Securing Secrets using Vault and AppRole Auth

Security is an essential and a core part of operations and thus keeping secrets secured is vital. Unfortunately, for many an organization, this is often not a priority.

The lack of zeal toward managing secrets is likely related toward the complexity involved. Managing configuration artifacts have well established patterns using change configuration (Puppet, Chef, Ansible, Salt Stack) tools, using service discovery with KV stores (etcd, Consul, Zookeeper), or through simpler means like environment vars and config files.

When the configuration artifacts are secrets, called secrets artifacts, you have to not only encrypt the secrets, but also secure who or what…


Using external-dns add-on with Azure DNS and AKS

This article covers using ExternalDNS to automate updating DNS records when applications are deployed on Kubernetes. This is needed if you wish to use a public endpoint and would prefer a friendlier DNS name rather than a public IP address.

This article will configure the following components:

As apart of this exercise, two demonstration programs will demonstrate use of ExternalDNS:

Requirements

Registered domain name


Managing DNS Records with Azure DNS

After creating a system with a public IP, you can add a friendly DNS name to reference this such as appvm.example.com.

Terraform can automatically create or update DNS records for many services: Azure DNS, AWS Route53, Google Cloud DNS, GoDaddy, CloudFlare, etc.

Once you purchased a domain name, such as through a service like GoDaddy, you have a few options for automating DNS:

  1. update records for your domain (e.g. example.com) directly with GoDaddy DNS servers
  2. create a subdomain, e.g. dev.example.com, and have Azure DNS manage records for your subdomain, e.g. dev.example.com.
  3. update records for your domain, e.g. example.com, …

Getting Started on Azure VM and Infrastructure

When getting started on a new technology, one method is to take what you know and just do the same sort of things on the new platform.

For this guide, I will essentially do this: ❶ create network infrastructure and ❷ put a Linux VM machine on that network infrastructure.

We’ll also create some storage that can be used for boot diagnostics, should the system fail in a way that is not captured by the logs.

This article will teach two conceptual domains:

  • Azure cloud resources: Linux VM + network infrastructure
  • Terraform modularization using modules

Tool Requirements


Provision an AKS Kubernetes Cluster with Azure CLI

This article covers provisioning a sizable AKS cluster using Azure CLI. In the past, I covered articles covering how to do this with EKS and GKE, so this will be the third set of series around AKS with a guide to how to get off the ground (to get started).

For this solution to work, you will likely need to submit a request to Microsoft to extend quotas for Azure. Azure quotas are quite limited and will not permit you to create a 3 × Kubernetes worker node cluster with one Kubernetes worker node per zone.

Previous Articles

Below are some articles…


Automate Helm Charts with Helmfile

In the Kubernetes community, it would be a surprise to find anyone that does not yet know about the popular Helm tool to deploy services. Similar to tools like Homebrew for macOS or Chocolatey for Windows, you can install a solution on Kubernetes easily with helm install <package-name>.

Using helm charts

Helm charts share one thing in common with change config tools like Chef, Consul-Template, Ansible, Puppet, or Salt Stack, where you can use a template engine like ERB or Jinja to dynamically compose a configuration file. …


Explore Log Shipping with FileBeat

On my journey in the DevOps cultural revolution, like many, has been heavy on the automation. This started with change configuration platforms (Chef, Puppet, Ansible, Salt Stack), infrastructure as code (Ansible, Terraform), and immutable infrastructure (Docker, Kubernetes).

However automation was only one the aspects in DevOps.

DevOps Models

In DevOps model called CAMS (Damon Edwards), which was augmented later to become the CALMS model (Jez Humble), here are the aspects including automation:

  • Culture (or Collaboration)
  • Automation
  • Lean
  • Measurement
  • Sharing

One area that I found vital yet often neglected is measurement, and so in my DevOps journey, I wanted to devote some energy…


Configure Vagrant with KVM (Ubuntu)

When developing for cloud native solutions, I occasionally need to setup clean isolated environments using virtualization for testing or modelling solutions. One of the tools for my development system used to manage virtual machines is the popular Vagrant tool from Hashicorp.

Vagrant by default supports Virtualbox, but what if I want to use the native Linux virtualization solution with KVM? Well, you can with the vagrant-libvirt plug-in.

This article will cover how to install and setup these components on Ubuntu 20.04.1 LTS (Focal Fossa).

Installation Steps

Prerequisite Tools

These are instructions use GNU bash that comes standard on most distros. …


Using Azure Blob Storage with MinIO Azure Gateway

Azure like other cloud providers has support for an object store, called Azure Blob Storage. This solution is similar to S3 or GCS, but unfortunately, most applications out there will not have direct support for Azure Blob Storage.

We can get past this limitation using MinIO Azure Gateway, which will provide an S3 interface for the Azure Blob Storage.

This tutorial will walk you through how to create an Azure Blob Storage, and then use Docker-Compose to run a MinIO Azure Gateway with some sort of client to access our system.

The Tools

These are the tools required to fully use this…


Provision Amazon EKS cluster with Existing VPC using Eksctl

Now that we have an existing VPC infrastructure, we can provision Amazon EKS. In this article I will cover two main topic take-aways:

  • Using eksctl to quickly provision EKS using VPC infrastructure created by Terraform.
  • Using Terraform templatefile as craft the eksctl configuration.

Previous Article

This code will create a EKS-ready VPC cluster: private and public subnets per availability zone and tag appropriately for EKS.

Tools

  • AWS CLI: this allow programmatic access to AWS cloud.
  • eksctl: this is provisioning tool we’ll use to create EKS cluster.
  • Terraform: this is provisioning and templating tool used to create eksctl configuration based on existing infrastructure.

Method 1: The Labor Intensive Way

The…

Joaquín Menchaca (智裕)

Linux NinjaPants Automation Engineering Mutant — exploring DevOps, Kubernetes, CNI, IAC

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store