The video version of my “Desired state systems” talk I gave at NDC Oslo in December 2021 is now available on YouTube.

In December 2021 I had the opportunity to present a talk called “Desired state: how React, Kubernetes and control theory have lots in common” at NDC Oslo 2021. This is a text version of that talk. In this post I want to share with you a certain type of abstraction that I’ve encountered over the last couple of years working across the stack. It’s a model that comes up again and again in various areas of computing, from UI engineering to infrastructure management, databases, programming language theory etc.

Requests to our authorization providers started failing with urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)>. At the same time, when testing https calls with the requests library, everything worked. It turns out the library Flask-Oauthlib uses urllib.request.urlopen to talk a provider, and it looked like urllib couldn’t get a hold of certificates, which made the request fail.

I’ve been working a lot with Cython recently. Cython is a programming language based on Pyrex, which gets translated and optimized into C++. You can use it to create optimized C++ extensions using a Python-like language or to glue existing C/C++ libraries with your Python codebase. It’s possible to expose objects both ways. Cython files are similar to C/C++ files in that there are header files (.pyd) and implementation files (.pxd). These are some collected random notes.

Summary: use github.event.release.upload_url as the upload URL for Release assets when triggering a workflow on a published GitHub Release.

I’ve been debugging a bug which recently popped up in our C++ code. We knew it was a problem in the C++ implementation because the Python version worked fine. However, in our unit tests, both the Python and C++ implementations were passing. The problem was inside a string matching routine. After a bit of debugging, I found out that the string matching function was behaving strangely.

Our selenium CI tests started failing after a new version of Google’s Chromedriver came out. As can be seen in the release notes, v91 fixes an issue with the attribute endpoint. ChromeDriver (and other web drivers conforming to the W3C web driver spec) have a client-server architecture where commands are sent to specific endpoints. A command to get an element attribute is executed by a client (for example the Python Selenium module) making a request to a url like http://<web-driver-hostname:port>/session/<session-id>/element/<element-id>/attribute/<attribute-name>'.

We use Flask as our Python web server framework. Recently, our CI tests started failing with a JSON encoding error. Turns out, one of Flask’s dependencies, the itsdangerous package got recently updated to version 2.0. In the new version, the package drops support for Python 2. For compatibility reasons, itsdangerous was using the simplejson package for serializing/deserializing JSON data.

We are using kind for local k8s development and CI testing. kind allows you to run a k8s cluster using docker containers as worker nodes which makes it quick to spin up and tear down an environment. We’ve been having an intermittent issue with the local dev environment as we started using helm charts for deployment of our application, where we could not talk to to an exposed NodePort service of the cluster. This service routes to a Traefik instance running inside the cluster which then routes to our components.