(Justin)

Tech nerd from Sweden

Matrix: @jlh:jlh.name

  • 4 Posts
  • 794 Comments
Joined 2 years ago
cake
Cake day: June 10th, 2023

help-circle

  • Yeah housing can be tricky, especially in Stockholm. There is the Stockholm bostadsförmedlingen, which is good to join if you’re a resident, but queue times are completely unrealistic. 10+ years for the nicer neighborhoods. There are a number of student apartments on there though that might be easier to apply for.

    I highly recommend the apartments in Bergshamra and Lappkärrsberget, I have a lot of friends who live there. I think those apartments are owned by the student union. I’ve also seen student apartments on campus at KTH, but I think those are a special arrangement with the university maybe, not sure how you can get those.

    But yeah, the unfortunate reality in Stockholm is that the easiest way to get an apartment is to put up a down payment to buy a condo in a housing coop (“Bostadsrätt”). You can search for those on the government-owned real-estate site booli.se, but it usually takes 2 months for it to clear even after you buy. A typical down payment in Stockholm is 15% of the apartment/house value, ie $30-60k for a typical $200k-400k apartment.

    In a pinch, you can find a room to rent second-hand (“andrahandshyra”) online, but it can be a hassle and expensive to have a landlord, and it’s sometimes a bit grey-market in the Swedish system when it comes to taxes, rent-control, and BRF rules. Plenty of sites for finding those, one is blocket, and you can find many more by googling “hyra lägenhet”.

    Lycka till!


  • Democratic principles are important, but elections are never about one issue and some issues can be pretty divided like this one. I’m not sure if there is a poll for whether trans people should be recognized legally, but I can’t imagine that the majority will of the voters in Illinois is for encouraging LGBT suicides.

    It’s also important to note that even the state isn’t simply there to enforce polls. There are laws and constitution for a reason, and officials are often more informed than the population on snap decisions. Mob rule is a risk that has to be avoided too. I just watched a series called “Show Me A Hero” where like 60-70% of the voting population in Yonkers, NY wanted to segregate housing in the 1980’s. (gerrymandering and voter suppression aside) If there was no laws in Yonkers, then those houses would still be segregated today. However, there are federal laws against racial discrimination, even if NIMBY’s are against diverse neighborhoods. In the end, the federal courts forced Yonkers to desegregate its housing, against the will of the voters.











  • This conversation is about ssds vs hdds in a server environment, but I’m not sure if those claims are true on either environment.

    sata ssds are identical to sata hdds, the controller is just able to write down faster.

    I could see some argument about nvme interrupts/polling being slower than sata at scale, but you’re not going to see a difference on a modern CPU with less than 10 nvme drives.

    Sequential performance is meaningless these days, workstation and server performance are both limited by iops and latency. Raid increases latency slightly, but iops scale linearly until you run out of CPU or memory bandwidth.

    Any file system will always be faster on an ssd than on an hdd. xfs/ext4/btrfs don’t have any hdd specific optimizations as far as I know. ZFS does, but it’s not going to make ssds slower than hdds, it just causes some write amplification.

    Enterprise ssds are cheaper and faster than consumer ssds, you can buy them super cheap on eBay. 2TB with PLP for $100. However, you need to make sure you can fit a 22110 m.2 or have an adapter cable for u.2.

    You’re always going to be better off building raid on ssd than hdd as long as you have the budget for it.



  • Yeah, I think you pick up things from all over the place as a consultant. I see lots of different environments and learn from them.

    Ah yeah, external-dns operator is great! it’s maybe a bit basic at times but its super convenient to just have A/AAAA records appear for all your loadbalancer svcs and HTTPRoutes. Saves a ton of time.

    That’s super unfortunate that the certs are siloed off. Maybe they can give you a NS record for a subdomain for you to use ACME on? I’ve seen that at some customers. Super important that all engineers have access to self-service certs, imo.

    Rook is great! It definitely can be quite picky about hardware and balancing, as I’ve learned from trying to set it up with two nodes at home with spare hdds and ssds 😅 Very automated once it’s all set up and you understand its needs, though. NFS provisioner is also a good option for a storageclass as a first step, that’s what I used in my homelab from 2021 to 2023.

    Heres my rook config:
    https://codeberg.org/jlh/h5b/src/branch/main/argo/external_applications/rook-ceph-helm.yaml
    https://codeberg.org/jlh/h5b/src/branch/main/argo/custom_applications/rook-ceph

    Up to 3 nodes and 120TiB now and I’m about to add 4 more nodes. I probably would recommend just automatically adding disks instead of manually adding them, I’m just a bit more cautious and manual with my homelab “pets”.

    I’m not very far on my RHCE yet tbh 😅 Red hat courses are a bit hard to follow 😅 But hopefully will make some progress before the summer.

    The CKA and CKS certs are great! Some really good courses for those on udemy and acloudguru, there’s a good lab environment on killer.sh, and the practice exams are super useful. I definitely recommend those certs, you learn a lot and it’s a good way to demonstrate your expertise.



  • Well, my point was to explain how Kubernetes simplifies devops to the point of being simpler than most proxmox or Ansible setups. That’s especially true if you have a platform/operations team managing the cluster for you.

    Some more details missed here would be that external-dns and cert-manager operators usually handle the DNS records and certs for you in k8s, you just have to specify the hostname in the HTTPRoute/VirtualService and in the Certificate. For storage, ansible probably simplifies some of this away, but LVM is likely more manual to set up and manage than pointing a PVC at a storageclass and saying “100Gi”.

    Either way, I appreciate the discussion, it’s always good to compare notes on production setups. No hard feelings even in the case that we disagree on things. I’m a Red Hat Openshift consultant myself these days, working on my RHCE, so maybe we’ll cross paths some day in a Red Hat environment!


  • You’re not using a reverse proxy on rhel, so you’ll need to also make sure that the ports you want are available, and set up a dns record for it, and set up certbot.

    On k8s, I believe istio gateways are meant to be reused across services. You’re using a reverse proxy so the ports will already be open, so no need to use firewall-cmd. What would be wrong with the Service included in the elasticsearch chart?

    It’s also worth looking at the day 2 implications.

    For backups you’re looking at bespoke cronjobs to either rsync your database or clone your entire 100gb disk image, compared to either using velero or backing up your underlying storage.

    For updates, you need to run system updates manually on rhel, likely requiring a full reboot of the node, while in kubernetes, renovate can handle rolling updates in the background with minimal downtime. Not to mention the process required to find a new repo when rhel 11 comes out.