-
AWS: Recover a released Elastic IP
2 min read
Once you release an Elastic IP, it goes back to the pool for any other customer to use it. What do we do if we accidentally release an Elastic IP address? I shouldn't be hard for use to just pick a different IP and update the records accordingly if we are using IaC (terraform, pulumi, crossplane...)
However, sometimes there will be configuration relative to that particular Elastic IP out our control: third-party white listings would be a clear instance of this kind of situations. Can we request AWS to recover a released Elastic IP?
30/03/2022
Read more... -
Kubernetes: Enforcing policies using the OPA gatekeeper
6 min read
We might call it best-practices or policies but most organizations have some rules about how their applications should run, for example: Do not use the latest tag. Some others might even be required to meet certain compliance requirements to reach some security standard, for example: Do not use NodePort services.
To be able to enforce these policies we can use a policy engine like OPA.
29/03/2022
Read more... -
Kubernetes: How to configure Deployment to evenly spread Pods across availability zones
5 min read
If you run Kubernetes workloads on AWS you want to make sure Pods are spread across all the available availability zones. To do so we can use podAntiAffinity to tell Kubernetes to avoid deploying all the Pods of the same deployment on the same AZ
28/03/2022
Read more... -
ArgoCD redirect loop when using a Ingress objects with HTTPS offloading
3 min read
When enabling an Ingress for ArgoCD we might end up with a redirect loop: ArgoCD keeps redirecting to the main page using https, even tough it is already using https:
$ curl -I https://argocd.pet2cattle.com/ HTTP/2 307 date: Wed, 23 Mar 2022 22:38:31 GMT content-type: text/html; charset=utf-8 location: https://argocd.pet2cattle.com/This issue happens because, by default, ArgoCD expects to handle the TLS termination by itself, always redirecting HTTP requests to HTTPS. If we try to offload the TLS termination to the ingress controller, from ArgoCD's perspective the connection is HTTP, so it keeps redirecting to HTTPS
24/03/2022
Read more... -
Crossplane: Share data between resources within the same Composite
6 min read
Following up on the previous crossplane example on Composition: creating a SecurityGroup and a SecurityGroupRule using a Composition we are now going to push information from one of the objects into the Composition and then push it back to the other resource:
The composistion is going to create a SecurityGroup and push it's ID up to the Composite's status. Once the ID is on the Composition, this will push this ID into the SecurityGroupRule to set the SecurityGroup's ID to which we want to create the rule
22/03/2022
Read more...