Dicking with Docker – insert witty tagline here

Securing SSH with the Vault SSH backend and GitHub authentication

By Simon Weald | 30th May 202030th May 2020 by Simon Weald

This blog is going to be about using Hashicorp’s Vault to issue short-lived certificates to use with SSH. Most guides have you using a username & password to authenticate with Vault, but I’ve chosen to delegate that to GitHub instead. I’m assuming you already have a Vault server running – I won’t be covering that in the course of this blog. You’ll also need a sufficiently-privileged Vault token, and jq installed on the machine you…

Thanos and Prometheus without Kubernetes

By Simon Weald | 11th March 201930th May 2020 by Simon Weald

If you’ve been around the cloud-native world for a while, you’ll no doubt be familiar with (and quite likely already be using) Prometheus. You may however not have heard of Thanos. Put simply, Thanos takes Prometheus and makes it even more awesome.

Terraform S3 remote state with Minio and Docker

By Simon Weald | 27th February 201930th May 2020 by Simon Weald

Whilst AWS’s free S3 tier is almost certainly sufficient to store Terraform’s remote state, it may be the case that you have a requirement to keep the data on-site, or alternatively if you’re using Terraform in an air-gapped environment then you have no choice but to self-host.

Wildcard LetsEncrypt renewal with Ansible and Memset

By Simon Weald | 7th August 201830th May 2020 by Simon Weald

Obtaining a wildcard LetsEncrypt cert with Ansible Earlier this year, LetsEncrypt made their wildcard x509 certificates available to the general public. Whilst this is a massive step forward over individual certificates for each domain, it does come with the overhead of having to distribute the wildcard certificate to the (possibly many) places you would use it. Ignoring that issue for now, I wrote a quick Ansible playbook which uses the dns-01 challenge method and my…

Ansible module development gotchas

By Simon Weald | 27th June 201830th May 2020 by Simon Weald

Having spent quite some time working on my initial modules to integrate with Memset, I’ve assembled a small list of dos and don’ts from some of my stumbling points.

Over-engineering my website with Kubernetes

By Simon Weald | 18th March 201830th May 2020 by Simon Weald

A solution in need of a problem Like all good sysadmins, my personal website has been a ‘coming soon’ splash page for quite some time. According to the Wayback Machine, it’s been this way since some time in 2014. As I’m sure many can sympathise with, there are always far more interesting and shiny things to be experimenting with than building a website.

Deploying Kubernetes on VMs with Kubespray

By Simon Weald | 9th August 201730th May 2020 by Simon Weald

All the choices So you’re looking to start using Kubernetes, but you’re overwhelmed by the multitude of deployment options available? Judging by the length of the Picking the Right Solution section to the Kubernetes docs, it’s safe to assume that you’re not alone. Even after you’ve made it past the provisioning stage, you then need to learn how to administrate what is a very complex system. In short; Kubernetes is not easy.

Ansible Node Bootstrapping

By admin | 4th August 201730th May 2020 by admin

When you receive a new server, there are a variety of pre-requisites required before Ansible can be used to administrate the host.

Forcing Kubernetes to use a secondary interface

By Simon Weald | 20th November 201630th May 2020 by Simon Weald

Following on from my previous post, I discovered rather to my dismay that although I had my nodes initially communicating over the secondary interface, the weave services (and thus my inter-pod traffic) was all going over the public interface.

Deploying Kubernetes 1.4 on Ubuntu Xenial with Kubeadm

By Simon Weald | 17th November 201630th May 2020 by Simon Weald

With the 1.4 release of Kubernetes, Google have made instantiating a cluster a whole lot easier. Using Kubeadm, you can bring up a cluster with a single command on each node. A further command will create a DaemonSet which brings up a Weave mesh network between all your nodes.