaintext HTTP, gross

http.ListenAndServe(":80", mux)

Use CertMagic:

// encrypted HTTPS with HTTP->HTTPS redirects - yay!

certmagic.HTTPS([]string{"example.com"}, mux)