• Building container images on Kubernetes with Kaniko

    3 min read

    kaniko docker build Kubernetes

    When trying to build container images on Kubernetes we might be tempted to use the Docker in Docker approach: To do this you'll need to:

    • Run a docker daemon on the nodes, either as a service or as a container runtime (which it is deprecated since 1.20)
    • Allow the Pod to communicate with docker's socket

    This approach is considered a security risk and it should be avoided.

    As alternative, we can use kaniko: It is a tool to build container images inside containers (hence, Kubernetes clusters)

    04/04/2022

    Read more...

  • terraform: Update a Lambda function when the code changes

    2 min read

    AWS Lambda terraform aws_lambda_function archive_file

    If we are using the archive_file datasource to zip some Lambda function to be able to push it to AWS, we need to se the source_code_hash with it's hash to make sure the function gets updated when it changes:

    01/04/2022

    Read more...

  • AWS: Recover a released Elastic IP

    2 min read

    aws EIP EC2

    Once you release an Elastic IP, it goes back to the pool for any other customer to use it. What do we do if we accidentally release an Elastic IP address? I shouldn't be hard for use to just pick a different IP and update the records accordingly if we are using IaC (terraform, pulumi, crossplane...)

    However, sometimes there will be configuration relative to that particular Elastic IP out our control: third-party white listings would be a clear instance of this kind of situations. Can we request AWS to recover a released Elastic IP?

    30/03/2022

    Read more...

  • Kubernetes: Enforcing policies using the OPA gatekeeper

    6 min read

    Kubernetes Policy enforcement OPA gatekeeper

    We might call it best-practices or policies but most organizations have some rules about how their applications should run, for example: Do not use the latest tag. Some others might even be required to meet certain compliance requirements to reach some security standard, for example: Do not use NodePort services.

    To be able to enforce these policies we can use a policy engine like OPA.

    29/03/2022

    Read more...

  • Kubernetes: How to configure Deployment to evenly spread Pods across availability zones

    5 min read

    If you run Kubernetes workloads on AWS you want to make sure Pods are spread across all the available availability zones. To do so we can use podAntiAffinity to tell Kubernetes to avoid deploying all the Pods of the same deployment on the same AZ

    28/03/2022

    Read more...

More recent...

Older content...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets
cloud
minikube krew AWS MacOS history Kustomize k3s Deployment probe datasource PersistentVolume Prometheus provider spot instances GitHub multiarch Terraform Kubernetes ASG Docker IRSA Job Lambda Workflow EBS CDK golang Policy enforcement Traefik Volume template Git troubleshooting drain Troubleshooting patch ALB ArgoCD git cluster autoscaler EKS ExternalSecret for_each Argo Workflows HPA Pod RBAC HCL Pulumi Service ssh diff Ingress OpenShift container images Argo EC2 state github action Environment context Crossplane Secret typescript operator-sdk deployment Helm Kaniko awscli