I like SourceTree because it provides an intuitive interface for all the git commands that I don’t remember, especially for advanced merges, etc…

This quick shortcut will help you open SourceTree from your terminal. Note, you can probably do this with other git clients. The breakdown is using the open command -a is just specifying the application.

open -a SourceTree /path/to/repoalias sourcetree='open -a SourceTree'

Then you can do:

sourcetree /path/to/repo

If you’re already in your repo directory you can do:

sourcetree .

BTW, you can also use this to open finder

open .

MacOS has KeyChain built into terminal

How to store your sensitive credentials to keychain

security add-generic-password -a "$USER" -s 'name_of_your_key' -w 'passphrase'

How to retrieve them from your keychain

security find-generic-password -a "$USER" -s 'name_of_your_key' -w

How to set this up in your .bash_profile so that you can actually use this:

NAME_OF_YOUR_KEY=$(security find-generic-password -a "$USER" -s "name_of_your_key" -w)

Now you can do something like echo $NAME_OF_YOUR_KEY and see your secret with your bash_profile being safe.

So, we’ve recently run into some interesting issues where we’ve been using GCP’s Loadbalancers on Kubernetes and serving an API endpoint that uses websockets.

The Problem: GCP LoadBalancers are not by default configured to handle websockets and optimized for http calls, because by default the load balancers have 30 second timeouts in place that causes connections to close.

You’ll see something like this happen maybe every few seconds depending on your client-server websocket ping settings.
You’ll see something like this happen maybe every few seconds depending on your client-server websocket ping settings.
You’ll see something like this happen maybe every few seconds depending on your client-server settings

This will walk you through how to setup a load balancer, ingress, and configure it for you so that you stop getting timeout outs when web-sockets ping. …

Today I will show you how to create a user with access to only one collection in a specific database in mongodb.

Step 1. Create a new role.

role: "specialcollectionReadOnly",
privileges: [
resource: {
role: 'read',
db: 'sandbox',
collection: 'specialcollection'
}, actions: ["find"]
roles: []

role: name of the new role


— resource

— — role: this is mongodb database user roles the two most common is read or readWrite

— — db: the name of your database

— — collection: the name of your collection

— roles: any other roles you…

We’ve been experimenting with Istio’s Sidecar Injects but it’s been messing with some of the logging on Google Cloud Platform’s Stackdriver logging. So just the cliff notes.

This will enable automatic istio-sidecar injections

kubectl label namespace default istio-injection=enabled

You can check with

kubectl get namespace -L istio-injection

This will disable automatic istio-sidecar injections

kubectl label namespace default istio-injection-


This is just to connect the dots going from a log that you see in Stackdriver Logging to Stackdriver Monitoring Dashboard with pretty looking Graphs.

We use Kubernetes on Google Cloud Platform’s GKE. And if you’ve got a crap load of pods, you need a centralized place to see those logs.

We used to use elasticsearch-logstash/fluentd-kibana (ELK), but switched stackdriver recently, but the concepts here should apply for both platforms.

How do you go from a stdout log output that’s on a single pod to a graph?

First in whatever platform you’re using, make sure you can see the logs on stackdriver logging or kibana.

The most confusing part on GCP Logs Viewer is to find the…

Hi there,

This is just an intro piece about who I am and why I’m writing here.

I’m the CTO of June.ai it’s an AI-first email client, check us out.

We have a really great engineering team

  • we write mostly in golang, python, and javascript
  • we use gcp, aws, digital ocean and bare metal servers
  • we use kubernetes and terraform

Most of these will be notes for myself and hopefully other people who are searching for similar problems they encounter and save them time. These notes are often how I talk to my future self — note, I usually code + write at the same time so they’re not as polished but if you hit a wall, hopefully it’ll help you out. Feel free to reach out as well: john@june.ai


John Jung

Github has recently released their github actions system which is like CI/CD but one of the biggest benefits is to be able to run full on Windows and MacOS!

The first thing that popped into my head was to take the build times for our electron app and move them over to github actions.

Anyways today I will share with you, how to build full on windows and macOS electron apps and automatically push them to releases. This demo is for people who already have electron apps already built but are doing them manually on their machines because of signing…

This is a quickstart guide because the kubernetes docs can be confusing.


Here are the parts that confused me and some clarifications:

  • Tainting a node will pretty much make that node unschedulable immediately
  • Tolerations can be pods, deployments, statefulsets, jobs, cronjobs, daemonsets, etc…
  • Tolerations says NoSchedule, but really it’s just a label matching thing so that you can match whatever pod to that node.

The most common use cases will be creating dedicated node pools where you don’t want other pods to be there with the exception of a single or group of pods.

In this theoretical example, we’ll…

StatefulSets in kubernetes are great, they allow you to build pods that are numbered, have the same name.

DaemonSets are great, they allow you to build pods that are one-per-node.

What if you need both!?


The way I ended up doing this was using node affinity — podAntiAffinity

apiVersion: apps/v1beta1 kind: StatefulSet metadata: labels: app: cool-app name: cool-app namespace: default spec: replicas: 10 selector: matchLabels: app: cool-app serviceName: cool-app template: metadata: labels: app: cool-app spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "app" operator: In values: - cool-app topologyKey: "kubernetes.io/hostname" containers: - command: - sh - -c …

John Jung

Director of Engineering @Nylas <- June.ai, Academia, and NASA

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store