Tag: kubernetes

  • A Simple and Interactive Decoder for Kubernetes Secrets

    TL; DR: Here’s a simple shell function which can decode Kubernetes secrets interactively and should work in any Bash and compatible environments. Requirements: Here’s the code. This can be chained together with other commands too, eg. on a Mac, I can do Then the decoded content of selected secret key will be put into clipboard.…

  • A GKE Issue: Metadata Service Is Unreachable In Nodes

    Recently I encountered some errors in a GKE cluster where a lot of pods were stuck at crash loop backoff state, which means the pods couldn’t recover on their own. When taking a closer look, I saw errors like: It’s a DNS issue then. However when I created a pod and ran some DNS tests…

  • How to Enable Gzip Compression for Istio Ingress Gateway

    TL; DR: here’s a code snippet to turn on gzip compression for Istio’s ingress gateway, using Envoy filter. Tested with Istio 1.16 and Kubernetes 1.26. To test it with curl: 🙂

  • How to Mount an Existing Google Persistent Disk to a Pod in GKE

    TL; DR: Below are steps to mount an existing Google Persistent Disk to a pod in a GKE cluster in the same region. Most of the time I’d prefer to run stateless pods in Kubernetes clusters – they come, they go, as if nothing happened. When there are things to be persisted, a Persistent Volume…

  • Solved: Uninstallation of config-connector Got Stuck in ArgoCD

    The Kubernetes Config Connector is another level of IaC(Infrastructure as Code): It wraps Google Cloud resources like a Cloud Load Balancer with Kubernetes CRDs(Custom Resource Definition) so instead of writing Terraform HCL I can write YAML to manage GCP infrastructure. However when there’s a need to uninstall a config-connector, it got stuck in ArgoCD As…

  • Django DB Migration Job with ArgoCD

    A Job in Kubernetes is a one-off and immutable task to be carried out during deployment. But what if a job needs to run for each deployment? A new job with the same name can’t be deployed on top of the existing one, given it in completed or failed state. Since Kubernetes 1.23, A TTL(Time…

  • Cloud SQL MySQL: Best Password is No Password

    Security for web applications has come a long way. In the case of database passwords, there is a lot of approaches to keep them safe: But isn’t it the best if there’s no need for a password at all? With IAM authentication for Cloud SQL, the password can be avoided after all. Here’s how to…

  • How to Self-Host a Mastodon Instance in Kubernetes

    TL;DR: Instead of the official installation including setting up Ruby, nginx, systemd service, etc., I found it more comfortable to install and run a Mastodon instance using some YAML files. Just in case, what is Mastodon anyway? I used kustomize to manage and generate Kubernetes manifests for a fully functional Mastodon instance. Please see my…