• Keeping the terraform state in a Kubernetes Secret

    2 min read

    terraform state Kubernetes Secret

    Storing the terraform state into a S3 bucket with dynamoDB for locking has become the de facto standard for being able to share the state across an organization. Nevertheless, there are interesting alternatives: We can use a Kubernetes Secret

    19/04/2022

    Read more...
  • terraform: Get the latest AMI id

    2 min read

    Terraform AWS AMI datasource latest

    Hard coding values is never a good idea, using the aws_ami datasource we can query AWS to fetch the latest AMI available, or any AMI really, as long as we properly set the filters so than just one AMI is selected.

    06/04/2022

    Read more...
  • Kubernetes: Autoscaling using Prometheus as a external metrics provider

    5 min read

    kubernetes hpa prometheus external metrics

    Using an external metrics provider (Kubernetes 1.10+) we can use an HorizontalPodAutoscaler to automatically scale applications using any metric collected by Prometheus. Let's take a look on how to configure it

    05/04/2022

    Read more...
  • Building container images on Kubernetes with Kaniko

    3 min read

    kaniko docker build Kubernetes

    When trying to build container images on Kubernetes we might be tempted to use the Docker in Docker approach: To do this you'll need to:

    • Run a docker daemon on the nodes, either as a service or as a container runtime (which it is deprecated since 1.20)
    • Allow the Pod to communicate with docker's socket

    This approach is considered a security risk and it should be avoided.

    As alternative, we can use kaniko: It is a tool to build container images inside containers (hence, Kubernetes clusters)

    04/04/2022

    Read more...
  • terraform: Update a Lambda function when the code changes

    2 min read

    AWS Lambda terraform aws_lambda_function archive_file

    If we are using the archive_file datasource to zip some Lambda function to be able to push it to AWS, we need to se the source_code_hash with it's hash to make sure the function gets updated when it changes:

    01/04/2022

    Read more...

More recent...

Older content...