Deploying Cloud Resources with Pulumi and LocalStack

2 min read

Pulumi is a powerful infrastructure as code tool that allows developers to deploy and manage cloud resources using familiar programming languages. However, when it comes to using Pulumi with LocalStack, there are some changes that need to be made to make Pulumi be able to reach LocalStack.

25/04/2023

Pulumi vs. Terraform: Choosing the Right Infrastructure as Code Tool for Your Needs

3 min read

Pulumi and Terraform are both infrastructure as code (IAC) tools that allow users to provision and manage infrastructure using code, rather than manual configuration. The main difference between the two is how they achieve this goal.

24/04/2023

Prometheus: Using Namespace Labels to Narrow Down Prometheus Query Results

1 min read

We can use the labels of a namespace to narrow down the results of a query. For example. we are going to write a query to identify Kubernetes namespaces that have external secrets in a non-ready state and belong to a specific team (we are going to use team-a in this example).

19/04/2023

Generate ServiceAccount Secrets

1 min read

Starting Kubernetes 1.24, Secrets are not automatically generated when Service Accounts are created. Since we won't have a Secret generated when we create the ServiceAccount, how can we create ServiceAccount Secrets so that External Applications can access the Kubernetes API?

17/04/2023

Kubernetes Backup and Restore: Install Velero on AWS

3 min read

Velero is an open-source tool that helps you backup, restore, and migrate Kubernetes resources and volumes. It provides a simple and reliable way to protect your Kubernetes applications and data from data loss or disasters. Although Velero supports multiple cloud providers, in this post we are just going to see how to install it on AWS (both using IRSA and an explicit IAM role)

12/04/2023

Managing Access Control in Kubernetes Using ResourceNames

2 min read

In Kubernetes, access control is managed using Role-Based Access Control (RBAC), which allows administrators to define roles with specific permissions to access Kubernetes resources. Most of the time we'll grant permissions for any resources of a specific kind and apiGroup as follows:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: simple-rbac
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]

If we want to grant access to just some of the resources, we'll have to add a list of resourceNames. This field allows administrators to grant permissions to specific resources within a namespace, rather than all resources of a particular type.

11/04/2023

How to Fix the "invalid active developer path" error

2 min read

Have you encountered the invalid active developer path error while trying, for example, to use git on your macOS system? This error occurs because Git requires the Command Line Tools for Xcode to be installed on your system (typically you'll encounter this after updating the system)

$ git
xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun

06/04/2023

How to Change the Scope of a Kubernetes API Resource with Operator-SDK

2 min read

When creating a new API resource using the operator-sdk we can use the namespaced flag to make it Namespaced:

$ operator-sdk create api --group group \
                          --version v1 \
                          --kind Example \
                          --resource \
                          --controller

Or in the cluster scope:

$ operator-sdk create api --group group \
                          --version v1 \
                          --kind Example \
                          --resource \
                          --controller \
                          --namespaced=false

Maybe because we forgot to add the flag or because we have changed our mind, we don't need delete the object to change the scope of it, let's see how.

05/04/2023

How to Monitor Kubernetes Applications with Prometheus Operator

2 min read

Prometheus is an open-source systems monitoring and alerting toolkit that users a multi-dimensional data model with time series data identified by metric name and key/value pairs.

The Prometheus operator is a Kubernetes operator that simplifies the provision and management of Prometheus instances on Kubernetes. It provides easy management of Prometheus instances as native Kubernetes resources, and also includes a built-in service discovery mechanism to automatically discover and monitor Kubernetes services.

04/04/2023