-
Combine GitHub Actions with FluxCD
I started my hobby project SausLink( a tinyURL like URL shortener ) a while ago, as it was really boring during covid lockdowns. The web app itself isn’t anything cutting-edge but I intended to implement full git-ops for this project. For the CI pipeline, I chose GitHub Actions because it’s easy and also free for…
-
Use Variables with Kustomize, Part 2
I was looking at the Kustomize variable trick I did a year ago and I think I’ve learned some new tricks worth noting down. Variables are very handy most of the times, here’s a pattern to define a variable to be used in Kustomize templates and set its value via annotations. There you have it:…
-
Automate SSL/TLS Certificates for Kubernetes and Istio with Cert Manager
It’s been a lot easier nowadays to turn on full site SSL/TLS encryption with an ACME issuer such as the popular non-profit Let’s Encrypt which I’ve started using it a few months ago. However the free certificates from Let’s Encrypt are only valid for 90 days and I have been notified to renew them already.…
-
Grant a Service Account an IAM Role in AWS/GCP
How to grant a pod running in a Kubernetes cluster necessary permissions to access cloud resources such as S3 buckets? The most straight forward approach is to save some API key in the pod and use it to authenticate against cloud APIs. If the cluster is running inside the cloud, an IAM role can then…
-
TLS Full Site Encryption with Istio and Let’s Encrypt
These are steps to easily install TLS certs to a Kubernetes cluster with Istio service mesh as ingress controller, provided by Let’s Encrypt‘s awesome certbot. Installation of the certbot (on Ubuntu Linux 20.04LTS) The certbot can be install via snap on Ubuntu Linux By default certbot needs to write to system directories which I thought…
-
A Kubernetes ClusterSecret
No, at this moment ClusterSecret, unlike ClusterRole, doesn’t officially exist in any version of Kubernetes yet. I’ve seen some discussion like this, so looks like it will be a while to have a ClusterSecret. But why do I need a ClusterSecret in the first place? The reason is very simple: To be DRY. Imagine I…
-
Hello World, Grafana Tanka
I liked YAML a lot, until it gets longer and longer, and even longer. There are tools to make YAML ‘DRY’, the popular ones are Helm and Kustomize. But none of them can say it got the job done. To be honest, I didn’t like Helm much from the start. Helm uses templating syntax similar…
-
Rebuild a Kubernetes Node Without Downtime
When I built the in-house Kubernetes cluster with Raspberry PIs, I followed the kubeadm instructions and installed Raspberry PI OS on the PIs. It was all good except the RPI OS is 32-bit. Now I want to install a Ubuntu 20.04 Server ARM64 on this PI, below are steps with which I rebuilt the node…