GKE custom OSS K8s cluster autoscaler

Update 2023-03-27: Added instructions for clusters using Workload Identity

This blog post described how to deploy your own K8s cluster autoscaler instead of the cluster autoscaler that's bundled with GKE. This can be helpful in the rare case that the bundled GKE cluster autoscaler doesn't work for you.

Note that …

Continue reading »

Custom DNS entry with KubeDNS stubdomain

An example use case that I've seen is where you have a K8s service exposed on the ClusterIP and you want to make that service accessible over a domain name that you don't control.

You can do to the following steps to set this up:

  1. Deploy CoreDNS with custom DNS …

Continue reading »

Mounting FUSE without privileges on K8s/GKE

This might become a full blog post but for now read the steps here: https://github.com/samos123/gke-gcs-fuse-unprivileged

Continue reading »

Securing Redis with Istio TLS origination

Istio is daunting and not all use cases are well documented. The public docs focus mostly on using the egress gateway for TLS orignation. The use case of using the sidecar for TLS origination with a database isn't documented well. This blog post hopes to solve that.

So you've actually …

Continue reading »

Deploying OpenStack on GCP

You want private cloud inside public cloud for additional security, improved agility, lower opex and ultimate flexibility? I present you OpenStack running on Google Compute Engine (GCE). I hope you got the joke, if not, let me explain there are no benefits to running OpenStack on GCP. OpenStack on GCP …

Continue reading »

Creating L2 connectivity between GCE VMs in GCP using VXLAN

Cloud providers often prevent you from using L2 protocols such as ARP. These protocols however are heavily used in existing software such as keepalived. This can make it hard for to move certain workloads to the cloud. This blog post demonstrates a method for creating L2 connectivity between Virtual Machines …

Continue reading »

How to enter network namespaces of other containers from a pod in K8s?

You might be in a situation where you need to troubleshoot the networking stack on a container where you don't have the tools necessary. Or you might need to figure out which veth belongs to a container. For both these scenarios you will need to be able to get into …

Continue reading »

Custom GCP Cloud Shell image with Terraform and Helm

Inpatient people who just want the end-result, please go to: GitHub: GCP Cloud Shell image with Terraform and Helm

Cloud Shell is one of the convenient features of Google Cloud providing you with a secure CLI directly from the browser. The default image contains almost all the tools you could …

Continue reading »

OpenStack Salt MK22 Vagrant-based lab

The blog by Sebastian inspired me to try out OpenStack Salt in combination with the new MK22 Reclass model. Instead of using the TCPcloud provided labs I'm using my own laptop beast (ThinkPad W530 with 32GB of memory). For that reason I created a Vagrantfile for the mk22-lab-basic environment to …

Continue reading »

OpenWRT hourly speedtest maximum bandwidth delivered by ISP

Work in progress, place holder, these are the commands required to run the python code that I wrote

opkg install python3-light opkg install python3-email

opkg install python3-openssl opkg install python3-codecs

opkg install ca-certificates

Continue reading »