I wrote this on September 7, 2021 and published it on linkedin. However I found that it can be hard to search if I put there. so I put here anoter copy TLDR: if your external SMTP is using port 80 instead of standard ports in an istio mesh, create a Service Entry for the external SMTP. These two days, a strange timeout issue happened in one of our kubernetes clusters when trying to send emails via SMTP even though the same configuration works perfectly on our development machines.

Summary: use digest as the way to refer to docker images in kubernetes resources, put commit id in image labels. An idempotency and immutable infrastructure has a slew of benefits. I am a firm believer of it and I did my best to keep several projects in that way. In the past few weeks, I helped one friend to resolve system structure, performance issue and development experience of one of his projects.

Yesterday I added gitconfig volume and mounted to /root. However today the logs of the workflow shows netrc is mounted to /root as well. They are conflicted. Kubernetes supports projected volume which supports following types. my netrc and gitconfig are in the list. secret downwardAPI configMap serviceAccountToken I made the small tweak to hello world sample workflow. Here is the my demo workflow with projected volumes.

Since I read the textual UML in the 2015 techradar, I am a big fan of it. I used plantuml in my technical writing in Asia Fusion Technology. Later I found asciidoc, and I wanted to combine the two together. I regularly read techradar from thoughtworks and found mermaidjs in NOV 2018 techradar. However it was little hard to integrate that into my site at that time. Today I knew Hugo supports Mermaid Diagrams easily.

Prologue Today I migrated several golang projects to golang 1.18. I had several hiccups today. Let’s called docker buildx multi-context, multi-platform, multi-stage and secrets in action. Multi-platform I started to look into one iOS and android app of our projects one week ago, and started to use Mac Air M1. Mac Air M1 is arm64 based, however our production environment is amd64 based. I had to do some changes to make the images built on my or my colleagues' machine can be runnable in production environment.

I had some projects on github, gitlab and gitee. Their CI pipelines are quite different. To save the troubles and times, it is a natural choice to seek other options to unify on one solution. At first, I looked into jenkins x. However it is quite heavy and with opinions. Considering its Maturity Level Matrix, I am not sure I can make it happen in my limited after hours times.

I needed to clone one of my private repositories in one workflow of argo-workflows. I did’t figure a way to mount git artifact into a shared volume at that time. I sought to other options and find https://github.com/argoproj/argo-workflows/issues/1428 and https://www.jeffgeerling.com/blog/2019/mounting-kubernetes-secret-single-file-inside-pod. The comment https://github.com/argoproj/argo-workflows/issues/1428#issuecomment-775911838 gives an example to add user name and password into https url. Upon I checked the logs, I found that user and password are shown in the logs of a workflow.

Today I found my argo-events sensor executed triggers which I was not intended to. In the logs, I found that ref fields of those non-intended triggers all started with "refs/heads/dev". I checked again with document and found this surprising truth: https://argoproj.github.io/argo-events/sensors/filters/data/#:~:text=If%20data%20type%20is%20string%2C%20you%20can%20pass%20either%20an%20exact%20value%20or%20a%20regex.%20In%20any%20case%20that%20value%20will%20be%20evaluated%20as%20a%20regex. If data type is string, you can pass either an exact value or a regex. In any case that value will be evaluated as a regex. Considing my following data filter, no wonder it triggers more than I expected.

Webhook of argo-events supports authentication, however the field is fixed in header. If your callers don’t do that way, you are screwed. Recently days, I was trying to integrate gitee with argo-workflow and argo-events. I hit the wall here. TOKEN="Bearer af3qqs321f2ddwf1e2e67dfda3fs" curl -X POST -H "Authorization: $TOKEN" -d "{your data}" http://xxxxx:12000/example I kept reading the documents for serveral days and the knowledge sinked in, I got the idea that filters maybe can be used for that as a workaround solution.

I heard from my colleagues that MacAir M1 is picky about mice and you can find many threads in reddit about this if you use the keywords "reddit mac air m1 mouse issues bluetooth" to search. Today is my lucky day, I encountered the issue too. This morning, I brought my Mac Air to office and used the mouse of company. The bluethooth kept spinning and the mouse can’t connect.