Tuan Anh

container nerd. k8s || GTFO

Fix Terminal no longer uses keychain in MacOS Sierra

Since Sierra, I got prompted for my ssh key password everytime. After digging a bit, it seems Apple just changes it recently.

On macOS, specifies whether the system should search for passphrases in the user’s keychain when attempting to use a particular key. When the passphrase is provided by the user, this option also specifies whether the passphrase should be stored into the keychain once it has been verified to be correct. The argument must be ‘yes’ or ‘no’. The default is ‘no’.

In order to fix this, you just have to enable UseKeychain for every hosts by adding these lines into your .ssh/config file

Host *
   AddKeysToAgent yes
   UseKeychain yes
   IdentityFile ~/.ssh/id_rsa

Alternatively, you can add ssh-add -A into your .bashrc or .zshrc.


Why we choose Kubernetes over ECS

A bit outdated post but many points stay valid.

link bài gốc

Bring in the Goddamn Adults Already

Time and time again, the young startup promotes their longest-tenured young engineer to become CTO of their 20-something startup. And it makes sense on the surface, because it’s their “best” engineer. And why not? They’ve been there for so long that they know the system they’ve built more than anyone else.
But now they have two problems: they lose their “best” engineer, and on top of that, they gain what’s probably a shit manager.

link bài gốc

Using ioredis with twemproxy

Twemproxy is a fast/lightweight proxy for memcached and redis.

Not all Redis commands are supported. You can take a look at the list of supported commands on Github


kube-monkey

kube-monkey is an implementation of Netflix’s Chaos Monkey for Kubernetes clusters. It randomly deletes Kubernetes pods in the cluster encouraging and validating the development of failure-resilient services.

Netflix’s Chaos Monkey for Kubernetes

link bài gốc

Automate Let's Encrypt certificate genernation for Kubernetes Ingress

Kube-Lego automatically requests certificates for Kubernetes Ingress resources from Let’s Encrypt

You can find complete example how to use this with GCE here

link bài gốc

mycli

A Terminal Client for MySQL with AutoCompletion and Syntax Highlighting.

I can’t recommend this enough! Insanely useful tool.

link bài gốc

Sharing secret data in Kubernetes

  • I’ve seen people bundle config file within source code.
  • I’ve seen people bundle config when building Docker images.

PLEASE DON’T.

Just use secrets / environment variables.

Here is a very detail tutorial on how to share secret data in Kubernetes.

link bài gốc

Distelli - Your DevOps Dashboard for Kubernetes

Your DevOps Dashboard for Kubernetes

I’ve been looking for CI/DI that would complete the Kubernetes setup. This looks like a good fit for it.

link bài gốc

Using squid proxy to bypass 3rd party API IP whitelisting

At work, I have to work with many 3rd party supplier API which requires IP whitelisting. This is becoming an issue when we need to autoscale using multiple Kubernetes nodes.

There are several ways to deal with this

  • Use NAT gateway to forward all outgoing traffic to the gateway
  • Use a proxy like Squid

I went with Squid since it’s much easier. Tinkering with network setting is nightmare for me.

You can follow the tutorial here on Google Cloud Documentation and then export these environment variables below in your Kubernetes nodes / Docker container.

export http_proxy="http://<proxy-ip>:3128"
export https_proxy="http://<proxy-ip>:3128"
export ftp_proxy="http://<proxy-ip>:3128"
export no_proxy="169.254.169.254,metadata,metadata.google.internal"

You can verify if it’s working properly by checking the public IP address of the node afterward by curl ifconfig.me.

Also, package like request does respect HTTP_PROXY and HTTPS_PROXY so you probably don’t have to make any changes to the existing code base.