Securing Jenkins access to AWS (part II)
Recommended setup If you followed the steps in my previous post, you have: IAM users than can only assume a role AWS access keys for those users stored in Jenkins (using AWS Credentials plugin) An MFA device assigned to each user A condition that forces MFA when assuming roles Example pipeline With all this, we […]
Kubernetes external secrets
In this post we will talk about Kubernetes external secrets. It’s a project developed by the GoDaddy Engeneering Team that allows to use external secrets management systems to securely add secrets to your kubernetes cluster. At the time of writing, it supports the following backends: AWS Secrets Manager AWS System Manager GCP Secret Manager Azure […]
HAProxy health checks and target downtime handling
When you are load balancing a service it is important to make sure that servers that are receiving the traffic are in good condition to respond. In this article we will address this topic with a couple of mechanisms that HAProxy provides. HTTP health checks In order to enable health checks for each server, at […]
How to run Grafana in docker with Google SSO
The aim of this lab is to learn how to setup Google SSO Authentication in Grafana and also how to demonstrate how fast we can spin up a new Grafana instance using the official docker container (no need to create custom images). If you are looking on how to setup LDAP authentication you can check […]
Meetup SpainClouds: GitFlow & GitOps plus LABS Jenkins X y Kubernetes
First virtual Meetup of SpainClouds At the end of last month we had the chance to participate in the first virtual meetup by spainclouds.com About 200 people registered at the meeting participated in an open session of experiences about ingress controller, backup systems for k8 and attended the speech that we, from Geko Cloud, gave […]
Upgrade GKE public-cluster’s Terraform module
Introduction From time to time Google introduces new features and changes that sometimes also force the Terraform modules to upgrade themselves. It was our case at Geko, where we were using the GKE module for public-cluster deployment&management at version 5.x. A few days ago, when we planned to update some parameters it came that Google […]
Nginx and Letsencrypt with certbot in docker alpine
UPDATE 31/08/2020 As Nicolas ponted out in the comments, the alpine software repositories already include the certbot package and therefore can be updated directly with apk: apk add certbot certbot-nginx Original post In this lab we will learn how to install certbot using the official nginx:alpine docker image and use it to create a SSL […]
Kubernetes backups with Velero
Talk about backup in a Kubernetes cluster may sound weird and you may thing is not necessary as you can recreate at any time and in a very quick way any of your deployments or resources simply aplying a yaml file… but in some cases a backup of your resources can be very useful and […]
Dependency Track: Analyze your vulnerabilities from the use of third-party components
In this post we are going to talk about the OWASP tool called Dependency-Track. To start, a good question is…. What is Dependency-Track? Dependency Track is a vulnerability analysis tool that audits the components or external libraries that we use for our applications. This tool has integrations with different vulnerability databases such as NPM Public […]
Increase your eCommerce sales by migrating to cloud
The importance of e-commerce grows, much more even after the situation caused by COVID-19, which has changed the trend of users consumption in a migration from physical stores to electronic commerce. As a result, many companies have been encouraged to open their own online shopping platforms betting hard on internet as a powerfull sales channel, […]