2025-05-09 04:35:19
In the early days of IT, we manually configured servers–each one a precious snowflake, lovingly maintained and documented. But the size of the infrastructure grew, and this approach couldn't scale. Chef and Puppet popularized the idea of Infrastructure-as-Code: engineers would define the state of the machine(s) in text files, stored in Git–hence the name. A global node would read these files to create a registry. Then, a local agent on each machine would check the desired state at regular intervals and reconcile the current state with the registry.
\ The first generation of Infrastructure-as-Code managed the state of existing machines but assumed the machine was already there. The migration to the Cloud created another issue: how do you create the machine in the first place? Another IaC tool appeared in the form of Hashicorp's Terraform. Terraform came with its own fully descriptive language, aptly named the Terraform language.
\ However, it doesn't offer a central registry, and you need to run a command to reconcile the desired state with the current state. Terraform was a huge success. When Hashicorp moved away from a pure open-source license, the community forked it and christened it OpenTofu. Furthermore, IBM recently acquired Hashicorp.
\ Terraform isn't without issue, though. Some feel that the descriptive configuration language is limiting. Pulumi offers to describe the infrastructure in a couple of existing programming languages, e.g., Python, JavaScript, and Kotlin. Instead of repeating ten configuration lines with only a single parameter changed, you can write functions and loops.
\ Another issue was the lack of a central registry and automated drift correction. In the current technological landscape, which tool offers such features? Kubernetes! It makes a lot of sense to use Kubernetes to address Terraform's limits; that's the approach of Crossplane by Upbound.
\ I'm working on Kubernetes these days. Recently, I wrote a series on how one could design a full-fledged testing pipeline targeting Google Kubernetes Engine. The second part mentions creating a Google Kubernetes Engine instance in the context of a GitHub workflow. In this post, I want to assess Crossplane by creating such an instance.
\ It seems weird that to create a new Kubernetes cluster, one needs a Kubernetes cluster. I admit my use case is a bit weird, but I think that if I can achieve this edge case, I can achieve more nominal ones.
Crossplane is like an engine, using a Kubernetes registry and reconciling behavior to manage resources. Resources include virtually anything: cloud resources, GitHub projects, and organizations, Terraform (!), or software stacks, such as Kafka and Keycloak, etc. By default, it doesn't know about these resources, but you can extend its capabilities via packages. Packages are of two kinds:
\
Deployment
(or any other relevant object) and a Service
. In most cases, you'd rather offer a single Application
abstraction to developers. Crossplane allows you to compose objects to create abstractions and deliver them in configuration packages.\
Providers: a provider integrates with a third-party system, whether a cloud provider or any other system. For example, Crossplane offers a Google Cloud Platform provider. Crossplane offers three provider categories:
Official, developed, and supported by Upbound
Partner, developed by a third-party
Community, developed by the community in general
\
Upbound offers providers for the main hyperscalers, while the community has created a couple for smaller ones, e.g., Scaleway or OVH.
The first step is to install Crossplane itself. I use a simple Helm Chart with the default configuration. I'm following the advice to install it in its dedicated namespace, crossplane-system
.
\
helm repo add crossplane-stable https://charts.crossplane.io/stable
helm repo update
helm install crossplane --create-namespace --namespace crossplane-system crossplane-stable/crossplane
\
You should see two pods running in the crossplane-system
namespace:
\
NAME READY STATUS RESTARTS AGE
crossplane-6f88554645-b2xng 1/1 Running 1 (1h ago) 1h
crossplane-rbac-manager-75bc66d6b7-8p2fh 1/1 Running 1 (1h ago) 1h
\
We are now ready to start the real work. We target Google Cloud Platform, hence, we need to install the GCP provider. The marketplace offers many available providers. The first challenge is to locate the one that contains the abstraction we want to create. Since we want to create a Cluster
, we need the provider-gcp-container.
\
Cluster is the Schema for the Clusters API. Creates a Google Kubernetes Engine (GKE) cluster.
\
We create a Provider
object that points to the provider package:
\
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-gcp #1
spec:
package: xpkg.upbound.io/upbound/provider-gcp-container:v1 #2
\ We can list the installed providers:
\
kubectl get providers
\ The result should look like the following:
\
NAME INSTALLED HEALTHY PACKAGE AGE
provider-gcp True True xpkg.upbound.io/upbound/provider-gcp-container:v1 28m
upbound-provider-family-gcp True True xpkg.upbound.io/upbound/provider-family-gcp:v1.12.1 28m
\ At this stage, we can manage GKE instances with Crossplane.
\ Google offers several ways to authenticate. Here, I'll use the straightforward JSON credentials associated with a Service Account. Get the JSON from the Google Cloud console, then import it as a secret in Kubernetes:
\
kubectl create secret generic gcp-creds -n crossplane-system --from-file=creds=./gcp-credentials.json
\
In the Crossplane model, a Provider
object is generic and relevant to a single provider. On the other hand, a ProviderConfig
is relevant to a project, including its credentials.
\
apiVersion: gcp.upbound.io/v1beta1
kind: ProviderConfig
metadata:
name: gcp-provider
spec:
projectID: xplane-demo #1
credentials:
source: Secret
secretRef: #2
namespace: crossplane-system
name: gcp-creds
key: credentials.json
\ The last step consists of creating the cluster. I tried to set the same configuration as in the command line of the original post, but I must admit I couldn't map every single option.
\
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
name: minimal-cluster
spec:
forProvider:
initialNodeCount: 1 #1
location: europe-west9 #1
nodeLocations: [ "europe-west9-a" ] #1
network: projects/xplane-demo/global/networks/default #1
subnetwork: projects/xplane-demo/regions/europe-west9/subnetworks/default #1
ipAllocationPolicy:
- clusterIpv4CidrBlock: "/17" #1
resourceLabels:
provisioner: crossplane #2
providerConfigRef:
name: gcp-provider #3
writeConnectionSecretToRef: #4
namespace: default
name: kubeconfig
environment
ProviderConfig
we created abovekubeconfig
to connect to the created GKE\
You can follow the creation of the GKE cluster both on the Google Cloud console and via kubectl
.
\
kubectl get cluster
\ We can see here that the cluster is not ready yet:
\
NAME SYNCED READY EXTERNAL-NAME AGE
minimal-cluster True False minimal-cluster 2m46s
\
We can use the kubeconfig
Secret
that Crossplane created along with the Cluster
to connect to the latter. First, let's dump the Secret
value to a file:
\
kubectl get secret kubeconfig -o jsonpath="{.data.kubeconfig}" | base64 --decode > kube.config
\
At this point, we can use it to send requests to the newly-created Cluster
:
\
kubectl --kubeconfig ./kube.config get pods
\
To delete the GKE instance, it's enough to delete the local Cluster
. Kubernetes and Crossplane will take care of sending the DELETE
request to Google Cloud.
\
kubectl delete cluster.container.gcp.upbound.io minimal-cluster
\ The command is synchronous: you won't get the prompt back until the GKE instance is removed.
\ In this post, I used Crossplane to create a simple GKE cluster. Using Kubernetes for the registry and the reconciling behavior is ingenious. Of course, Crossplane is as good as the number of integrations it offers. At the moment, it can already manage all major hyperscalers, plus a couple of smaller ones.
\ To go further:
\
Originally published at A Java Geek on May 4th, 2025
2025-05-09 03:00:04
So, here I am, working as a cable guy - Jim Carrey’s style. I’m losing my mind because a regular job is hard to find.
\ There’s a little girl working with me. She’s a year older than my daughter. As Trump likes to say, a beautiful baby girl. She’s studying to be an architect one day. In the meantime, we’re on the field because cable and Internet networks are waiting to be built.
\ She’s fluent in English, Russian, and Ukrainian. I’m having a hard time wrapping my head around her choices.
\
-You’re born to freelance. You deserve better.
\ -I’ve tried Upwork. It doesn’t work for newbie freelancers.
\
\
\ This is where my story begins.
It’s been 96 months, give or take, since I purged my accounts on Freelancer.com and Upwork. I used to be among the top 100 freelancers on Freelancer when there were “only” 20M remote workers riding on this platform. Now, there are 80M and counting. I used to be one of the top-rated freelancers on Upwork, before and after the so-called “Great Merge” (when oDesk and Elance started their remote work romance in 2013).
\
Pride goeth before destruction, and a haughty spirit before a fall.
\ Proverbs 16:18
\ Yup, tried-and-true.
\ My hypothesis was simple. An experienced five-star freelancer can start from scratch on any platform and be successful. He or she doesn’t need reviews or Benjamins. From zero to a freelance hero, like Robert De Niro (in the “Heat,” for example).
\
\
\ Thus, don’t blame a freelance platform, but your remote work attitude that’s screaming for a reform. That’s theory. The time has come to put my hypothesis to the test.
\ If I can do it and make it, then my younger female colleague should be able to do it too. It’s not about proving who’s right, but that freelancing is worth the fight. Right? Right?
From the very first moment, something was off. What happened to a bunch of free connects for happy new Upwork freelancer moments?
\
\
\ This isn’t a fair trade, I refuse to upgrade. There has to be a way to play. Ah, here it is.
\
\
\
\ It’s a Catch-22. For every single one of these tasks, I need money, my Upwork honey.
\ WTF, I’m stuck. It didn’t used to be this way back in the day. Upwork has closed its doors for newbie freelancers. The young girl was right all along. Let me go back to the beginning of all beginnings - Freelancer.com.
Here’s a screenshot I took years ago.
\
\ I used to be one of the top 100 freelancers on Freelancer.com. Can I do it again?
\ I had to swallow my pride and take a new freelance ride. I waited about a month for my groundbreaking first five-star review. Then, in less than two weeks, I got my third review in a row. The best thing about it, I paid nothing for it. The good old Freelancer.com still had a free membership option. You know, first you make money, then your freelance platform makes it. This is how it’s supposed to work, since the beginning of freelance times.
\ As I’m sharing this story, I’m working on my 4th project. With this money, I’m going to invest even further to get verified. Then, I’m going to apply to be a part of the Preferred Freelancer Program. What’s that? Well, that’s Top Gun for freelancers. The best projects and clients for the best of the best.
Upwork and Freelancer.com aren’t the only freelance platforms out there, but they are the oldest and biggest ones. I don’t know about you, but I get so annoyed when I see the so-called “ultimate lists” on X and/or LinkedIn where people, who probably haven’t spent a single day working as freelancers, share platforms in no particular order. It looks so nice and promising. The catch is that you lack the full picture.
\ Do you have to pay to play? Meaning, do you have a fair starting point with no investment? What are your money withdrawal options? Are all of these freelance platforms newbie-friendly? Can you expect top clients and projects to come your way? You see, the remote work devil is in the details; all these lists are leaving out.
\ So, if you’re asking me, new freelancers should try the old platforms first. Guru comes to my mind, besides Upwork and Freelancer.com. I used to call these platforms “The Freelance Triumvirate” for a reason. Fiverr is alright too, but it’s a completely different kind of remote work beast. I’m talking about the good old freelancing in a strictly “traditional” way, you know, bidding and projects, not gigs and catalogs.
\ As you can see, I have lost a lot of weight since I used to write under the username “Words Industry,” but I didn’t lose my freelance faith.
\
\
\ Just in case, if you’re wondering what is the best freelance platform out there, my answer hasn’t changed all these years: it is the one you are making money on. Just like the best publication is the one without a paywall, and where you get published despite all controversies, as long as your claims and findings are based on facts and trustworthy sources.
2025-05-09 02:59:04
\ As AI compresses the B2B software development lifecycle, more apps are coming to market than ever before. But business buyers aren’t cutting corners on security. Enterprise-grade standards like SAML, SCIM, and role-based access control are no longer nice-to-have for these customers, they’re the expectation. For developers, that’s a problem: these features are notoriously difficult to implement and can distract from shipping product.
\ Enter Tesseral, which emerges from stealth today with $3.3M in seed funding to take that burden off developers’ shoulders. The San Francisco-based startup is building the open source authentication infrastructure for B2B software, on a mission to make “security-by-default” the new baseline.
\ “For all the changes that will visit the SaaS industry over the next decade, authentication isn't going anywhere, and fast-moving teams can't afford to burn time and energy building in-house solutions,” Ned O’Leary, Tesseral co-founder and CEO explained. “Tesseral empowers startups with secure, production-grade infrastructure that's fast to implement, easy to maintain, and secure."
\ Co-founders Ned O’Leary and Ulysse Carion met while working at Gem, where they bonded over a shared enthusiasm for solving problems most people try to avoid. Ned previously worked at BCG, specializing in M&A and corporate strategy. Ulysse, a veteran security engineer, led identity efforts, including SSO, permissions, and audit logging, at Segment through its $3.2B acquisition by Twilio. Before launching Tesseral, the pair built SSOReady, an open source SAML auth tool used by early adopters like Gumloop, GovAI, and RunReveal.
\ Tesseral counts a stacked group of early-stage investors, including Dalton Caldwell, Y Combinator managing partner; Jessica Livingston and Paul Graham, Y Combinator co-founders; Calvin French-Owen, co-founder and former chief technology officer of Segment; Steve Bartel and Nick Bushak, co-founders of Gem; and Mike Wiacek, founder of Stairwell; among others.
\ “Everyone needs auth, but it’s still surprisingly painful,” said Caldwell. “Ned and Ulysse have built something elegant that developers actually want to use—and that’s rare.”
\ With fresh capital in hand, Tesseral is scaling its open source platform to offer developers flexibility and high-growth companies the enterprise-grade capabilities they need to build with confidence.
\ The platform is open for early access at www.tesseral.com.
2025-05-09 00:05:52
How are you, hacker?
🪐 What’s happening in tech today, May 8, 2025?
The HackerNoon Newsletter brings the HackerNoon homepage straight to your inbox. On this day, Nazi Germany surrendered & World War II was over in 1945, and we present you with these top quality stories. From Build a Smarter Store: Let GPT Label Your Products and Predict What Sells Next to Speechify, ElevenLabs, Hume: Which AI Voice Can Actually Feel Something?, let’s dive right in.
By @hacker9038799 [ 3 Min read ] RocketReach, Hunter, Lusha get expensive, fast. So we built an open-source alternative for discovering and verifying professional emails. Read More.
By @badmonster0 [ 11 Min read ] Build a real-time knowledge graph for product insights and recommendations with taxonomy and complementary taxonomy LLM extraction. Read More.
By @anywhichway [ 5 Min read ] Explore how AI text-to-speech engines (Eleven Labs, Hume, iCednant Speech, Speechify) perform when generating emotionally nuanced speech. Read More.
By @neer-varshney [ 5 Min read ] Google, OpenAI, Perplexity, they all want one thing — to control the very portal through which you access the digital world, i.e. the web browser. Read More.
By @johnwrites [ 4 Min read ] Which crypto ETF will be next? Bloomberg raises odds for Solana, XRP, and Litecoin ETFs in 2025 as SEC review timelines tighten. Read More.
🧑💻 What happened in your world this week?
It's been said that writing can help consolidate technical knowledge, establish credibility, and contribute to emerging community standards. Feeling stuck? We got you covered ⬇️⬇️⬇️
ANSWER THESE GREATEST INTERVIEW QUESTIONS OF ALL TIME
We hope you enjoy this worth of free reading material. Feel free to forward this email to a nerdy friend who'll love you for it.See you on Planet Internet! With love, The HackerNoon Team ✌️
2025-05-09 00:00:37
\ Seattle, WA, 6th May — IPinfo, the internet data company, today announced the launch of IPinfo Lite, a new data product delivering free, enterprise-grade, country-level IP geolocation and ASN data. With daily updates, no usage limits, and uncompromised accuracy, IPinfo Lite sets a new standard for free product offerings in IP address intelligence.
\ Unlike other providers who offer lower quality data and restrict usage in their free offerings, IPinfo Lite offers commercial rights and the same highly accurate and rigorously validated IP data that is trusted by its paying customers.
\ “We created IPinfo Lite to bring high-quality country and ASN data to everyone – developers, startups, and enterprises alike – so they can build and scale faster, without compromise,” said Ben Dowling, founder and CEO of IPinfo. “This isn’t just a stripped-down version of our core product. It’s a standalone, mission-critical product that supports our commitment to setting a new standard in IP data excellence.”
\ Key Features of IPinfo Lite:
\ Primary Use Cases:
\
IPinfo Lite is designed to support a wide range of business efforts, from commercial applications to academic research to community initiatives, without the usual friction.
\ Developers and data teams can start using IPinfo Lite today by visiting ipinfo.io/lite. Full API documentation and data download options are available to get started in minutes.
\ IPinfo is the internet data company, providing the world’s most accurate IP data that delivers highly contextual metadata on each IP address, from geolocation and mobile carrier to privacy detection and proxies. IPinfo is trusted by more than 500,000 users, from developers to Fortune 500 companies, who use IP data to make smarter decisions, mitigate security risks, ensure regulatory compliance, and drive better customer experiences. IPinfo’s robust and secure API processes more than 1 billion requests daily, with data also available through direct download and leading cloud platforms, all backed by a team of data experts who are committed to precision. Discover the power of better IP data at IPinfo.io.
\ Contact Name: Meghan Prichard
Phone Number: 1 (800) 731-7893
\
2025-05-09 00:00:25
1.1 ESPRIT algorithm and central limit error scaling
1.4 Technical overview and 1.5 Organization
2 Proof of the central limit error scaling
3 Proof of the optimal error scaling
4 Second-order eigenvector perturbation theory
5 Strong eigenvector comparison
5.1 Construction of the “good” P
5.2 Taylor expansion with respect to the error terms
5.3 Error cancellation in the Taylor expansion
C Deferred proofs for Section 2
D Deferred proofs for Section 4
E Deferred proofs for Section 5
F Lower bound for spectral estimation
\
\ Define the location and intensity vectors
\
\ The minimum is taken over all permutations π on {1, . . . , r}.
\
\
\
:::info This paper is available on arxiv under CC BY 4.0 DEED license.
:::
\