GKE docker registry with HTTP proxy

You are at one of those places that requires you to use a proxy to access your company wide Docker registry. Sometimes HTTP proxies are used to supposedly improve security or to workaround IP based rate limits. Well good luck, you're in for a ride on how to do this …

GKE custom OSS K8s cluster autoscaler

This blog post described how to deploy your own K8s cluster autoscaler instead of the cluster autoscaler that's bundled with GKE. This can be helpful in the rare case that the bundled GKE cluster autoscaler doesn't work for you.

Note that the GKE bundled cluster autoscaler is vastly different from …

Custom DNS entry with KubeDNS stubdomain

An example use case that I've seen is where you have a K8s service exposed on the ClusterIP and you want to make that service accessible over a domain name that you don't control.

You can do to the following steps to set this up:

1. Deploy CoreDNS with custom DNS …

Mounting FUSE without privileges on K8s/GKE

This might become a full blog post but for now read the steps here: https://github.com/samos123/gke-gcs-fuse-unprivileged

Securing Redis with Istio TLS origination

Istio is daunting and not all use cases are well documented. The public docs focus mostly on using the egress gateway for TLS orignation. The use case of using the sidecar for TLS origination with a database isn't documented well. This blog post hopes to solve that.

So you've actually …

Deploying OpenStack on GCP

You want private cloud inside public cloud for additional security, improved agility, lower opex and ultimate flexibility? I present you OpenStack running on Google Compute Engine (GCE). I hope you got the joke, if not, let me explain there are no benefits to running OpenStack on GCP. OpenStack on GCP …

Creating L2 connectivity between GCE VMs in GCP using VXLAN

Cloud providers often prevent you from using L2 protocols such as ARP. These protocols however are heavily used in existing software such as keepalived. This can make it hard for to move certain workloads to the cloud. This blog post demonstrates a method for creating L2 connectivity between Virtual Machines …

How to enter network namespaces of other containers from a pod in K8s?

You might be in a situation where you need to troubleshoot the networking stack on a container where you don't have the tools necessary. Or you might need to figure out which veth belongs to a container. For both these scenarios you will need to be able to get into …

Custom GCP Cloud Shell image with Terraform and Helm

Inpatient people who just want the end-result, please go to: GitHub: GCP Cloud Shell image with Terraform and Helm

Cloud Shell is one of the convenient features of Google Cloud providing you with a secure CLI directly from the browser. The default image contains almost all the tools you could …

OpenStack Salt MK22 Vagrant-based lab

The blog by Sebastian inspired me to try out OpenStack Salt in combination with the new MK22 Reclass model. Instead of using the TCPcloud provided labs I'm using my own laptop beast (ThinkPad W530 with 32GB of memory). For that reason I created a Vagrantfile for the mk22-lab-basic environment to …