Category: Systems Admin

  • How to Connect to Cloud SQL via SSH

    TL;DR: here’s a handy bash script which can connect to a private Cloud SQL instance(MySQL in this case) via a bastion host. Prerequisites: Google Cloud SQL instance with mTLS certs provisioned Google Cloud SDK installed(the gcloud command) a bash shell(better be V5.0+) OpenSSH and MySQL CLI installed Google Cloud SQL is an RDB as a […]

  • A Load Balancer for Cloud SQL Replicas

    TL;DR: As of Aug 2022, there’s no out of box load balancing for Google Cloud SQL read replicas. So I built one for MySQL replicas with HAProxy with the ability to dynamically reload when number of replicas has changed. It will be quite straight forward to run a few HAProxy pods in Kubernetes as a […]

  • How to Use a Local Persistent Volume

    TL;DR: A local persistent volume in a Kubernetes cluster is a persistent volume allocated in a certain node. Any pod mounting the volume will be automatically scheduled in the same node. Since it’s limited to 1 node, clearly it can’t be used as a high-availability solution, but hey, it’s quite Ok to use it for […]

  • How to Build Multi-Arch Docker Images for MacBook M1

    At work, I currently use a MacBook Pro with an Intel chipset and some of my colleagues have upgraded to ones with M1 chipset which is of arm64 or aarch64 architecture. Then expectedly I need to build some Docker images for both architectures. I’ve done some multi-arch Docker stuff before so this is not really […]

  • How To Renew Certificates in Kubernetes Clusters, Revisited

    There is a lot of TLS certificates used by the core of a Kubernetes cluster and a popular one is the client-server pair used by kubectl to authenticate to the cluster control plane. In my previous notes on how to renew certificates in a Kubernetes cluster with kubeadm, I found that the steps are quite […]

  • Blog Deployed With Jsonnet, Grafana Tanka and ArgoCD

    It’s been a year since I did the ‘Hello World’ with Jsonnet and Tanka, then I made a simple side-loader container to install Tanka as a plugin to ArgoCD and finally deployed an httpbin container with ArgoCD + Tanka + Jsonnet. However since Jsonnet wasn’t used in my work, those things were shelved afterwards. Recently […]

  • Easy Kubernetes Secret Integration with ExternalSecrets

    Easy Kubernetes Secret Integration with ExternalSecrets

    In a Kubernetes cluster, A Kubernetes Secret is a resource type to hold sensitive data for the apps to use, such as an API key or database password. Secrets are namespaced so if I have RBAC access to a namespace, I can pretty much see all the secrets there, as the secrets are only base64 […]

  • Better Resilience for Kubernetes Pods

    I happened to notice that all 3 pods serving this blog in my Kubernetes cluster were allocated to a same node. I thought Kubernetes will try its best to shuffle pods of a deployment into different nodes by default but guess I expected too much. Note the knode3 below Have you spotted the problem? In […]