A while ago I wrote an article breaking down how to deploy Hashicorp Vault using NGINX as a reverse proxy. It has been a popular article but after it had been up for a couple of years I got some comments that my proposed method wasn’t recommended and that using an HTTP Reverse Proxy generally is insecure for a few reasons. I don’t like the idea of putting bad information . . .
If you’ve ever worked with AWS in the real world you are probably very used to seeing IAM Users and Roles which are terrifyingly over-permissioned. In my experience it’s pretty common to find them in the wild with access to every attribute of a specific service or just as often the native AdministratorAccess Managed Policy assigned. The principle of least privilege is a concept that you often hear about a . . .
Recently I had cause to revisit a topic that often seems to cause problems for people coming to Ansible for the first time, especially for people (like me) who don’t have a development background. How to iterative over inventory variables or facts using a simple Jinja2 template. It can be a fussy task to get your head around and the documentation isn’t the greatest to the newcomer, so this is . . .
Recently I’ve been having some fun moving my lab and home infrastructure to Kubernetes. I had a feeling that deploying the UniFi Controller was going to be a bit of a painful process but it’s not so bad. Has This Already Been Done? Well, allegedly. The UniFi Controller has long been a Linux application so theoretically there are no real issues in the way. My initial searching led me to . . .
In Part 1 of this project we covered building the infrastructure that underpins Kubernetes; the Virtual Machines that make up it’s Control and Data Planes, implementing high availability, bootstrapping the core Kubernetes components and considerations for the various networking elements. All of this is great, but after all of that all our cluster doesn’t actually do very much yet. It’s still in a pretty raw state and not ready to . . .
My home lab has been getting a bit long in the tooth recently. These days I work mostly with container platforms and Infrastructure as Code but those are mostly put to work inside the opaque walls of public cloud providers and not on bare metal (I.E. my own physical or virtual servers). When it comes to container platforms, Kubernetes is the one I spend most of my time with. Running . . .
Previously we looked at using Localstack to emulate AWS services and speed up the feedback loop during development. In this short post we’re going to look at how to integrate this tool with Terraform to perform some simple testing that can emulate our builds for free and give us some confidence in our code before running it. This post will assume that you have Localstack installed and running. If not, . . .
Recently I’ve been writing some Ansible plays for a personal project and looking around online reminded me just how much people struggle with handling loops. It’s not a huge surprise, whilst the documentation is pretty clear it’s written in a slightly abstract way that can a little difficult to absorb if you’re a newcomer to Ansible, this isn’t aided by the fact that there are several options for looping and . . .
One of the challenges that seems to crop up pretty frequently is reliably simulating a cloud platform or application without having to tediously configure a sandbox environment for every little change. Even when a sandbox is present, the cost of operating them can quickly run out of control and can still need several people to implement even a small change. Localstack is an emulator for an ever growing number of . . .
Without a doubt the topic that seems to confuse people the most when using Ansible Tower is working with Credentials. Especially how to pass multiple credentials from either an external Secret Management source (which we’ve looked at a few times here) or just defining some arbitrary set of credentials and using them in a template. I get emails about this topic from readers on a fairly regular basis and professionally . . .