Skip to main content

Posts

Careful with externalTrafficPolicy

On a project I am working on is hosted in an EKS cluster with the NGINX ingress controller (the one maintained by Kubernetes). It is deployed using it's official official Helm chart, which I realized, after a lengthy debugging session, was a mistake. The initial setup I aimed to improve had several flaws. Firstly, we were using the AWS Classic Load Balancer in front of the nginx ingress in the cluster, which has been deprecated for some time (years?). Continuing to use it makes little sense to us. The second issue was that we were only running one(!) nginx pod, which is quite sketchy since the exposed web services had essentially no high availability.  I switched to the Network Load Balancer (NLB), which was straightforward - I just needed to change the ingress-nginx service annotation to specify the load balancer type as NLB: service.beta.kubernetes.io/aws-load-balancer-type: nlb However, increasing the replica count turned out to be tricky. When I bumped it up to two, I began to ...
Post a Comment
Read more
Recent posts

Vanta is a pretty good tool

  On a project I've been working on, I've been preparing for SOC 2 Type II certification. My responsibilities have mostly been on the engineering/IT side, ensuring that our SaaS is deployed and developed according to SOC 2 processes. This isn't something a developer would willingly or enthusiastically take on, right? I can’t believe I’m saying this out loud, but actually ... it hasn’t been that bad. The biggest reason for this has definitely been Vanta . Vanta has distilled the rather hard-to-decipher process descriptions into actionable items. As far as I know, SOC 2 isn’t a one-size-fits-all (SaaS provider) certification; it differs according to the stack - which makes sense. Plugging in all our services, from cloud providers to issue trackers, spits out a tailored task list. The task list can even include literal Terraform code examples, which you can copy-paste with minor changes. You could kind of get a similar list from AWS Audit Manager or AWS Security ...
Post a Comment
Read more

Debugging slow connection open to PgCat

On a project I'm working on we are using PgCat as the PostgreSQL frontend. We chose it mainly based on gut feeling as pgbouncer seems a bit dated, although it would have arguably been the safe choice. I was looking into the connection times using our tracing tool (Sentry) and noticed that establishing connections takes about 50ms.  That is a bit slow, right? It was easy enough to confirm that it is indeed very slow. Establishing a direct connection to the mostly idle Postgres is in the sub-5ms range. I quickly found a  ticket  about connection slowness,  hinting that the problem could be related to TCP_NODELAY. Essentially, it disables Nagle's algorithm , which batches small packets together. I guess that establishing connections from the client to PgCat is such a light process that the extra buffering is actively harmful. And sure enough, after upgrading PgCat, we see sub 5ms connection times.  So why use PgCat at all? For us, it is for scaling purposes but not...
Post a Comment
Read more

Canyon Precede:ON 7

I bought or technically leased a Canyon Precede:ON 7 (2022) electric bike last fall. This post is about my experiences with it after riding for about 2000 km this winter. The season was a bit colder than usual, and we had more snow than in years, so I properly put the bike through its paces. I've been cycling for almost 20 years. I've never owned a car nor used public transport regularly. I pedal all distances below 30km in all seasons. Besides commuting, I've mountain biked and raced BMX, and I still actively ride my road bike during the spring and summer months. I've owned a handful of bikes and kept them until their frames failed. Buying new bikes or gear has not been a major part of my hobby, and frankly, I'm quite sceptical about the benefits of updating bikes or gear frequently. I've never owned an E-bike before, but I've rented one a couple of times. The bike arrived in a hilariously large box. I suppose there's no need to worry about damage durin...
Post a Comment
Read more

SAML 2 with django-allauth

Django-allauth got SAMLv2 support last August. It has been and continues to be an exceptionally complete package for all authentication-related things. SAML in 2024? Sure, it is OAuth or something more modern you would usually want, but as we all know, we only sometimes have that choice. In this post, I will explore how to integrate customer users into a SaaS product using SAML. The official documentation covers the installation part. It also has an example of configuring it in the settings file. Alternatively, the settings can be stored in the DB. Often, SAML is used to integrate all users (and roles) from specific organizations. So, if a customer, say, Acme, wants to start using our SaaS product, all their user information often uses the same integration. In this case, Acme wants to use SAML. Let's slap the configuration to the DB. Here is a screenshot of an example config, viewed through the Django admin. Their identity provider could be anything, and I have filled in the setti...
Post a Comment
Read more

2023

It was a year of wrapping up a major project I've been working on for several years. Nothing is, of course, ever truly finished in software, so "fully released" is maybe a better choice of words. In 2023, I was also part of starting a new, presumably soon-to-be megaproject. This led to me switching jobs. See this tweet My new employer is an early-stage startup. I have never been on one, so I wanted to know what that is like. We are a close-knit team, quite different from the 100+ member projects I began my career with. Before fully committing to the new one, I juggled two jobs for six months. I was a (primarily) mobile developer by day and transformed into a web developer by night (actually, I did most of the coding on weekends). My first assignment was related to setting up the frontend, which I ended up doing with NextJS + Tailwind + shadcn/ui combo.  My working days have changed dramatically. Earlier in the year, I worked on a reasonably stable and mature organization ...
Post a Comment
Read more

Motivated Developers Do Valuable Things (Mostly)

I have a provocative claim that people do what they want in a given software organization and then play the game of scrum or some similar established process. A more nuanced way of putting that is that we (developers) are incredibly easy to sidetrack from the commonly agreed "most important TODO items." Sure, we follow the abstract, larger vision of a given product, but the more granular the level, the more variance there is in people following the predetermined issue list. When it is written or said out, all that does not seem that provocative. It is actually written in agile process documentation, but not in those words. Agile process talks about "requirement volatility" which can be seen as a similar thing I am talking about. Given most employees do what they want, how do organizations keep on top of that? Now, for what might seem like a continuation of stating the obvious: meetings and issue trackers are vital tools for monitoring team activities. Motivated indi...
Post a Comment
Read more