-
Update GCP IAM Adaptively with Terraform DataSources
In a scenario where a service account in a central GCP project needs to be accessible by a group of GKE service accounts across multiple GCP projects, the IAM part in Terraform HCL could look like I can make a variable for the members so it becomes But still the project_ids variable needs to be…
-
Kubernetes Jobs and Istio
Note: the Job in the title refers to the Job resource in a Kubernetes cluster. At the time the Istio sidecar doesn’t play well with a Job or a Cronjob, because the istio-proxy might not be ready when the Job starts (which causes connection issues for the job) and won’t exit after the job finishes…
-
Mining Ethereum with AMD 6600 XT on Ubuntu Linux
Warning: Ethereum(ETH) will migrate to PoS(Proof of Stake) algorithm in near future, maybe in a year. So jumping into ETH mining now might or might not be profitable. Also, I do I encourage crypto mining with renewable energy sources. Prerequisite: A PC running on Ubuntu 20.04 with stable Internet connection AMD RX 6600 XT is…
-
Combine GitHub Actions with FluxCD
I started my hobby project SausLink( a tinyURL like URL shortener ) a while ago, as it was really boring during covid lockdowns. The web app itself isn’t anything cutting-edge but I intended to implement full git-ops for this project. For the CI pipeline, I chose GitHub Actions because it’s easy and also free for…
-
1-Step Away From Fossil Fuel: Sanden Heat Pump
After weeks of waiting, thanks to lock downs in Victoria, I finally have a 315L Sanden Heat Pump installed, replacing my who-knows-how old gas instantaneous water heater. The job has been done professionally by SolarFlow, kudos to the team! I can label myself an environmentalist who keeps trying to minimize my own carbon footprint but…
-
Use Variables with Kustomize, Part 2
I was looking at the Kustomize variable trick I did a year ago and I think I’ve learned some new tricks worth noting down. Variables are very handy most of the times, here’s a pattern to define a variable to be used in Kustomize templates and set its value via annotations. There you have it:…
-
Automate SSL/TLS Certificates for Kubernetes and Istio with Cert Manager
It’s been a lot easier nowadays to turn on full site SSL/TLS encryption with an ACME issuer such as the popular non-profit Let’s Encrypt which I’ve started using it a few months ago. However the free certificates from Let’s Encrypt are only valid for 90 days and I have been notified to renew them already.…
-
Grant a Service Account an IAM Role in AWS/GCP
How to grant a pod running in a Kubernetes cluster necessary permissions to access cloud resources such as S3 buckets? The most straight forward approach is to save some API key in the pod and use it to authenticate against cloud APIs. If the cluster is running inside the cloud, an IAM role can then…