Skip to main content

- Defending Internet Freedom

- IndieHosters

- Give Docker Trainings

-, yet another Docker PaaS

- Meteor Freelancer

- ToS;DR

- IndieWeb

- I have something to Hide and you?

- Framasoft

Pierre Ozoux

Weekly - 28th of January - StandardCRDs

6 min read

I'll start a series of blog post where I'll share the work I did during the week on Free Software.

This is the opportunity to make visible a work that is not often visible to people. And also a way to test ideas and the way to explain them.

I hope you'll like it, and feedback is really appreciated.

Resume of last week

My current focus is on Standard CRDs, it is a bit the mother of the battles for me at the moment. This is a long shot, and I'd like to get feedback from the kube community.

Standard CRDs

What is a Resource in Kubernetes

Let's step back and define what is Kubernetes. Kubernetes is becoming The cloud API. With it, you can schedule compute, storage and LoadBalancers. You have a nice abstraction to deploy your workload the same way on different cloud vendors or on premises.

This API is based on the Kubernetes Resource Model. I recommend you to read this really nice document explaining the management of these resources. It looks like an academic recipe to build distributed system, but it is already implemented!

Most of the resources are defined upstream. As it is a cloud API, you can find the following resources:

  • pods - compute
  • endpoints, services, ingress - network
  • PersistentVolume, VolumeSnapshot - storage

All you need to make a good cloud API.

The Kubernetes API is also nice to work with as you get, out of the box, the following features:

  • authentication (OpenIdConnect, ldap, there are many plugins)
  • authorization with RBAC
  • versioning of all the objects

What is a CRD

CRD stands for Custom Resource Definition. It is a standard way to extend Kubernetes API. The amazing part is that it is really easy to add new building blocks to Kubernetes API. You deploy your object definition (CRD) then the associated controller. And then you are ready to deploy instances of your objects.

For example, you can create a PostgreSQL object. Then you deploy the associated controller (some people call this an operator). And then, as a user, you can create PostgreSQL instances, just by deploying the configuration of it.

Why do we need a standard

Currently, just for PostgreSQL, I counted 5 different implementations. From my experience, when there is no standards, there is FUD in the market (Fear Uncertainty and doubts). I experienced that 2 times in the container ecosystem.

When CoreOS introduced rkt, suddenly I felt a little halt in the growth of the container ecosystem. Especially in the Enterprise market, these technology shifts are really expensive. And if you are betting on the wrong technology, the consequences can be dramatic. The OpenContainerInitiative was a response to these doubts. The initial problem is that, docker was used by everybody. But the governance of docker was in the hand of one company. And Docker Inc behaved badly with the community. Hence, there was a need for a well defined standard. CoreOS, a company betting on the container adoption understood early that it was a threat to their business. That's why they introduced rkt, to force Docker Inc join the Open Container Initiative. One year later, the market normalized again and everybody was confident that the technology they were using would be indeed useful for the next 10 years.

It happened the same with the Orchestrator. I remember spending months to watch this space. Who will be the winner between DockerSwarm, Kubernetes, Nomad, Marathon. When RedHat joined Google to develop Kubernetes, this was already a signal that this is a good bet. Then Google donated this Project to the Linux Foundation and created the Cloud Native Computing Foundation. This is why Kubernetes started to sky rocket. It was then a standard supported by the Linux foundation.

I really believe in standards, and these are good to enable mass adoption of technologies.

That's why we need to define what is a PostgreSQL instance upstream in Kubernetes. This would enable a greater adoption of this functionality and allow more collaboration between the different implementations.

What is a KEP

The definition from upstream:

A Kubernetes Enhancement Proposal (KEP)
is a way to propose, communicate and coordinate
on new efforts for the Kubernetes project.

Think of it as an RFC in the Internet world.

Standard CRD KEP

So now you can understand why I'm so fascinated by that this week. And the good news is that I found a KEP already opened since many months. I then started to work on an implementation proposal.

You can find the presentation of the kubernetes enhancement proposal.

You can discuss the associated issue.

And here is my concrete proposal to solve this.

Next week objective


Toot of the week

An interesting discussion about energy consumption and self hosting


If you arrived until here, I'd like to thank you for your precious time.

If you could react on what you want more, and what you want less, this would be helpful to make this more interesting for you.

If you found it interesting and you know someone that could be interested, please share around.

Last thing, if you have a question, please ask here, next week, I'll answer one.

Pierre Ozoux

Cambridge Analytica whistleblower

2 min read

Maybe you saw that revelation of facebook breach.

A lot of people are shocked, and it was also for me the drop to quit facebook.

But, it is really nothing new. we accepted it, even if we didn't read the terms.

Surveillance capitalism, is really bad for democracy, and since Snowden revelation, we know that they collaborate with state surveillance, which is nothing to reassure citizens from the world. And as you can see, even in our so called "democracy" the leader can change quickly to somebody you didn't really expect to have all this data in their hand.

I'll make here a little list of articles that prove that it is nothing new, and shocked me before:

Our digital twin maybe reveals more than what we actually know about ourself. And they can manipulate our real person.

Is it not enough power? No there is something even scarier. We are living in a panopticon, always knowing that somebody can watch us. And you might think, who care? I was really surprised to learn that traffic to wikipedia entries about terrorism dropped after Snowden revelations. So yes, we are now afraid to learn more about our world because we are under surveillance!

If you think like me that this is scary, and you have something to hide, then quit and/or donate to Terms of Service - Didn't Read crowdfunding campaign!

Pierre Ozoux

If you plan to found a startup, great read from @benwerd

Pierre Ozoux

Having a bit of fun with Hetzner free cloud and kubernetes before GOT

1 min read

Following this tutoriel from my GF's ubuntu :)

apt-get install pip
pip install pssh
cat > servers < < | apt-key add -
cat </etc/apt/sources.list.d/docker.list
deb$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable

curl -s | apt-key add -
cat </etc/apt/sources.list.d/kubernetes.list
deb kubernetes-xenial main

apt-get update

apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}') kubelet kubeadm kubectl

pssh -O StrictHostKeyChecking=no -h servers -i -t 0 -I < ./

My master will be the 22

run this on this node:

kubeadm init --pod-network-cidr=

Run this on the workers:

kubeadm join ... # the join command you got from the init

And again on the master:

export KUBECONFIG=/etc/kubernetes/admin.conf
kubectl apply -f
kubectl apply -f

 voila :)

kubectl get no
kubectl get po --all-namespaces

ok, it took 1h30, and not 15min as expected at the beginning :/ So no GOT, but just H2G2, and dodo :)

Pierre Ozoux

Looks like an amazing tool! Mozilla and the Washington Post Are Reinventing Online Comments – The Mozilla Blog

Pierre Ozoux

Just received my brand new computer SlackReady with 16GB of RAM :slightly_smiling_face: Can't wait to see gif in 60fps :troll:

Pierre Ozoux

Pierre Ozoux

Pierre Ozoux

We are moving out of , end of next month.
If you re looking for a washing machine, a fridge, a car, heaters, deshumidifier, body board, or any kind of furniture, please ping me!

Pierre Ozoux

Pour tous mes amis fouteux, je suis heureux ce soir :) La L1 de football rebaptisée Ligue 1 Conforama