Securing Secrets using Vault and AppRole Auth

Security is an essential and a core part of operations and thus keeping secrets secured is vital. Unfortunately, for many an organization, this is often not a priority.

The lack of zeal toward managing secrets is likely related toward the complexity involved. Managing configuration artifacts have well established patterns using change configuration (Puppet, Chef, Ansible, Salt Stack) tools, using service discovery with KV stores (etcd, Consul, Zookeeper), or through simpler means like environment vars and config files.

When the configuration artifacts are secrets, called secrets artifacts, you have to not only encrypt the secrets, but also secure who or what…

Configure Vagrant with KVM (Ubuntu)

When developing for cloud native solutions, I occasionally need to setup clean isolated environments using virtualization for testing or modelling solutions. One of the tools for my development system used to manage virtual machines is the popular Vagrant tool from Hashicorp.

Vagrant by default supports Virtualbox, but what if I want to use the native Linux virtualization solution with KVM? Well, you can with the vagrant-libvirt plug-in.

This article will cover how to install and setup these components on Ubuntu 20.04.1 LTS (Focal Fossa).

Installation Steps

Prerequisite Tools

These are instructions use GNU bash that comes standard on most distros. …

Using Azure Blob Storage with MinIO Azure Gateway

Azure like other cloud providers has support for an object store, called Azure Blob Storage. This solution is similar to S3 or GCS, but unfortunately, most applications out there will not have direct support for Azure Blob Storage.

We can get past this limitation using MinIO Azure Gateway, which will provide an S3 interface for the Azure Blob Storage.

This tutorial will walk you through how to create an Azure Blob Storage, and then use Docker-Compose to run a MinIO Azure Gateway with some sort of client to access our system.

The Tools

These are the tools required to fully use this…

Provision Amazon EKS cluster with Existing VPC using Eksctl

Now that we have an existing VPC infrastructure, we can provision Amazon EKS. In this article I will cover two main topic take-aways:

  • Using eksctl to quickly provision EKS using VPC infrastructure created by Terraform.
  • Using Terraform templatefile as craft the eksctl configuration.

Previous Article

This code will create a EKS-ready VPC cluster: private and public subnets per availability zone and tag appropriately for EKS.


  • AWS CLI: this allow programmatic access to AWS cloud.
  • eksctl: this is provisioning tool we’ll use to create EKS cluster.
  • Terraform: this is provisioning and templating tool used to create eksctl configuration based on existing infrastructure.

Method 1: The Labor Intensive Way


Provisioning Virtual Private Cloud for EKS using Terraform

This article covers how to create an Amazon VPC (Virtual Private Cloud) using Terraform for the purposes of provisioning EKS (Elastic Kubernetes Service).

This will be particularly useful for those that use eksctl tool (see below for context). This will be a three part series with the following planned articles:

  1. Provisioning AWS VPC for EKS using Terraform
  2. Provisioning EKS with Existing VPC using eksctl
  3. Provisioning EKS with Existing VPC using Terraform

The Wonderful EKSCtl Tool

The eksctl tool is great because you can setup a complete production ready Amazon EKS cluster with a single command and a small eksctl config file to describe your…

Using Google Managed SSL Certificates with a GKE Cluster

There comes a time where you will need to secure web traffic for your web services on Kubernetes. Alright, that’s all the time. For GKE, you can do this with Google Managed SSL certificates.

Certificate management requires having a registered domain name. Thus, for this article, you will need to have a registered domain or subdomain on Cloud DNS and a GKE cluster with ability to update DNS records using External DNS.

This article will show walk you through using Google Managed SSL certificates with GKE.


Tool Requirements

  • Google Cloud SDK that is authorized to your google account and your account has…

Extending Kubernetes to update Cloud DNS records from GKE

Update: 2020年7月25日 Resources with blog source code link

When deploying a web application, it is preferable to use a name like rather than This requires configuring DNS records when you deploy your web application, which be done with the Kubernetes add-on ExternalDNS.

This article covers how install configure ExternalDNS to integrate Cloud DNS with Google Kubernetes Engine (GKE), so that you can automatically configure DNS records when deploying web applications. We’ll demonstrate use this facility using these Endpoints:

  • Service Resource
  • Ingress Resource

Previous Articles

Service or Ingress EndPoints

In a previous article, we covered how to configure endpoints in GKE using either a service…

Getting Started with GKE: Endpoints with Service and Ingress

After provisioning a Kubernetes cluster using GKE (Google Kubernetes Engine) and deploying a web application, such as hello-kubernetes, we want to access them through an Endpoint.

There are two common paths on Kubernetes that you can use for Endpoints:

Previous Articles

In previous articles, we covered building or provisioning the GKE cluster.

Provisioning using Cloud SDK

Provisioning using Terraform


You will need the following tool requirements:

  • Google Cloud SDK that is authorized to your google account with a regsitered Google project. …

Provision Google Kubernetes Engine with Terraform

This article shows how to build a Kubernetes cluster using GKE (Google Kubernetes Engine) using the popular Terraform tool.

About Terraform

For those that may not familiar with Terraform, it is a tool that does change configuration for cloud resources. The resources are things you configure to a desired state, such as provisioning GKE on Google Cloud.

The Terraform scripts themselves use a declarative human readable language to describe our desired infrastructure. We use the Terraform tool to apply the changes expressed in the script. …

Provision Google Kubernetes Engine with Google Cloud SDK

I have a friend that wants to learn Kubernetes, and so I thought: why don’t I kick of a zero-to-hero series on Kubernetes on Google Cloud with GKE (Google Kubernetes Engine).

This series will start with provisioning GKE cluster, deploying a stateless web application, and adding integration with DNS and TLS certificates.

For this first article, the focus will be how to provision a GKE cluster using Google Cloud SDK command line tool for interacting with Google Cloud. I will do a follow up article to show how to do something similar with Terraform.

For this exercise you will need…

Joaquín Menchaca (智裕)

Linux NinjaPants Automation Engineering Mutant — exploring DevOps, Kubernetes, CNI, IAC

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store