https://blackdresses.bandcamp.com/track/slither

1. we slithered out of your reach. all of us had someone like you to run from. our wings were clipped and our limbs were damaged but we crawled and picked our way out as far as we could.

2. we lived by the water. took care of something that made its home deep below the surface. the mother of the depths returned our kindness by giving us her flesh to sustain us. she was sick and diseased like we all were, but she kept us alive.

3. things settled and some of our feathers started to grow back, a different color than before. our bones began to heal - at new angles, but almost as strong as they used to be. we held each other close at night and whispered that things were different now. things were safe. we had to be reminded nightly, or else we’d forget.

4. you found us. you came while we were sleeping. you talked with warm familiarity and i threw up at your feet. you asked me what was wrong - sincere - and i couldn’t answer. i wish it was easier to hate you. i wish you were a bad person, but instead i just think that i am for wanting that.

5. we drove you away, haltingly. i told you i needed more time as if i hadn’t already decided what you were to me. i wish you knew what you did, but i don’t want to tell you. it would be easier if you were something i had nightmares about instead of ugly, complicated dreams. i want to flatten you into a villain but i think that would only turn me into one. please leave me alone. i’m happy now. i’m happy here. please don’t look for me. i promise i’m okay. please go.

listen to me. i’m going to speak plainly
i’m not going to say your name. i’m afraid
because of what i know you won’t mention
all those years of horrible tension
i don’t think youre a monster, hardly
i just think that you fucked up, badly
i can never tell you what you did to me
so i have to settle for this, i hope truly
that you never hear these words that i’m speaking
this is just for me as i’m healing.
it’s not my fault that my soul is a war
that i don’t want to say i love you on the phone anymore
i blame you. but i don’t want to hate you
…but maybe that’s because i’m afraid to
there is a memory of when i was young and i admired you so much.

we got away
but everything reminds us

i admired you so much

6. what comes next? is there anything after? where will we go to now? who will we become?

i wonder.

i’ve never wondered before.

—

everything always changes but its always the same
everything always changes it flickers like flames
everything always changes dice roll to a different face
everything always changes new skin new name
everything always changes but its different sides of one thing
everything always changes in a circle in a ring

Update on enbi (source) — it now monitors Pods with annotations describing which flake to build and what tag that build should produce. When it notices one failing to start due to a missing image matching the annotations, it creates a NixBuild matching the requirements, which in turn runs the build and loads it into the cluster! Successful builds clean up after themselves, though I’m leaving around the NixBuild objects themselves for now. Failing builds leave the Job/Pod in place for troubleshooting.

Updating the version of one of my apps which use my standard pattern for building Docker images with Nix is now just a matter of changing the tag in one place (e.g.); the cluster figures out building it and moving to the new release without downtime.

This has been a fun one week sojourn into writing Kubernetes operators :) The API is pretty neat, controller-runtime feels clean, and it was enjoyable discovering how many assumptions I had to unlearn while negotiating where the controller was running, where its jobs were to be scheduled, how to move data around, and the like.

I’ve seen doineedkubernetes.com dropped a few times in the last week, sometimes by the same kind of person who would in the next thread about something else link Aurynn Shaw’s Contempt Culture. Here’s looking at you!

(i just typed isjavascriptgoodyet.com into my browser — given the focus it receives in the aforementioned essay — not knowing if such a domain existed, and what do you know! Consider who your neighbours are.)

---

To give some more context, I basically didn’t give a damn about k8s, and then one day I read Dear friend, you have built a Kubernetes and it stuck in my mind. It stuck there right up until I was in a work situation where I realised that this was essentially exactly what had happened, and furthermore that the accumulating shell scripts I had been surrounded by for years had cost us so much, and were doing their job so increasingly poorly, that they badly needed to be replaced by something actually purpose-built, and that that something was in fact Kubernetes.

And so I decided to learn it thoroughly, to perhaps apply it in this work situation, but in the end the “engineering dysfunction mirrors organisational dysfunction” property indeed goes two ways and it was going to be more of an uphill battle than I could take on at this point in my life. But now I know Kubernetes, and I am thankful for that. I bounced off Nix the first time I tried it in earnest (2020), too.

Still pre-alpha, but tonight I got the first complete run of a little Kubernetes controller I’ve been wanting!

Wahoo yipee etc.! Right now we have a CRD which triggers a Nix build of a given flake URL, expected to produce a Docker or OCI image — it chooses a node which can build for the target system, spawns a Job which builds the target, and then imports it into the node’s container registry. We assume that something like Spegel is running and so any node that needs the image will pick it up.

The “hard” part (other than writing directly against the k8s API for the first time) was getting the Nix stuff to work well vis-à-vis building in a container while caching everything nicely — the flakes themselves, as well as whatever ends up in the store, as much of it will be reused between versions. Thankfully all the tooling is Cool As Fuck and it was actually really easy. We create a locally-provisioned PersistentVolume per node and stuff $HOME/.cache/nix and the Nix store in there. For now we use a chroot store, but I’d like to try an overlay store in future to avoid potentially duplicating whatever comes along in the nixos/nix image. Importing into the node’s container store is as simple as mounting the host /run and locating containerd’s socket — it differs depending on your k8s distro, and I’m developing on kind while deploying to k3s.

I still have to clean it up in this state, and have plans after this to remove the CustomResourceDefinition and trigger builds automatically when needed, getting the source details from annotations on the Deployment, but I’m happy. I don’t particularly like manually executing builds, nor do I want to stand up a registry and pre-build everything. My cluster runs on two architectures, but whether any given revision of an application will actually ever run on either, both, or any(!) of those is a matter of the particular scheduling constraints for the application and the state of the cluster at any given moment. Rather than waste energy pre-building and storing, let’s build on-demand instead! 💛🤍💜🖤

Was looking through old emails for some receipts (the literal kind, not the Twitter kind), and stumbled upon this beauty of an opener:

Date: 2016-12-19.