stream of engineering
If you have a need to store secrets in a secure manner there are numerous options out there; one of the more popular and cloud agnostic ones out there is Hashicorp Vault. If you've used Vault you are likely familiar with its concept of tokens, but you may or may not be familiar with the … Continue reading Simplified orphan token creation for Hashicorp Vault
If you deploy applications to Kubernetes, you probably have brushed shoulders with Helm charts and have likely even developed a chart on your own. Helm charts are a great way to custom tailor each installation/upgrade of a given application by dynamically generating all the Kubernetes YAML based on the set of values that you pass … Continue reading Automating helm releases with helmfile & helmfile-deploy
Generally there are two large parts involved with making an application available on k8s (Kubernetes). First is deploying your service/application. Second is making it available on well known endpoints (i.e. via known FQDNs). In k8s there are many different approaches to handling the latter, however one popular way involves declaring and wiring up some combination … Continue reading appconduits: manage custom Ingresses via Helm
Moving your applications from a traditional architecture where your apps are directly installed on VMs to a container orchestration engine is a large task. Regardless of your orchestrator choice you are generally going to have to deal with the task of figuring out how to deliver your container's their required application specific configuration. App configuration … Continue reading appdeploy: a helm chart for consistency
Lets say you have two apps available at a.b.com and x.y.com and you have 3 available Kubernetes it could potentially be deployed on, clusterA, clusterB and clusterC. Generally upstream from your cluster LoadBalancers you will have another cloud load balancer device or you are just using some sort of DNS service to control what cluster LoadBalancer IPs are relevant for each application at any given time. To … Continue reading Determining ingress host availability across Kubernetes clusters
A team I work with has been using the Tyk API Gateway for several years now in production. Its a solid api gateway platform that just runs and runs in the background so you can go about other things. In other words: reliable. Sure we've had experienced some hiccups along the way; but early on … Continue reading The Tyk API Gateway is still a gem
"Validate chart installs with Helm Hook based health checks"... now that's a mouthful. While working on developing a set of pretty generic Helm charts to deploy various apps a specific need arose to validate that a chart installation or upgrade succeeded or failed. Given the apps being deployed by these charts all exposed some sort … Continue reading Validate chart installs with Helm Hook based health checks
Context Docker Swarm is a great orchestration tool for getting into container orchestration platforms and an excellent starting point for simple to moderately complex workloads and app deployment topologies. A lot of companies still use it, and it works pretty well for production workloads; however for long running clusters you may start to run into … Continue reading Kubernetes vs Swarm: the most basic primer
Slack "Slash Commands" can be a very useful tool to write a CLI to interact with other applications that you manage. In short the contract works something like this; from within a slack channel that the commands are available you would type: /my-command [text arguments] Seems simple enough, however you need to implement a REST … Continue reading Slack Slash Command security
This article is a followup to my previous post about testssl.sh-processor. In short, now that I had mass execution of many endpoints, I now needed to be able to do something with all the testssl.sh command invocation JSON result files laying around. My goal was to be able to react to each JSON result file … Continue reading Slack alerts for testssl.sh
bits.of.info 