Security is an essential and a core part of operations and thus keeping secrets secured is vital. Unfortunately, for many an organization, this is often not a priority.
The lack of zeal toward managing secrets is likely related toward the complexity involved. Managing configuration artifacts have well established patterns using change configuration (Puppet, Chef, Ansible, Salt Stack) tools, using service discovery with KV stores (etcd, Consul, Zookeeper), or through simpler means like environment vars and config files.
When developing for cloud native solutions, I occasionally need to setup clean isolated environments using virtualization for testing or modelling solutions. One of the tools for my development system used to manage virtual machines is the popular Vagrant tool from Hashicorp.
This article will cover how to install and setup these components on Ubuntu 20.04.1 LTS (Focal Fossa).
These are instructions use GNU bash that comes standard on most distros. …
Azure like other cloud providers has support for an object store, called Azure Blob Storage. This solution is similar to S3 or GCS, but unfortunately, most applications out there will not have direct support for Azure Blob Storage.
These are the tools required to fully use this…
Now that we have an existing VPC infrastructure, we can provision Amazon EKS. In this article I will cover two main topic take-aways:
eksctlto quickly provision EKS using VPC infrastructure created by Terraform.
This code will create a EKS-ready VPC cluster: private and public subnets per availability zone and tag appropriately for EKS.
This will be particularly useful for those that use eksctl tool (see below for context). This will be a three part series with the following planned articles:
Certificate management requires having a registered domain name. Thus, for this article, you will need to have a registered domain or subdomain on Cloud DNS and a GKE cluster with ability to update DNS records using External DNS.
This article will show walk you through using Google Managed SSL certificates with GKE.
Update: 2020年7月25日 Resources with blog source code link
When deploying a web application, it is preferable to use a name like
hello.mycompany.com rather than
18.104.22.168. This requires configuring DNS records when you deploy your web application, which be done with the Kubernetes add-on ExternalDNS.
This article covers how install configure ExternalDNS to integrate Cloud DNS with Google Kubernetes Engine (GKE), so that you can automatically configure DNS records when deploying web applications. We’ll demonstrate use this facility using these Endpoints:
In a previous article, we covered how to configure endpoints in GKE using either a service…
LoadBalancertype that will provision an external network load balancer.
In previous articles, we covered building or provisioning the GKE cluster.
You will need the following tool requirements:
For those that may not familiar with Terraform, it is a tool that does change configuration for cloud resources. The resources are things you configure to a desired state, such as provisioning GKE on Google Cloud.
This series will start with provisioning GKE cluster, deploying a stateless web application, and adding integration with DNS and TLS certificates.
For this first article, the focus will be how to provision a GKE cluster using Google Cloud SDK command line tool for interacting with Google Cloud. I will do a follow up article to show how to do something similar with Terraform.
Linux NinjaPants Automation Engineering Mutant — exploring DevOps, Kubernetes, CNI, IAC