Category: Systems Admin

  • ArgoCD, Jsonnet and Tanka

    Ever since I’ve installed ArgoCD in my garage Kubernetes lab, I wanted to make Tanka work with ArgoCD, so that I can do GitOps with Jsonnet, in addition to YAML, kustomize and helm charts. I was hugely inspired by(read: copied and pasted from) this blog post. Here are the steps I made Tanka worked as […]

  • Sideloader: An InitContainer to Sideload Stuff to Your Main Container

    After having played with ArgoCD for a few days, I came cross a blog post on how to get Grafana Tanka to work with ArgoCD. I like the idea to have Tanka as a plugin of ArgoCD, because: The main ArgoCD docker image doesn’t get bloated by all those binaries we want to use with […]

  • Run ArgoCD with Istio Service Mesh in a Kubernetes Cluster

    It’s been quite a while since I installed Flux CD V2 in my garage Kubernetes lab, as there’s a lot of debate going on between Flux and ArgoCD I decided to give ArgoCD a go. The other reason to try ArgoCD is that it supports Jsonnet. By default installation, ArgoCD will use self-signed TLS certificate […]

  • Update GCP IAM Adaptively with Terraform DataSources

    In a scenario where a service account in a central GCP project needs to be accessible by a group of GKE service accounts across multiple GCP projects, the IAM part in Terraform HCL could look like I can make a variable for the members so it becomes But still the project_ids variable needs to be […]

  • Kubernetes Jobs and Istio

    Note: the Job in the title refers to the Job resource in a Kubernetes cluster. At the time the Istio sidecar doesn’t play well with a Job or a Cronjob, because the istio-proxy might not be ready when the Job starts (which causes connection issues for the job) and won’t exit after the job finishes […]

  • Combine GitHub Actions with FluxCD

    I started my hobby project SausLink( a tinyURL like URL shortener ) a while ago, as it was really boring during covid lockdowns. The web app itself isn’t anything cutting-edge but I intended to implement full git-ops for this project. For the CI pipeline, I chose GitHub Actions because it’s easy and also free for […]

  • Use Variables with Kustomize, Part 2

    I was looking at the Kustomize variable trick I did a year ago and I think I’ve learned some new tricks worth noting down. Variables are very handy most of the times, here’s a pattern to define a variable to be used in Kustomize templates and set its value via annotations. There you have it: […]

  • Automate SSL/TLS Certificates for Kubernetes and Istio with Cert Manager

    It’s been a lot easier nowadays to turn on full site SSL/TLS encryption with an ACME issuer such as the popular non-profit Let’s Encrypt which I’ve started using it a few months ago. However the free certificates from Let’s Encrypt are only valid for 90 days and I have been notified to renew them already. […]