Posts

I did this trip last year, in August 2019. Finishing this was long overdue. Trying to follow up with the manager of Khawa karpo as Sushant and Rajat also finished their sharing of dinner which we were grabbing to call it a day. We all rushed as I grabbed my takeaway, to get a rick to catch my bus which was due to leave in about 15mins or so. Didn’t try bargaining too much and just went ahead with the exorbitant charge for the meagre ~1km which was to be traversed. ...

This post was originally published in Gojeks engineering blog, here, this post is a cross post of the same This post is more of a continuation to this tweet A few notes on @kubernetes cluster upgrades on GKE (1/n) — Tasdik Rahman (@tasdikrahman) July 21, 2020 If you are running kubernetes on GKE, chances are that you are already doing some form of upgrades for your kubernetes clusters, given that their release cycle is quarterly, which means you will have a minor version bump every quarter in the upstream. That is really a high velocity for version releases, but that’s not the focus of this post, the focus is on how you can attempt to keep up with this release cycle. ...

This post was originally published in Gojeks engineering blog, here, this post is a cross post of the same If you are on rails, you would have noticed that the rails logs which you get by default are quite verbose and spread across multiple lines, even if the context is of processing just one simple controller action. What I will discuss in this post is how can one sanitize the logs, without losing out on information along with how you can add additional information for your log lines to make full use of the querying features of your logging platform. ...

This was originally published under Gojek’s engineering blog by me, this post is a repost. We at Gojek have been running Istio 1.4 with a multi-cluster setup for some time now, on top of which, we have been piloting a few reasonably high throughput services in production, serving customer-facing traffic. One of these services hits ~195k requests/minute. In this blog, we’ll deep dive into what we have learnt and observed by using Istio’s networking APIs. ...

With the root cert expiring for sectigo, the older linux distributions are not properly ignoring the cert. I have seen this affect boxes which ran ubuntu 16.04, but there would be others too. Didn’t notice anything on Debian 10(buster) As people have pointed out around, this is an openssl 1.0.2 bug. So even a system upgrade wouldn’t help the situation wouldn’t help, as this would require an actual distro upgrade. Programs which don’t depend on openssl(like go binaries), won’t get affected by this. Services/client on Ruby/Jruby for example, on the other hand will have problems similar to curl. ...

This is more of an extended version of the tweet here If you haven't had a look at pod-affinity and anti-affinity, it's a great way which one can use to distribute the pods of their service across zones. https://t.co/iqhbyhruD8 (1/n) — Tasdik Rahman (@tasdikrahman) February 23, 2020 PodAntiAffinity/PodAffinity were released in beta some time back in 2017, in the 1.16 release for k8s, along with node affinity/anti-affinity, taints and tolerations and custom scheduling. ...

This was originally published under Gojek’s engineering blog by me, this post is a repost. If you have worked around managing Kubernetes clusters on your infrastructure — instead of going with a managed version provided by cloud providers — chances are that you already are managing an etcd cluster. In case you are new to it, this post is for you. We’ll get the basics out of the way first, and define what Etcd is. ...

This was originally published under Gojek’s engineering blog by me, this post is a repost. There’s one thing all devices connected to the Internet have in common — they rely on protocols called SSL/TLS to protect information in transit. SSL/TLS are cryptographic protocols designed to provide secure communication over insecure infrastructure. Any communication over the public internet should be encrypted, for which we need SSL certificates. There are many cases for public communication in GOJEK as well. Some of them are listed below: ...

Anyone who is evaluating into having a networking solution for their kubernetes cluster without having a lot of moving parts in the cluster, kuberouter provides pod networking, ability to enforce network policies, IPVS/LVS service proxy among other things. The problem which we faced specifically while running this in our clusters was missing routes upon restart of the node, or sometimes in the case when the node was joining the cluster as part of the worker node. ...

Update I gave a quick lightening talk about the same talk @ DevopsDays India, 2019. The slides for which can be found below What canary can be Shaping the traffic in a way, so that we could direct a % of traffic to the new pods and promoting the same deployment to a full scaleout and gradually phasing out the older release. Why canary? Testing on staging doesn’t weed out all the possible reasons for something failing, final testing for a feature being done on some part of the traffic is not something unheard of. Canary being a precursor to enable full blue green deployments. ...