-
OpenShift: Using oc-mirror to create image mirrors for air gapped environments
4 min read
Combining oc-mirror with ImageContentSourcePolicy we can configure image mirrors for container images in OpenShift. We can use it to setup air gapped environments: The images won't be available for the source repository, just from the internal mirror. This way we can audit them before allowing our cluster to use them
16/01/2023
Read more... -
Kustomize: Render a helm chart (to patch it!)
2 min read
The topic is hot: Kustomize or Helm? While this discussion around this topic could continue indefinitely, the good news is that both tools can be utilized in conjunction, enhancing each other's capabilities.
12/01/2023
Read more... -
External Secrets Operator: Using versioned secrets from the AWS Secrets Manager
2 min read
When using the AWS Secrets Manager, every time a secret is updated, it creates a new version with a unique uuid. It will also update the VersionStages AWSCURRENT and AWSPREVIOUS to point to the current and the previous version. We can use them with the External Secrets Operator to retrieve the current and the previous version of a secret
11/01/2023
Read more... -
Mask dynamic secrets from GitHub Action's logs
2 min read
GitHub will mask all the configured secrets from it's logs, but sometimes some secrets are retrieves from different sources (like AWS credentials, secrets fetched from other sources...) We don't want them to be stored as clear text in the GiHub's Actions logs, so we'll have to use add-mask to prevent it
10/01/2023
Read more... -
Wait for Kubernetes objects to become available using kubectl wait
2 min read
Sometimes we need to wait for some condition to be met before continuing applying resources on the cluster (or accessing them in som way). We can use kubectl wait to block an script until some criteria is met.
09/01/2023
Read more...