A long while ago I wrote about how to configure centralised State Locking for Terraform using Dynamo DB. This configuration has become battle tested and fairly low cost solution for anyone using Terraform in AWS and scales well with pretty advanced configurations but it isn’t without it’s drawbacks. DynamoDB can be a bit confusing to navigate if you’re unfamiliar with it and releasing state locks can be a similarly scary . . .
If you’re trying your hand at implementing a CI pipeline with Github Actions and AWS you would be forgiven for finding yourself going in circles with some pretty confusing documentation when it comes to trying to get authentication working. Most of the examples and a lot of the blog posts out there tell you to just create an account, export the Access Key ID and Secret Access Key to environment . . .
A little while ago I migrated my UniFi Controller to Kubernetes, part of that process involved migrating my WPA2 Enterprise WiFi network in to the cluster. It’s quite an involved process and not one I’ve seen anyone try to do, so this post is going to look at how you can do that integration…as well as some of the reasons you might not want to do it in the real . . .
A while ago I wrote an article breaking down how to deploy Hashicorp Vault using NGINX as a reverse proxy. It has been a popular article but after it had been up for a couple of years I got some comments that my proposed method wasn’t recommended and that using an HTTP Reverse Proxy generally is insecure for a few reasons. I don’t like the idea of putting bad information . . .
I’ve talked a lot here about certificates and how to set up a PKI in the past, it’s a topic I enjoy a lot and seems to be generally loathed. I was pretty pleased to discover cert-manager, which is a Kubernetes application designed to automate the creation and lifecycle management of TLS certificates within a Kubernetes environment. Despite being such a popular system, it still seems to create quite a . . .
It’s no secret that I love Terraform but it’s not without it’s drawbacks and when operating a platform built around Kubernetes it can be a tall order to introduce and migrate to. In this post I’m going to look at a less well known Infrastructure as Code solution; Crossplane. Whilst it’s creators don’t bill it as an IaC solution it certainly offers the same functionality in a very different way . . .
Previously we looked at using Localstack to emulate AWS services and speed up the feedback loop during development. In this short post we’re going to look at how to integrate this tool with Terraform to perform some simple testing that can emulate our builds for free and give us some confidence in our code before running it. This post will assume that you have Localstack installed and running. If not, . . .
One of the challenges that seems to crop up pretty frequently is reliably simulating a cloud platform or application without having to tediously configure a sandbox environment for every little change. Even when a sandbox is present, the cost of operating them can quickly run out of control and can still need several people to implement even a small change. Localstack is an emulator for an ever growing number of . . .
In a previous article we took a look at the very unwieldy integration of the Istio IngressGateway with an AWS Application Load Balancer, however we didn’t look at any Health Check options to monitor the the ALB via it’s Target Group. A dig around the usual forums suggests that this is confusing a lot of people and it threw me the first time I looked. In post we’ll have a . . .
A short while ago I wrote about setting up Continuous Deployment for Terraform using Bitbucket. Whilst that post is perfectly accurate from a technical standpoint it leads us in to a real minefield and really I don’t think it’s a very good idea to use Terraform in Continuous Deployment at all, rather a system of Continuous Delivery is more effective utilising manual deployments. This post is going to look at . . .