Open Sourcing our Kubernetes Tools

At Tumblr, we are avid fans of Kubernetes. We have been using Kubernetes for all manner of workloads, like critical-path web requests handling for tumblr.com, background task executions like sending queued posts and push notifications, and scheduled jobs for spam detection and content moderation. Throughout our journey to move our 11 year old (almost 12! 🎂) platform to a container-native architecture, we have made innumerable changes to how our applications are designed and run. Inspired by a lot of existing Kubernetes APIs and best practices, we’re excited to share with the community some of the tools we’ve developed at Tumblr as our infrastructure has evolved to work with Kubernetes.

To help us integrate Kubernetes into our workflows, we have built a handful of tools of which we are open-sourcing three today! Each tool is a small, focused utility, designed to solve specific integration needs Tumblr had while migrating our workflows to Kubernetes. The tools were built to handle our needs internally, but we believe they are useful to the wider Kubernetes community.

k8s-sidecar-injector

Any company that has containerized an application as large and complex as Tumblr knows that it requires a tremendous amount of effort. Applications don’t become container-native overnight, and sidecars can be useful to help emulate older deployments with colocated services on physical hosts or VMs. To reduce the amount of fragile copy-paste code by developers adding in sidecars to their Deployments and CronJobs, we created a service to dynamically inject sidecars, volumes, and environment data into pods as they are launched.

The k8s-sidecar-injector listens to the Kubernetes API for Pod launches that contain annotations requesting a specific sidecar to be injected. For example, the annotation injector.tumblr.com/request=sidecar-prod-v1 will add any environment variables, volumes, and containers defined in the sidecar-prod-v1 configuration. We use this to add sidecars like logging and metrics daemons, cluster-wide environment variables like DATACENTER and HTTP_PROXY settings, and volumes for shared configuration data. By centralizing configuration of sidecars, we were able to reduce complexity in CronJobs and Deployments by hundreds of lines, eliminated copy-paste errors, and made rolling out updates to shared components in our sidecars effortless.

An example sidecar ConfigMap is below, which adds a logging container, a volume from a logger-config ConfigMap, and some environment variables into the Pod.

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: example-sidecars
  namespace: kube-system
  labels
    app: k8s-sidecar-injector
data:
  logger-v1: |
    name: logger-v1
    containers:
    - name: logger
      image: some/logger:2.2.3
      imagePullPolicy: IfNotPresent
      ports:
      - containerPort: 8888
      volumeMounts:
      - name: logger-conf
        mountPath: /etc/logger
    volumes:
    - name: logger-conf
      configMap:
        name: logger-config
    env:
    - name: DATACENTER
      value: dc01
    - name: HTTP_PROXY
      value: http://my-proxy.org:8080/
    - name: HTTPS_PROXY
      value: http://my-proxy.org:8080/

This configuration will add the logger container into each pod with the annotation injector.tumblr.com/request: logger-v1, with a ConfigMap projected as a volume in /etc/logger. Additionally, every container in the Pod will get the DATACENTER=dc01 and HTTP_PROXY environment variables added, if they were not already set. This has allowed us to drastically reduce our boilerplate configuration when containerizing legacy applications that require a complex sidecar configuration.

k8s-config-projector

Internally, we have many types of configuration data that is needed by a variety of applications. We store canonical settings data like feature flags, lists of hosts/IPs+ports, and application settings in git. This allows automated generation/manipulation of these settings by bots, cron jobs, Collins, and humans alike. Applications want to know about some subset of this configuration data, and they want to be informed when this data changes as quickly as possible. Kubernetes provides the ConfigMap resource, which enables users to provide their service with configuration data and update the data in running pods without requiring a redeployment. We wanted to use this to configure our services and jobs in a Kubernetes-native manner, but needed a way to bridge the gap between our canonical configuration store (git repo of config files) to ConfigMaps. Thus, was k8s-config-projector born.

The Config Projector (github.com/tumblr/k8s-config-projector)[github.com/tumblr/k8s-config-projector] is a command line tool, meant to be run by CI processes. It combines a git repo hosting configuration data (feature flags, lists of hostnames+ports, application settings) with a set of “projection manifest” files that describe how to group/extract settings from the config repo and transmute them into ConfigMaps. The config projector allows developers to encode a set of configuration data the application needs to run into a projection manifest. As the configuration data changes in the git repository, CI will run the projector, projecting and deploying new ConfigMaps containing this updated data, without needing the application to be redeployed. Projection datasources can handle both structured and unstructured configuration files (YAML, JSON, and raw text/binary).

An example projection manifest is below, describing how a fictitious notification application could request some configuration data that may dynamically change (memcached hosts, log level, launch flags, etc):

---
name: notifications-us-east-1-production
namespace: notification-production
data:
# extract some fields from JSON
- source: generated/us-east-1/production/config.json
  output_file: config.json
  field_extraction:
  - memcached_hosts: $.memcached.notifications.production.hosts
  - settings: $.applications.notification.production.settings
  - datacenter: $.datacenter
  - environment: $.environment
# extract a scalar value from a YAML
- source: apps/us-east-1/production/notification.yaml
  output_file: launch_flags
  extract: $.launch_flags

After processing by the config projector, the following ConfigMap is generated, which can then be posted to a Kubernetes cluster with kubectl create -f <generatedfile>.

kind: ConfigMap
apiVersion: v1
metadata
  name: notifications-us-east-1-production
  namespace: notification-production
  labels:
    tumblr.com/config-version: "1539778254"
    tumblr.com/managed-configmap: "true"
  data:
    config.json: |
      {
        "memcached_hosts": ["2.3.4.5:11211","4.5.6.7:11211","6.7.8.9:11211"],
        "settings": {
          "debug": false,
          "buffer": "2000",
          "flavor": "out of control",
          "log_level": "INFO",
        },
        "datacenter": "us-east-1",
        "environment": "production"
      }
    launch_flags: "-Xmx5g -Dsun.net.inetaddr.ttl=10"

With this tool, we have enabled our applications running in kubernetes to receive dynamic configuration updates without requiring container rebuilds or deployments. More examples can be found here.

k8s-secret-projector

Similar to our configuration repository, we store secure credentials in access controlled vaults, divided by production levels. We wanted to enable developers to request access to subsets of credentials for a given application without needing to grant the user access to the secrets themselves. Additionally, we wanted to make certificate and password rotation transparent to all applications, enabling us to rotate credentials in an application-agnostic manner, without needing to redeploy applications. Lastly, we wanted to introduce a mechanism where application developers would explicitly describe which credentials their services need, and enable a framework to audit and grant permissions for a service to consume a secret.

The k8s-secret-projector operates similarly to the k8s-config-projector, albeit with a few differences. The secret projector combines a repository of projection manifests with a set of credential repositories. A Continuous Integration (CI) tool like Jenkins will run the k8s-secret-projector against any changes in the projection manifests repository to generate new Kubernetes Secret YAML files. Then, Continuous Deployment can deploy the generated and validated Secret files to any number of Kubernetes clusters.

Take this file in the production credentials repository, named aws/credentials.json:

{
 "us-east-1": {
   "region": "us-east-1",
   "aws": {
     "key": "somethignSekri7T!",
   },
   "s3": {
     "key": "passW0rD!",
   },
   "redshift": {
     "key": "ello0liv3r!",
     "database": "mydatabase"
   }
 },
 "us-west-2": {
   "region": "us-west-2",
   "aws": {
     "key": "anotherPasswr09d!",
   },
   "s3": {
     "key": "sueprSekur#",
   }
 }
}

We need to create an amazon.yaml configuration file containing the s3.key and aws.key for us-east-1, as well as a text file containing our region. The projection manifest below will extract only the fields we need, and output them in the format desired.

name: aws-credentials
namespace: myteam
repo: production
data:
# create an amazon.yaml config with the secrets we care about
- name: amazon.yaml
  source:
    format: yaml
    json: aws/credentials.json
    jsonpaths:
      s3: $.us-east-1.s3.key
      aws: $.us-east-1.aws.key
      region: $.us-east-1.region
# create a item containing just the name of the region we are in
- name: region
  source:
    json: aws/credentials.json
    jsonpath: $.us-east-1.region

Projecting this manifest with the above credentials results in the following Kubernetes Secret YAML file:

apiVersion: v1
kind: Secret
metadata:
  labels:
    tumblr.com/managed-secret: "true"
    tumblr.com/secret-version: master-741-7459d1abcc120
  name: aws-credentials
  namespace: myteam
data:
  region: dXMtZWFzdC0x
  # region decoded for clarity: us-east-1
  amazon.yaml: LS0tCnMzOiAicGFzc1cwckQhIgphd3M6ICJzb21ldGhpZ25TZWtyaTdUISIKcmVnaW9uOiB1cy1lYXN0LTEK
  # amazon.yaml decoded for clarity:
  # ---
  # s3: "passW0rD!"
  # aws: "somethignSekri7T!"
  # region: us-east-1

In addition to being able to extract fields from structured YAML and JSON sources, we gave it the ability to encrypt generated Secrets before they touch disk. This allows Secrets to be deployed in shared Kubernetes environments, where users are colocated with other users, and do not feel comfortable with their Secret resources being unencrypted in etcd. Please note, this requires decryption by your applications before use. More details on how the encryption modules work can be found here.

For more examples of how to use this, check out examples here!

What’s Next

We are excited to share these tools with the Kubernetes open source community, and we hope they can help your organization adopt container-native thinking when managing application lifecycle like they helped Tumblr. Feature enhancements and bug fixes are welcome! And, shameless plug: if you are interested in Kubernetes, containerization technology, open source, and scaling a massive website with industry leading technologies and practices? Come join us!.

- @pipefail

engineering kubernetes open source

See more posts like this on Tumblr

#engineering #open source #kubernetes

More you might like

Introducing Laphs

The Core Web team at Tumblr is proud to announce the release of Laphs (Live Anywhere Photos - LAPhs; get it?), an open source JavaScript library for implementing Apple’s Live Photos on the web.

We use Laphs to support Live Photos on the web at Tumblr and now you can too! Check it out on github and npm and let us know what you think.

Happy coding!

open source javascript live photos apple

Open Sourcing Kanvas: Tumblr’s Media Editor and Camera

Today, Tumblr is releasing Kanvas, the Media Editor and Camera used in the Tumblr iOS app, as open-source!

https://github.com/tumblr/kanvas-ios

Kanvas is an open-source iOS library for adding effects, drawings, text, stickers, and making GIFs from existing media or the camera. It’s used by Tumblr for its camera, media editor, GIF maker, and media posting tool, and WordPress will be using it in the future too!

The project is licensed under the Mozilla Public License v2. Check out the Projects tab on GitHub for an idea of what we’re working on, and how you can contribute. The README is a good place to see Kanvas in action and add it to your own app. And if you’re interested, follow the project, as we’ll be posting more documentation about how Kanvas work and the history of the project.

Thanks to everyone who’s contributed to Kanvas over the years, and we’re excited to see what this new open-source & WordPress chapter brings.

kanvas open source wordpress

javascript

Making a progressive web app with webpack just got a little bit easier

Today we are releasing webpack-web-app-manifest-plugin, which generates an app manifest that shows up in your assets manifest.

I heard you like manifests

Turns out, there are a lot of web things called “manifests”. When talking about web app manifests and assets manifests, sometimes it’s hard to keep track. Buckle up, because we made a webpack plugin that deals with both of these types of manifests.

Web app manifests are JSON files that allow your application to specify the way it should be treated when installed as an application on a mobile device. You may want to specify what the application name and icon should be. Maybe you want to tell the browser to tint some of its UI elements to match the color scheme of your page, or even hide the browser chrome entirely. You can do all of that with a web app manifest.

Assets manifests are JSON files that contain paths to assets that are generated by webpack. They’re generated by plugins such as assets-webpack-plugin. If you add hashes to the end of your filenames to allow cache busting, assets manifests can be very useful. For example, we use our assets manifest to add JavaScript and CSS files to our <script> and <link> tags.

So I put a manifest in your manifest

While we were building our web app manifest, we wanted to be able to add a hash to the file path and <link> to it. So we needed to add it to our assets manifest. Unfortunately, we were unable to find any existing open-source plugins that output the file in the correct way to add it to the app manifest. So, we built webpack-web-app-manifest-plugin.

By default, webpack-web-app-manifest-plugin assumes that you will name your icon files in the format manifest/icon_[square dimension].(png|jpeg|jpg). If you name them using that scheme, you can use this plugin just like this:

// in your webpack config
import AppManifestPlugin from ‘webpack-web-app-manifest-plugin’;

…

plugins: [
  new AppManifestPlugin({
    content: {
      name:'Tumblr’,
      short_name:'Tumblr’,
      background_color:’#36465d’,
    },
    destination: ’/manifest’,
  }),
],

…

// in your page template
const manifest = // however you usually access your asset manifest in code
const appManifestPath = manifest['app-manifest’].json;

<link rel=“manifest” href={appManifestPath} />

If you named your icons with some other naming scheme, you can still add them to the web app manifest, it’s just a little more work. That process is detailed in the README.

Please use it

We’re really proud of the work we’ve done to make web app manifests compatible with asset manifests, which is why we’ve decided to open source it and publish it on npm. Please use it.

If this plugin doesn’t meet your needs, we welcome pull requests. And if you have a passion for progressive web applications, webpack, and open source, join our team!

- Paul Rehkugler (@blistering-pree)

engineering

More amazing work from Tumblr’s Core Web team!

javascript engineering webpack open source

alias please=sudo

Keeping a site like Tumblr alive and snappy for you to post at a moment’s notice, all day and night, is no small feat. Pesky crabs sneak into our data centers and cut cables all the time…

If you want to help our small but excellent systems team, want to work from anywhere, and are deep into nginx, mysql, kubernetes, and caching, join us in this adventure. Or, if you have a friend or a colleague who’s good with servers, send them our way.

tumblr engineering engineering systems engineering

Docker Registry Pruner release!

tl;dr: We are open-sourcing a new tool to apply retention policies to Docker images stored in a Docker Registry: ✨tumblr/docker-registry-pruner✨.

At Tumblr, we have been leaning into containerization of workloads for a number of years. One of the most critical components for a Docker-based build and deployment pipeline is the Registry. Over the past 5+ years, we have built a huge amount of Docker containers. We are constantly shipping new updates and building new systems that deprecate others. Some of our repos can have 100s of commits a day, each creating a new image via our CI/CD pipeline. Because of this rapid churn, we create a ton of Docker images; some of them are in production, others have been deprecated and are no longer in use. These images accumulate in our Registry, eating up storage space and slowing down Registry metadata operations.

Images can range from a few hundred MB to a few GB; over time, this can really add up to serious storage utilization. In order to reclaim space and keep the working set of images in our registry bounded, we created, and are now open-sourcing, the ✨tumblr/docker-registry-pruner✨! This tool allows you to specify retention policies for images in an API v2 compatible registry. Through a declarative configuration, the tool will match images and tags via regex, and then retain images by applying retention policies. Example policies could be something like keeping the last N days of images, keeping the latest N images, or keeping the last N versions (semantically sorted via semantic versioning).

Configuration Format

A more precise definition of how the tool allows you to select images, tags, and retention policies is below. A config is made up of registry connection details and a list of rules. Each rule is a combination of at least 1 selector and an action.

Selectors

A selector is a predicate that images must satisfy to be considered by the Action for deletion.

repos: a list of repositories to apply this rule to. This is literal string matching, not regex. (i.e. tumblr/someservice)
labels is a map of Docker labels that must be present on the Manifest. You can set these in your Dockerfiles with LABEL foo=bar. This is useful to create blanket rules for image retention that allow image owners to opt in to cleanups on their own.
match_tags: a list of regular expressions. Any matching image will have the rule action evaluated against it (i.e. ^v\d+)
ignore_tags: a list of regular expressions. Any matching image will explicitly not be evaluated, even if it would have matched match_tags

NOTE: the ^latest$ tag is always implicitly inherited into ignore_tags.

Actions

You must provide one action, either keep_versions, keep_recent, or keep_days. Images that match the selector and fail the action predicate will be marked for deletion.

keep_versions: Retain the latest N versions of this image, as defined by semantic version ordering. This requires that your tags use semantic versioning.
keep_days: Retain the only images that have been created in the last N days, ordered by image modified date.
keep_recent: Retain the latest N images, ordered by the image’s last modified date.

You can see the documentation for more details, or check out the example.yaml configuration!

Tumblr uses this tool to (via Kubernetes CronJob) periodically scan and prune unneeded images from a variety of Docker repos. Hopefully this tool will help other organizations manage the sprawl of Docker images caused by rapid development and CI/CD, as well!

engineering kubernetes docker

cyle

My Engineering Career at Tumblr So Far

cyle

I’ve been at Tumblr for four years as of last month, and in those four years I’ve moved from Engineer to Senior Engineer to Principal Engineer. Everyone’s journey along the path of their career is different, and engineering is a little different everywhere, but this is my story. My hope is that it provides some insight into Tumblr’s career ladder and some themes that are universal across engineering cultures at other companies.

Prelude: Full Stack Madness

Before I joined Tumblr, I worked for ten (!!!) years as a full stack developer at a college, mostly alone. I’d been writing code (poorly) and immersing myself in tech since I was a kid, so I felt pretty confident as a teenager taking a job building websites for my college.

Over the course of that ten-year job, I went from writing terrible PHP and Javascript to performing the ultra full stack of work: rack-mounting servers, installing operating systems on them, splitting them up into application servers and database servers and whatnot, managing them often, writing application logic to run on and across them, designing databases (relational and NoSQL), designing user interfaces, bridging lots of different APIs, and scaling my applications to meet greater demands. Way too much for one person to do, really.

It was an opportunity for me to get my hands on all facets of building things for the internet. It afforded ample time to figure out what felt best for me, which turned out to be backend application development. I probably waited way too long before moving on to my next job, which luckily became Tumblr. When I did get the job at Tumblr, I had two main goals: to work as a component of a team rather than alone, and to focus on backend engineering.

Being heads-down as an Engineer

When I joined Tumblr, I came on as an Engineer. It’s technically a step above “entry level” at most companies, and it was the baseline for new engineering hires at Tumblr at the time. Someone at the Engineer level at Tumblr is expected to be a team member who focuses on a certain technical domain, such as databases, SRE, iOS, Android, Javascript, PHP, Scala, etc. For me, in product engineering, this roughly translated into being either a frontend engineer (iOS, Android, Javascript) or a backend engineer (PHP, Scala). When I started, I did a little bit of both since I had experience with both, but over the course of my first year I shed a lot of my frontend knowledge in favor of deepening my backend knowledge.

The Engineer level usually means you’re someone who is relatively “heads-down”, being given tickets to complete during sprints which contribute to a larger project that your team is working on. That was me — at the time I joined we were working on finishing up the “new” post forms on the web, and my team was about to start building blog-to-blog instant messaging. I worked with senior engineers to flesh out the architecture for messaging, and through that I learned how to build something that seemed simple to me but became very complex at scale. I churned through a lot of tickets and wrote a lot of code, almost entirely feature logic, rarely touching anything outside of my domain.

While I didn’t spend a lot of time in meetings or making decisions, I did get to have a voice in pretty much everything my team worked on, and I felt empowered by my manager to speak my mind across the company. During my first year that actually got me in trouble, as I become a bit overconfident in my own opinion, and I didn’t have the experience necessary to back much of it up. That was a good learning experience for me; it taught me how to pick my battles and when to use my voice and speak my mind. Sometimes saying nothing is the best option, and it’s important to keep yourself mindful of what your voice is actually contributing.

Opening up avenues into Senior Engineering

After my first year I started feeling very familiar with Tumblr’s engineering practices and a couple of lucky opportunities appeared. The first was being asked to act as a pseudo-member of the Core PHP team since they were understaffed, which broadened my responsibilities and gave me a reason to start digging around in our framework-level code. It afforded me time to learn a lot about our framework level and our design patterns, and I made some fundamental changes to how the Tumblr PHP app works. More importantly, it almost doubled the amount of code I was expected to review, much of it outside of my previous work as a product engineer.

Around that time, the senior engineers I was working with on messaging moved on from the project, leaving pretty much just me to finish the work a few months before we launched. Because of this, almost all of the PHP logic that exists for messaging on Tumblr is my code, and I became the go-to authority on how messaging works under the hood.

After launch, we continued to iterate on messaging features. A few of these iterations required heavy refactors of a system that was humming along, being used by millions of people. I learned how to make dramatic changes without anyone who was using the product noticing, and I started being one of the engineers who’d help others do the same for their projects.

One example of that kind of work was the Replies relaunch, which was outside my normal workload, but I lent a hand to help make sure it met the deadline we had set for ourselves. I also took the engineering lead on the infamous Lizard Election of 2016, coordinating work among designers, web engineers, iOS engineers, and Android engineers, while also building most of the backend for it myself. It was an extremely ambitious project that we put together in a very short period time, all for one absurd April Fools joke. The community loved it (or was extremely confused by it), and it provided a lot of insight for me into what it’d be like to lead cross-team efforts.

I also spent a lot of my first two years participating in Breaking Incidents — at Tumblr these are usually sudden high-impact problems that need to be fixed quickly, usually by someone who is on call. I probably learned the most about Tumblr’s features, systems, and edge cases while helping fix these problems. Sometimes these incidents were small, like just a user interface bug that had been accidentally deployed, and sometimes these incidents were huge, such as entire database clusters failing. Jumping in and helping to quickly resolve these incidents showed that I wasn’t afraid to get my hands dirty.

All of this additional responsibility meant I started going to more meetings and talking to more people across the company, as I had carved out a space that I felt was my own. It was really difficult and uncomfortable a lot of the time, and I made mistakes that broke things, but fixing them, persevering, and learning not to repeat them showed how much I was ready for a more senior role. I got promoted to Senior Engineer and stayed at that level for two and a half years, with a brief interlude as a Staff Engineer.

Raising the stakes as a Senior Engineer and then Staff Engineer

As a Senior Engineer, I felt much more empowered to take on difficult tasks, as I had a couple of major, successful projects behind me. The feeling of being uncomfortable became comfortable for me; I got used to being in a position where I didn’t have a ready solution to a problem, and I was happy to say so, but I felt confident I could figure it out by drawing on my past experience and doing some research.

I started being consulted by other teams when they’d be scoping out new projects, and I had a good sense for why a project could be difficult or easy. I also started going to meetings that had nothing to do with my normal job responsibilities, as I felt that it was important to stay on top of what was happening outside of those responsibilities. With only a couple hundred people at the company, it felt very feasible to know what was going on in most places.

It was around a year into being a Senior Engineer that I was invited to become a Staff Engineer, which at the time was parallel with the Senior Engineer role, having only a slightly different set of expectations. Being a Staff Engineer meant more talking about engineering problems and processes, more reviewing other peoples’ code and ideas, less time writing my own code. Usually this is actually its own dedicated step along the career path, as it typically means you’re some kind of dedicated domain owner in a much larger organization of engineers. I fell into it naturally, as I was already doing a lot of the kind of work it expected, which highlighted to me that the best career moves are often the obvious ones.

However, over time it began to feel like Staff Engineer was a role that would be more practical at a larger company of hundreds or thousands of engineers, and actually impractical at Tumblr’s size of just a hundred or so engineers. To me, many of the responsibilities of our Staff Engineer group felt like they should be that of any Senior Engineer or Managers/Directors. Many of our tasks involved shepherding other engineers and providing insight into how to fix hard problems, and defining processes that affected most engineers.

A lot of those processes were very administrative and felt like they’d be more enforceable if they came from someone at the executive level. At times, Staff Engineering also felt like the dreaded “ivory tower” approach to engineering, in which a select few get to decide what’s best for everyone, which I strongly disagree with. I hopped out of the Staff Engineer role after nine months or so, and the Staff Engineering group was dissolved shortly after I left it.

Becoming More Independent

After spending so much time spreading myself around the company, I gradually shifted out of being tied to a single team and I became a kind of “floater” among the product engineering teams. I started tackling bigger problems with our legacy systems (such as getting them GDPR compliant) and helping shape the architecture of new features (such as the Neue Post Format). I had become the same kind of engineer as those who had helped me build messaging, acting more as someone who isn’t afraid to get their hands dirty contending with the obscure parts of a ten year old codebase. It was around this time that I wrote How I Code Now and How I Review Code, as a lot of my job felt like it was honing those skills to a sharp point.

As I became a Senior Engineer and then Staff Engineer, more of my work became self-directed rather than decided for me by a supervisor. Instead of being given tickets to solve in a sprint, I got to do a combination of choosing my own work and being asked to help in certain areas by other managers and my supervisor. I went wherever that focus was needed, which still meant more time talking about problems, but now also more time writing framework code in support of other engineers.

After gaining a lot of experience in how Tumblr worked, it became easier for me to see where there were opportunities for improvement, both engineering- and product-wise. Since most of my passion is in the product work, I was given the latitude to try to push forward Tumblr’s product features more directly. Some of these projects I ran with myself, like the last three years of April Fools jokes and revamping Tumblrbot and pushing the Neue Post Format, but a lot of the time I’ve tried to help empower feature work that I’m just passionate about and want to see succeed.

Since I worked alone at my previous job for a very long time, I already had the ability to be self-directed and to self-organize. I try to keep my work well documented, I like to keep a trail of emails and tickets to show what I’m working on and have finished, and I can mentally context switch quickly between many different ongoing tasks. Most of that context switching ability centers around assigning priority to every task I do. If a project or task has no priority, it usually never gets done, but that’s fine; there is always more to do than can ever be done. Sometimes I have “rainy days” when I can pull something from the bottom of the priority list that I’ve wanted to do for awhile but not had time.

It was also around this time of becoming more self-directed that I began mentoring other engineers one-on-one, and working with them to help them grow in the same way that I had, or in whatever way they wanted to grow. Sometimes I join a specific team for a brief period, usually acting as a force-multiplier to the output of a team while I was on it. I like to tear through challenges and make big difficult decisions when they need to be made, talking and documenting them out to reinforce shared knowledge, while trying to avoid the pitfalls of seeking perfection. One example of that is the ongoing Neue Post Format project, which has involved huge refactors of existing code, tons of new code, and a complete overhaul of how all new posts on Tumblr are stored and represented. Not to mention thousands upon thousands of words of documentation.

All of this led me to becoming a Principal Engineer, which is where I’m at now. For me, it’s a role that expects continuous mentorship and sponsorship of other engineers, constant vigilance of best practices, tons and tons of code review and architecture-building, and heightened mindfulness of ones’ words and actions. In my experience so far, it’s a lot of talking and writing about engineering while making big, difficult engineering decisions, and actually writing fewer, but higher impact, lines of code.

Moving beyond Principal Engineer is a difficult and rare task. Of the hundred or so engineers at Tumblr, there are only a handful of Principal Engineers, and even fewer Senior Principals. From my understanding, moving beyond Principal at Tumblr means being a framework-level domain owner and decision maker, contributing to the entire scale of Tumblr’s success. I’m still trying to figure out if that challenge is something that interests me, but in the meantime there are more than enough challenges at Tumblr to keep me busy.

By the way, if my story sounds like an interesting adventure to you, we’re hiring.

engineering careers

Tumblr Engineering @ Percona Live MySQL Conference

We’re pleased to announce that Tumblr’s Database Engineering team will be attending the Percona Live MySQL Conference next week in Santa Clara, CA!

We’ll be giving a talk on our open source automation software, Jetpants, which has helped us scale to over 175 billion distinct rows of relational data to date. We’re also looking forward to attending a number of amazing sessions from our friends at Percona, Facebook, Oracle, Palomino, Etsy, and more.

If you haven’t registered yet, use code SpeakMySQL to save 15%. Hope to see you there!

MySQL databases

Tumblr Summer Intern: Jared Stern
Working at Tumblr as a summer engineering intern, I was flung headfirst into a mysterious world replete with terms I did not understand, people I did not know, and a codebase that defied all attempts at... — Tumblr Summer Intern: Jared Stern
Working at Tumblr as a summer engineering intern, I was flung headfirst into a mysterious world replete with terms I did not understand, people I did not know, and a codebase that defied all attempts at understanding. I asked many questions, and slowly realized that with a little thinking I could figure some things out myself. Slowly, I got to know the tools and languages (now I know some PHP!) and gained a bit of confidence in dealing with our code.

Much of my work dealt with a couple of Tumblr’s back-end services, which handle a lot of the heavy lifting for the web application—mostly moving data around so the app can quickly access everything it needs. I was given quite a bit of responsibility, which was exciting and instructive and frightening, particularly when I broke an important thing on my third Tuesday. Luckily, my other work was a bit less eventful.
I eventually got more comfortable (a bit more comfortable, anyway!) with deploying changes to our code. In addition to services, I worked on a few small projects closer to the site’s front end. I fixed a bug in the bookmarklet that caused posts to be created incorrectly. I fixed an issue in our internal administration site so the site would be more responsive at peak times. On one occasion, I worked with a member of our support team to fix a single tumblelog that curiously would not load past its thirteenth page. It was a pleasure to be able to fix an actual user’s actual problem.

Through all of this I had the honor of working with the fabulous Tumblr team, people who were friendly and helpful and knowledgeable, and who went out of their way to help me along. All told, it was a marvelously challenging, interesting, and educational summer.
- Jared

engineering tumblr interns

This summer the engineering team at Tumblr got to work with some amazing Interns. We asked each of them to share their experiences and tell you a little bit about the projects they worked on. Here is the first in a series of upcoming intern profiles.

–

Tumblr Summer Intern: Iain Nash

This summer I interned at Tumblr as a front end web engineer working with the discovery team. I had amazing opportunities here to build awesome things that many people see, but more important, to work with a creative and dynamic team, and be able to contribute to Tumblr. Additionally, I loved spending the summer in New York - really is an exciting place to be.

I started off getting setup with my own development box and similar access to full time employees at Tumblr. While I started off with smaller projects to get to know the codebase and team, I quickly started getting bigger and bigger projects. It was really overwhelming at first to deploy the tumblr.com codebase within the first week I was here, going from only writing tiny things to a site as big as Tumblr.

The first big project I worked on was making a new logged out tag page. Throughout the summer, I was mostly mentored by Johnny Benson, who really helped me out with how things are done and constant creative and practical decisions involving my work. I also worked with Tag Savage for many of the design changes I was working on. It was always fun for me to hear “if this isn’t too hard to do…,” and be able to make a proof-of-concept by the day’s end. In fact, the current tag page design started off as refinements to a current tag page, then grew into a bigger project when I took these suggestions on. The layout of this page is rather unique - smart sliding rows, and it took a good deal of code to make it work properly.

I also had the opportunity to clean up and improve on some of the already stunning login and register views. These pages were mostly complete, just needing some design and code tweaks. It was a bit nerve wracking deploying these pages as there was a chance I could have missed something and would break login. Most of the changes I made were on the backend PHP, so that going out without a hitch was great for me.

I really enjoyed the other interns at tumblr this summer - previously, I would be the only intern at a company, now I had other interns working with me. Going to lunch, exploring the city was always fun with the other interns.

Now, it is time for me to head back to school at the University of Southern California, and face the homework, the time crunches, and the assignments once again. Seeing Tumblr grow and change over the past few months was a cool experience, and I’m glad I was able to be a part of it.

– Iain

tumblr engineering interns profiles iain nash

Tumblr Hack Week, January 2024 Edition

Once again it was Hack Week (more than just a day!) at Tumblr! This is getting repetitive in the best way. A couple of times per year we slow down our normal work and spend a week working on scratching a personal itch or features we want as user and see how far we can get with our hacks. One thing from the last Hack Week in September made it all the way to a new experiment out to some testers: Tumblr Patio!

Here are some of the projects that got built for our most recent Hack Week in January. Some of these things you may also end up seeing on the site…

Spoiler text, spoiler blocks, and centered text!

This one is so obvious and amazing, it’s wild we don’t already have it. For Hack Week, Katie added the ability to select text in a paragraph to be hidden behind a wall of black that can be revealed with a tap. This can be super useful to hide spoilers. And even better: whole spoiler blocks. And while we’re here, the ability to center text!

A plethora of new default blog avatars

We haven’t updated our default avatars in several years. (Some of you may remember this one from 10+ years ago.) They’re feeling a bit stale to us, so why not update them? And while we’re at it… make a ton more variations! Paul from the Tumblr Design team came up with a suite of new default avatars, using our latest Tumblr color palette. Here’s a look at some of them, but there are actually many dozens more using different colors:

Notifications and emails about engagement on your posts

This one is for the folks on Tumblr who love numbers and their Activity page. Daniel, @jesseatblr, and the Feeds & Machine Learning team worked on some new notifications and emails we could send out to people about how their posts have been doing lately on the platform, such as how many views they’ve gotten, and by how many people. We already have this available (and more) when you Blaze a post, but why not open it up to more people? It’s really useful to the folks who use Tumblr to help build an audience for their work!

A new way of navigating the web: the Command Palette

Some apps we use a lot have a “command palette” accessible via a keyboard shortcut for quick keyboard-driven access to different parts of the platform. For example, Slack and Discord have Command + K to access their quick switchers to hop around conversations. What if Tumblr had one? Kelly and Paul built one! Press Command/Control + K on Tumblr and you can use your keyboard to jump to your blog, Activity, your recent conversations, search, dozens of places!

As always, stay tuned to the @changes blog to see if any of these hacks make it on Tumblr for real!

tumblr engineering tumblr hack week tumblr hack day

Tumblr Engineering — Open Sourcing our Kubernetes Tools

See, that’s what the app is perfect for.