Blog¶

Kubernetes The Hard Way

You might've solved this challenge way sooner than I attempted it. Still, I always wanted to go through the process as it has many angles and learning the details intrigues me.

This version, however, does not use any cloud provider. Specifically, the things I am using differently from the original challenge are:

• Vagrant & VirtualBox: For the nodes of the cluster
• Ansible: For configuring everything until the cluster is ready
• Cilium: For the network CNI and as a replacement for the kube-proxy

So, here is my story and how I solved the famous Kubernetes The Hard Way by the great Kelsey Hightower. Stick around if you're interested in the details.

Deploy Consul as OpenTofu Backend with Azure & Ansible

In this blog post, we provide the necessary steps to setup a single-node standalone Consul server to be used as TF state backend.

In doing so, we aim to provide idempotent and reproducible codes using Tofu and Ansible, for the sake of disaster recovery as well as enabling team collaboration within version control system.

Deploy Static Sites to Azure CDN with GitHub Actions OIDC

In this blog post you will learn how to authenticate and deploy your frontend code to Azure CDN, backed by Azure Blob Storage to deliver low-latency static website to your users.

The objective is to avoid hard-coded credentials and only employ OpenID Connect to establish trust relationship between the Identity Provider (GitHub) and the Service Provider (Azure).

Cloud-Native Secret Management: OIDC in K8s Explained

External Secrets is the de-facto choice for secrets management in Kubernetes clusters. It simplifies the task of the administrator(s) of the cluster, ensuring only the secrets that are explicitly defined are present and accessible.

It comes with many great features but most important than all is its integration with major cloud providers.

In this blog post you will learn how to deploy it without hard-coded credentials and using only the power of OpenID Connect for trust relationship between services.

Migration From Promtail to Alloy: The What, the Why, and the How

Promtail is (was) the lightweight log collector solution that sends the log over the HTTP to the remote backend. This remote backend is normally Loki but you can choose to send the logs to VictoriaLogs as well.

In this blog post, you will see the newer alternative to Promtail, Grafana Alloy. You will see what it is, why it's a good idea to migrate, and the how-to guide to make the jump with least friction.

How to Setup Preview Environments with FluxCD in Kubernetes

Preview environment is where you see a live state of your changes from your pull request before being merged into the default branch. It gives you a look'n feel of what it would be like if you merged your changes.

Kubernetes on the other hand, is what powers the production setups. But that's not all it can do for you. I have spun up preview environments in Kubernetes with different technologies in the past.

And in this blog post, I will show you how to achive this using FluxCD Operator.

3 Ways to Time Kubernetes Job Duration for Better DevOps

Knowing how long the exucution of jobs take is a crucial part of monitoring and proactive system administration.

Being able to measure, store and query this value over the course of your application lifecycle can help you identify bottlenecks, optimize your infrastructure and improve the overall performance of your application.

In this blog post, you are presented with three methods to achive this, starting from one where you have the access and ability to modify the source code, to the one where you have control over its runtime execution, and finally without control on either & using only the Kube State Metrics.

Read more to find out how.

Ente: Self Host the Google Photos Alternative and Own Your Privacy

In the recent few years, I keep seeing people being more aware of their privacy and taking it into their own hands.

More and more solutions are emerging through the community that address the critical part of our society and personal life; privacy!

In this blog post, I will introduce you to Ente, the Google Photos alternative.

You will see the codes required to deploy the server into a Kubernetes setup and host the frontend using GitHub Pages.

Stick around till the end if that's your cup of tea.

How to Deploy Static Site to GCP CDN with GitHub Actions

Building and deploying static sites is rarely an issue these days. Most of the PaaS providers already have full support for your live and your preview environments and a clean integration with your favorite Git provider.

However, some organizations may choose to stick with big players like GCP for various reasons.

In this blog post, you will learn how to build your frontend and deploy your static files to GCP bucket using GitHub Actions and serve it behind GCP CDN.

In this approach we will employ OpenID Connect to authenticate GitHub Actions runner to GCP API to avoid passing hard-coded credentials (Actually, GCP calls this Federated Workload Identity but it is unsurprisingly based on OIDC).

If this sounds interesting to you, let's not keep you waiting any longer.

How to Publish to GitHub Pages From Another Repository

In this blog post, you will learn how to leverage GitHub Actions to deploy static files to the GitHub Pages of another repository.

This can be useful if you keep your source code in a private repository, but also, you may find additional reasons to need this setup.

Stick around till the end to find out how to do this with OpenTofu.