Lu AndyPSC-based GKE cluster isolationGKE supports two types of clusters: public and private clusters. For security reasons, GKE recommends private clusters, which use nodes…Apr 15Apr 15
Lu AndyDemystifying node surge upgrade in GKEThis article explains in-depth the way GKE performs the node surge upgrade, and what you should think about to influence the upgrade…Mar 22Mar 22
Lu AndyKubernetes’ new service account tokensYou run Pod as a service account — a system user understood by the Kubernetes control plane. Service account is used for both…Nov 27, 2023Nov 27, 2023
Lu AndyHow does GKE Workload Identify work with IAM Service AccountIAM Service Account CredentialsFeb 23, 2023Feb 23, 2023
Lu AndyDemystifying Istio VirtualService and Routing rulesIstio introduced the concept of VirtualService. It is basically a custom resources (CRD) provided in Istio, and an abstraction layer which…Nov 14, 2021Nov 14, 2021
Lu AndyUnderstanding DNS in KubernetesMany K8S network courses, when introducing the service discovery, get straight to the concept of service and the abstraction it provides to…Oct 28, 20211Oct 28, 20211
Lu AndyGo Module and Go Package CheatsheetGo v1.1 introduced Module for dependancy management. A go module by definition is a collection of related packages with go.mod file at its…Oct 24, 2021Oct 24, 2021
Lu AndyDive into Istio IngressGatewayIn this one, we will continue our journey and take a close look at the traffic management in Istio, and particularly how Istio…Sep 21, 2021Sep 21, 2021
Lu AndyKubernetes Ingress Deep DiveIn this article, we’ll dive into Kubernetes Ingress. We’ll walk through how does K8S Ingress controller operate in detail, as well as how…Sep 10, 20212Sep 10, 20212
