Linting Jenkinsfiles to find syntax errors
As a long time Jenkins user I periodically need to add new steps or Groovy logic to my Jenkinsfiles. The last thing you want to do when updating your pipeline configuration is to make a typo which...
View ArticleNotes from episode 70 of TGIK: Assuming AWS roles with kube2iam/kiam
Over the past few months I’ve been trying to learn everything there is to know about Kubernetes. Kubernetes is an amazing technology for deploying and scaling containers though it comes with a cost....
View ArticleUsing external-dns to managed DNS entries in Kubernetes clusters
Kubernetes provides a service resource to distribute traffic across one or more pods. I won’t go into detail on what a service is, since it’s covered in-depth elsewhere. For Internet-facing...
View ArticleExporting AWS Cloudwatch log streams to a local file
I love AWS, but when I’m debugging issues I prefer the Linux command line over Cloudwatch Logs Insights. Numerous AWS services store their log configuration inside cloudwatch, which presents a small...
View ArticleBacking up your route53 zone configuration with the aws CLI
In a previous post, I discussed using the Kubernetes external-dns project to manage DNS changes. Prior to rolling it out, I needed a way to backup each zone prior to external-dns modifying it. I also...
View ArticleUsing audit2rbac to create RBAC policies from Kubernetes audit log
When I first started with Kubernetes, it took me some time to understand two things. One, how do I generate manifests to run my service. I tackled this in a previous blog post. The second was wrapping...
View ArticleUsing the profile module to time Ansible playbook runs
This past weekend I spent some time revamping a few playbooks. One of my playbooks was taking a while to run, and I wanted to see how much actual time was spent in each task. Luckily for me, Ansible...
View ArticleUsing the Ansible async module to perform synthetic health tests during...
I’ve become a huge fan of Ansible’s async support. This is incredibly useful for performing synthetic health tests on services after a task completes. A common use case is patching a server that hosts...
View ArticleListing Kubernetes nodes by label
When you support large Kubernetes clusters, you need efficient methods to list pods, nodes, and deployments when you are troubleshooting issues. Kubectl has a number of built-in methods to do this. You...
View ArticleUsing grpcurl to interact with gRPC applications
The past couple of weeks I have been digging into gRPC and HTTP2 in my spare time. I needed a way to review the requests and responses, and an easy way to explore gRPC servers. I also wanted something...
View ArticleUsing the terraform console to debug interpolation syntax
I am a long time Terraform user. The number of providers that are available for Terraform, and having a resource for pretty much every cloud service makes it super appealing. But even with several...
View ArticleAdding default tags to AWS resources with Terraform
If you’ve worked with the various cloud providers, you’ve probably realized the value that comes with tagging resources. For billing and searching, I like to create a default set of tags that are...
View ArticleUsing Terraform for_each statements and dynamic nested blocks to simply AWS...
Over the past few months, I’ve been updating various Terraform modules to utilize the new features in 0.12. Among these, is the ability to iterate over dynamic blocks with for_each. Utilizing this new...
View ArticleHow I prepared for, and passed the Hashicorp Certified Terraform Associate...
I recently passed the Hashicorp Terraform certified associate certification. I’ve been using Terraform in various capacities for several years, and was stoked when I found out Hashicorp opened this...
View ArticleAuditing your Kubernetes clusters security posture with kubeaudit
In this day and age of security breaches, system compromises, and critical CVEs coming out almost daily, security best practices should go into everything we do. There is an almost limitless number of...
View ArticleFinding Kubernetes issues with Popeye
Kubernetes is an incredible platform, but there are a lot of things that can go wrong. This is especially the case when you are new to K8S, and are overwhelmed with configuration options, deployment...
View ArticleManaging multiple Kubernetes resources by label
Kubernetes labels are super useful. If you aren’t familiar with them, a label is a key/value pair assigned in the metadata section (either metadata.labels, or spec.template.metadata.labels) of a...
View ArticleDisabling cron jobs globally on CentOS machines
As a long time CentOS user, I’ve always winced when I took ownership of new systems with e-mail notifications enabled. Whether this was through setting MAILTO to a distribution list, or using the...
View ArticleTRIM support is enabled by default in Fedora 32
As a long time Fedora user, I like to keep up with the planning discussions that go into each release. These discussions are super useful for understanding what is coming to Redhat Enterprise Linux and...
View ArticleUsing node local caching on your Kubernetes nodes to reduce CoreDNS traffic
Kubernetes 1.18 was recently released, and with it came a slew of super useful features! One feature that hit GA is node local caching. This allows each node in your cluster to cache DNS queries,...
View Article