Category: Systems Admin

  • How to Regulate Egress Access in Kubernetes with Istio

    Usually I don’t mind to give pods unlimited egress access, ie. the pods I deployed can access the whole internet if it needs to. However when the pods take input from users it’s a whole different story. For example, running some sandbox applications such as an online Python learning environment, the workload can be abused […]

  • Flyway Container, MySQL and SSL/mTLS

    Flyway is a handy utility to manage database schema migrations. Very similar to the schema migration mechanism in Ruby on Rails or Django, but Flyway is a standalone tool. So it’s best suited for some project which doesn’t have database schema management yet. I needed to use Flyway for a project I worked with, the […]

  • Some Field Test with Google Cloud Run

    Recently I got a chance to migrate on-premise applications to GCP(Google Cloud Platform), and ran the apps in containers via Cloud Run. Here are some pros and cons that I think about the fully managed Cloud Run. Pros: Very easy to get started. As long as the app can run in a container, it can […]

  • Passing Environment Variables to Terraform with RegExp

    In a Terraform template, an input variable can be used to set some configuration point for a resource, such as In some scenario the input variable can get its value from an environment variable in the shell where terraform runs. It looks like This is handy where there is just a few variables. If there […]

  • Deploy the Loki Stack in a Kubernetes Cluster with ArgoCD

    Loki and Promtail from Grafana Labs are new kids in the observability community. Are they good enough to replace Elasticsearch and Logstash? I would like to see. Here’s a sample ArgoCD Application to deploy Loki, Promtail, Prometheus and Grafana all from 1 Helm chart: grafana/loki-stack. Some settings of my installations are: loki, grafana and prometheus […]

  • Fixed CoreDNS High CPU Issue in a Kubernetes Cluster

    There was a Grafana alert saying that CPU usage was quite high on the master node of my garage Kubernetes cluster. I was watching a movie so I didn’t jump into this right away 🙂 I had a look at the master node today and this is how I fixed this issue. With the good […]

  • An Canary Upgrade of Istio 1.9 to 1.11

    Prerequisites: full Admin access to a Kubernetes cluster, which has an older version of Istio installed. A while ago I decided to try Istio in my garage Kubernetes lab, and replaced ingress-nginx with istio-ingressgateway. At the time being I installed Istio 1.9.4, the latest release is already 1.11.4. To avoid being left in the deprecated […]

  • Using Nginx to Negate Brute Force Attacks on WordPress Sites

    Thanks to the Prometheus – Grafana combo I set up earlier for my Kubernetes cluster I noticed that there was a steep increase of requests to this blog started a few days ago. I checked my Google Analytics dashboard, sadly my blog didn’t become any popular at all. So it must be some sort of […]