GKE move system services (kube-dns, calico) to dedicated nodepool

GKE by default deploys kube-dns and other system services to any of your nodepools. This is probably fine for most cases, but certain use cases might require preventing system services from running on the same nodes as your where your applications are running. This blog post provides instructions on how …

Continue reading »

GKE docker registry with HTTP proxy

You are at one of those places that requires you to use a proxy to access your company wide Docker registry. Sometimes HTTP proxies are used to supposedly improve security or to workaround IP based rate limits. Well good luck, you're in for a ride on how to do this …

Continue reading »

GKE custom OSS K8s cluster autoscaler

This blog post described how to deploy your own K8s cluster autoscaler instead of the cluster autoscaler that's bundled with GKE. This can be helpful in the rare case that the bundled GKE cluster autoscaler doesn't work for you.

Note that the GKE bundled cluster autoscaler is vastly different from …

Continue reading »

Custom DNS entry with KubeDNS stubdomain

An example use case that I've seen is where you have a K8s service exposed on the ClusterIP and you want to make that service accessible over a domain name that you don't control.

You can do to the following steps to set this up:

  1. Deploy CoreDNS with custom DNS …

Continue reading »

Mounting FUSE without privileges on K8s/GKE

This might become a full blog post but for now read the steps here: https://github.com/samos123/gke-gcs-fuse-unprivileged

Continue reading »

Securing Redis with Istio TLS origination

Istio is daunting and not all use cases are well documented. The public docs focus mostly on using the egress gateway for TLS orignation. The use case of using the sidecar for TLS origination with a database isn't documented well. This blog post hopes to solve that.

So you've actually …

Continue reading »

Deploying OpenStack on GCP

You want private cloud inside public cloud for additional security, improved agility, lower opex and ultimate flexibility? I present you OpenStack running on Google Compute Engine (GCE). I hope you got the joke, if not, let me explain there are no benefits to running OpenStack on GCP. OpenStack on GCP …

Continue reading »

Creating L2 connectivity between GCE VMs in GCP using VXLAN

Cloud providers often prevent you from using L2 protocols such as ARP. These protocols however are heavily used in existing software such as keepalived. This can make it hard for to move certain workloads to the cloud. This blog post demonstrates a method for creating L2 connectivity between Virtual Machines …

Continue reading »

How to enter network namespaces of other containers from a pod in K8s?

You might be in a situation where you need to troubleshoot the networking stack on a container where you don't have the tools necessary. Or you might need to figure out which veth belongs to a container. For both these scenarios you will need to be able to get into …

Continue reading »

Custom GCP Cloud Shell image with Terraform and Helm

Inpatient people who just want the end-result, please go to: GitHub: GCP Cloud Shell image with Terraform and Helm

Cloud Shell is one of the convenient features of Google Cloud providing you with a secure CLI directly from the browser. The default image contains almost all the tools you could …

Continue reading »