Latest stories

Ignore Consul Connect container logs in Filebeat on kubernetes

Consul Connect is a great service mesh, but the log output can be very noisy. Using sidecar injection via annotations will cause Envoy proxy and Consul lifecycle containers (consul-connect-envoy-sidecar and consul-connect-lifecycle-sidecar respectively) to be injected into your Pods, meaning that Filebeat will parse their output in stdout the same as your application container. Currently log...

SSH into private GKE nodes using Cloud IAP

If you have created private Google Kubernetes Engine clusters for security reasons, you may still need to SSH into the nodes from time-to-time. Luckily Google Cloud provides Identity-Aware-Proxy tunnelling via gcloud so you do not need a VPN connection to the VPC the cluster resides within. However in order for this to work you will need to create a firewall rule that targets your GKE nodes using...

Convert URL to slug in helm chart template

If you are supplying a domain or URI/URL to a Kubernetes manifest in a Helm chart template, you may need to convert the value to remove the dots/periods since most Kubernetes resources will not allow them.

You can use the Helm template function replace and a pipeline to convert values where necessary.

Access GCR Docker images from other Google Cloud Projects using Terraform

If you have multiple Google Cloud Projects and want to pull Container Registry images from other projects, you will need to grant each project access by adding a role to the a few service accounts specific to each Project. For Kubernetes Engine or Compute Engine you will need to add the role to the Compute Engine default service accountFor Cloud Build you will need to add the role to the Cloud...

Access Compute Engine VM images from other Google Cloud Projects using Terraform

If you have multiple Google Cloud Projects and want to access your GCE VM images from a single project, you will need to grant each project access by adding a role to the Google APIs service account specific to each Project. Confusingly this requires the use of the Project ID as opposed to the Project Name. Note that using google_project_iam_member in Terraform will simply add that role to the...

go install: no install location for directory outside GOPATH on macOS

If you are trying to install packages using dep from gopkg.toml or update your gopkg.lock with new dependencies on macOS, you may come across this error… go install: no install location for directory /Users/somebody/project outside GOPATH Your environment may not have GOPATH or GOBIN set, in which case as a simple solution you can set them relative to your home directory. (more advanced use...

No cached mapping for this field. Refresh field list from the Index Patterns page

With newly indexed Elastic Stack Elasticsearch documents (from Elastic APM or Filebeat/Logstash for example) you may see a warning “No cached mapping for this field. Refresh field list from the Management > Index Patterns page.” in Kibana when inspecting an event. To refresh the field list from Kibana you can go into the Management tab from the navigation on the left-hand side, then...

Port forward Elasticsearch Head to Kubernetes Statefulset

If you prefer Elasticsearch Head to oversee cluster-wide operations but miss having it installed on-cluster (now that it is not available ES v5 and above) plus run Elasticsearch as a Kubernetes Statefulset, then you can run Elasticsearch Head as a Chrome plugin and port forward to the Statefulset. This assumes that you have installed Elasticsearch in a standard way such as via the Elastic Helm...