stream of engineering
This article covers fully automating DNS and the issuance of TLS certificates of Kubernetes for Ingress based workloads (both public and private) utilizing cert-manager, external-dns, acme-dns and kubernetes-acme-dns-registrar Scenario You are a busy DevOps professional. You want to setup an Kubernetes platform that can accept any typical HTTP based workload (Ingress based) with minimal management … Continue reading Fully Automated Lets Encrypt TLS certs with ACME-DNS on Kubernetes
As part of a recent project which needs to automatically issue new TLS certificates for hosts defined in Kubernetes Ingress objects, I ended up having to create a library that would let me detect such events in a simplified manner for part of a larger Python program which needs to react to such events. My … Continue reading Reacting to K8s Events with k8s-watcher
Earlier this year I re-entered the rabbit hole which is the dizzying world of CI/CD platforms and solutions. Today's marketplace presents so many choices that I can only imagine how daunting it is for a newcomer to the space to decide on what solution to go with. Thankfully the the industry is starting to invest … Continue reading State management in Tekton pipelines with Slack interactive messages
This post is a continuation into the world of locally executing CI/CD for developers, with my prior post being about Skaffold. In this post I'll look at another one of these tools called Tilt. Background The world of software development and how apps are run in production environments has come a long way over the … Continue reading Local developer CI/CD with Tilt
The acronym "CI/CD" and its respective phrases (continuous integration & continuous [delivery|deployment]) are sometimes munged together yet there are clear definitions and lines of delineation for each, despite many CI/CD offerings out there that enable you to use a single framework to implement both sides of the CI/CD equation using the same tooling. The intent … Continue reading Continuous delivery with Flux
The world of software development and how apps are run in production environments has come a long way over the years. Starting with bare metal physical servers, we evolved to virtual machines, onward to LXC, Docker daemons, and now our current state of container orchestration via things like Kubernetes. The other side of the world... … Continue reading Local CI/CD with Skaffold
If you're like many others out there, you've been holding off of migrating to Helm 3 until at least version 3.1 is out. Well as of early February it finally was released. Since then I've recently gone through some analysis of migrating Helm 2 releases (with the Tillerless plugin) to Helm 3.x and figured I'd … Continue reading Migrate from Helm 2 Tillerless to Helm 3
If you have a need to store secrets in a secure manner there are numerous options out there; one of the more popular and cloud agnostic ones out there is Hashicorp Vault. If you've used Vault you are likely familiar with its concept of tokens, but you may or may not be familiar with the … Continue reading Simplified orphan token creation for Hashicorp Vault
If you deploy applications to Kubernetes, you probably have brushed shoulders with Helm charts and have likely even developed a chart on your own. Helm charts are a great way to custom tailor each installation/upgrade of a given application by dynamically generating all the Kubernetes YAML based on the set of values that you pass … Continue reading Automating helm releases with helmfile & helmfile-deploy
Generally there are two large parts involved with making an application available on k8s (Kubernetes). First is deploying your service/application. Second is making it available on well known endpoints (i.e. via known FQDNs). In k8s there are many different approaches to handling the latter, however one popular way involves declaring and wiring up some combination … Continue reading appconduits: manage custom Ingresses via Helm
bits.of.info 