This post is more of a continuation to this tweet One thing which I tried doing differently this time with one of my side projects is to do TDD from the start. Someone may ask why? It's just a side project no? (1/n) — Tasdik Rahman (@tasdikrahman) October 4, 2020 I have been building bhola in my free time, and one thing which I tried doing differently this time with it, was to practice TDD from the start. ...
I did this trip last year, in August 2019. Finishing this was long overdue. Trying to follow up with the manager of Khawa karpo as Sushant and Rajat also finished their sharing of dinner which we were grabbing to call it a day. We all rushed as I grabbed my takeaway, to get a rick to catch my bus which was due to leave in about 15mins or so. Didn’t try bargaining too much and just went ahead with the exorbitant charge for the meagre ~1km which was to be traversed. ...
This post was originally published in Gojeks engineering blog, here, this post is a cross post of the same This post is more of a continuation to this tweet A few notes on @kubernetes cluster upgrades on GKE (1/n) — Tasdik Rahman (@tasdikrahman) July 21, 2020 If you are running kubernetes on GKE, chances are that you are already doing some form of upgrades for your kubernetes clusters, given that their release cycle is quarterly, which means you will have a minor version bump every quarter in the upstream. That is really a high velocity for version releases, but that’s not the focus of this post, the focus is on how you can attempt to keep up with this release cycle. ...
This post was originally published in Gojeks engineering blog, here, this post is a cross post of the same If you are on rails, you would have noticed that the rails logs which you get by default are quite verbose and spread across multiple lines, even if the context is of processing just one simple controller action. What I will discuss in this post is how can one sanitize the logs, without losing out on information along with how you can add additional information for your log lines to make full use of the querying features of your logging platform. ...
This was originally published under Gojek’s engineering blog by me, this post is a repost. We at Gojek have been running Istio 1.4 with a multi-cluster setup for some time now, on top of which, we have been piloting a few reasonably high throughput services in production, serving customer-facing traffic. One of these services hits ~195k requests/minute. In this blog, we’ll deep dive into what we have learnt and observed by using Istio’s networking APIs. ...
With the root cert expiring for sectigo, the older linux distributions are not properly ignoring the cert. I have seen this affect boxes which ran ubuntu 16.04, but there would be others too. Didn’t notice anything on Debian 10(buster) As people have pointed out around, this is an openssl 1.0.2 bug. So even a system upgrade wouldn’t help the situation wouldn’t help, as this would require an actual distro upgrade. Programs which don’t depend on openssl(like go binaries), won’t get affected by this. Services/client on Ruby/Jruby for example, on the other hand will have problems similar to curl. ...
This is more of an extended version of the tweet here If you haven't had a look at pod-affinity and anti-affinity, it's a great way which one can use to distribute the pods of their service across zones. https://t.co/iqhbyhruD8 (1/n) — Tasdik Rahman (@tasdikrahman) February 23, 2020 PodAntiAffinity/PodAffinity were released in beta some time back in 2017, in the 1.16 release for k8s, along with node affinity/anti-affinity, taints and tolerations and custom scheduling. ...
This was originally published under Gojek’s engineering blog by me, this post is a repost. If you have worked around managing Kubernetes clusters on your infrastructure — instead of going with a managed version provided by cloud providers — chances are that you already are managing an etcd cluster. In case you are new to it, this post is for you. We’ll get the basics out of the way first, and define what Etcd is. ...
This was originally published under Gojek’s engineering blog by me, this post is a repost. There’s one thing all devices connected to the Internet have in common — they rely on protocols called SSL/TLS to protect information in transit. SSL/TLS are cryptographic protocols designed to provide secure communication over insecure infrastructure. Any communication over the public internet should be encrypted, for which we need SSL certificates. There are many cases for public communication in GOJEK as well. Some of them are listed below: ...
Anyone who is evaluating into having a networking solution for their kubernetes cluster without having a lot of moving parts in the cluster, kuberouter provides pod networking, ability to enforce network policies, IPVS/LVS service proxy among other things. The problem which we faced specifically while running this in our clusters was missing routes upon restart of the node, or sometimes in the case when the node was joining the cluster as part of the worker node. ...