-
sceptre: Using Stack Outputs for Dependent CloudFormation Stacks
2 min read
Sceptre is a command-line tool that allows you to manage AWS CloudFormation stacks. One of the features of sceptre is the ability to use stack outputs in other stacks, allowing you to create a dependent relationship between stacks, where one stack's output can be used as an input to another stack.
30/01/2023
Read more... -
OpenShift: disabling the web console
2 min read
When running an OpenShift cluster we'll find that it exposes a web-based console that not only allows you to deploy applications, but also managing the cluster. However, since it is an additional way to access the cluster we might have some concerns about it, specially from the security perspective. Specifically, the console can be a potential attack vector to gain unauthorized access to the cluster. Let's see how to disable it.
26/01/2023
Read more... -
Kubernetes: Operator vs Controller
2 min read
In Kubernetes some times we talk about controllers and operators as if they are interchangeable. Some times they are, but there's a difference that in some cases makes it incorrect.
25/01/2023
Read more... -
What's Immutable infrastructure?
2 min read
Immutable infrastructure is a method of managing infrastructure where resources are replaced, rather than modified. Being able to create new instances easily, servers become disposable: cattle, not pets.
24/01/2023
Read more... -
What's the difference between kubectl apply and kubectl replace?
2 min read
To update a kubernetes object we can use kubectl apply or kubectl replace, but depending on what and how we want it updated we need to use one or the other.
23/01/2023
Read more... -
Render helm charts for an ArgoCD application using Kustomize
2 min read
We can tell Kustomize to render a helm chart using the --enable-helm flag. In order to render it in the same way using ArgoCD, we'll have to create a plugin that will have this flag.
17/01/2023
Read more... -
OpenShift: Using oc-mirror to create image mirrors for air gapped environments
4 min read
Combining oc-mirror with ImageContentSourcePolicy we can configure image mirrors for container images in OpenShift. We can use it to setup air gapped environments: The images won't be available for the source repository, just from the internal mirror. This way we can audit them before allowing our cluster to use them
16/01/2023
Read more... -
Kustomize: Render a helm chart (to patch it!)
2 min read
The topic is hot: Kustomize or Helm? While this discussion around this topic could continue indefinitely, the good news is that both tools can be utilized in conjunction, enhancing each other's capabilities.
12/01/2023
Read more... -
External Secrets Operator: Using versioned secrets from the AWS Secrets Manager
2 min read
When using the AWS Secrets Manager, every time a secret is updated, it creates a new version with a unique uuid. It will also update the VersionStages AWSCURRENT and AWSPREVIOUS to point to the current and the previous version. We can use them with the External Secrets Operator to retrieve the current and the previous version of a secret
11/01/2023
Read more... -
Mask dynamic secrets from GitHub Action's logs
2 min read
GitHub will mask all the configured secrets from it's logs, but sometimes some secrets are retrieves from different sources (like AWS credentials, secrets fetched from other sources...) We don't want them to be stored as clear text in the GiHub's Actions logs, so we'll have to use add-mask to prevent it
10/01/2023
Read more...