AUTO GENERATING TLS CERTIFICATES FOR TANZU APPLICATION PLATFORM (TAP) WORKLOADS
As part of learning and using Tanzu Application Platform (TAP), I looked into auto generating TLS certificates, for the Workloads I provision. The full documentation for what I describe in this blog post, can be found here. This blog post, describes how I did it, with with the set of components, that I use.
REMOTE ACCESS TO POD, WITHOUT OPENING FIREWALL, ON TANZU COMMUNITY EDITION
In this blog post, i’m gonna show you, how you can use Cloudflare to access an internal pod, running on your own machine, to the outside world. All without opening any firewall ports, and with a valid certificate, and access control. And did I mention, it’s all for free. I will be doing all on the Tanzu Community edition.
TANZU APPLICATION PLATFORM ACCELERATOR WITH YTT
Tanzu Appliation Platform (TAP) has the concept of accelerators. Accelerators contain complete and runnable application code and deployment configurations, and can be used by developers to create new projects that follow enterprise standards, as stated in the documentation. While learning TAP, I quickly saw, that a good way for me, would be to use the Carvel project YTT, to create my templates.
USING GITHUB ACTIONS WITH TAILSCALE TO BUILD IN THE CLOUD AND DEPLOY LOCALLY
I have been a long time user of GitLab, due to the fact, that their runners was so easy to get working, and they allowed me to deploy them on prem, so I had access to my local enviorement. I have long been looking at Github actions, but found it hard, to combine this with local deployments (might just be me, who havent found out how).
MANAGE MULTIPLE KUBECONFIGS USING ICLOUD AND KUBECTX
As a part of my new role, I found myself having to manage a lot of different Kubeconfig files. Switching between 2 computers, meant it quicly became a mess, to have access to the same configs, all the time. This is my little guide on how to solve this. Note there might be a better way to do this, if you know of one, then let me know on Twitter :-)
NEW ROLE
For the last +4 years, I have had the role, of Cloud Management Specialist @ VMware. Starting 1 of november, I have been given the oppertunity, to change to our Modern Applications business unit, to focus on our Tanzu platform. Having spend the last couple of years, focusing on DevOps, and trying to understand what developers want/need, and how Operations can provide this, makes this a natural next step.
INSTALLING MICROK8S WITH TRAEFIK AND METALLB
For some time, I have been writing about setting up Traefik, with docker, and using it as a reverse proxy, for my workloads. I have been running a stand alone Docker host, for a while, but due to changes in my job (more about that in the next post), I wanted to change this to Kubernetes instead, to get a lot more hands on.
USING GITHUB ACTIONS TO BUILD CONTAINERS (AND HOST THEM)
Some time ago, I wrote a blog, around how to easily build and host, Docker containers using Dockers autobuild tools. After the blog post Docker both changed to using rate limits, for API calls, but also removed the Autobuild feature. I understand fully, that Docker is trying to find out, how to make money, but I am not a fan of the Rate limit.
HELLO BUILDPACKS, GOODBYE DOCKERFILES
I might be late to the party, but recently I learned about Buildpacks.io and what they can do vs Dockerfiles, and I just had to try it out. If you never heard about Buildpacks, then it’s a way to package your application into a container, without using Dockerfiles. The benefits can be
DISABLE WINDOWS PRINT SPOOLER TO AVOID EXPLOIT CVE-2021-1675
Update 7.7.2021 There is now a patch avaliable. Please patch your systems, and only use this blog post, as a reference, on how to do configuration management, on multiple systems. And not as a way to fix this problem. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 A new exploit, allowing remote code execution on Windows servers using the Print spoller service, has been released as CVE-2021-1675.