Categories
General

Push to Google Cloud Registry

https://cloud.google.com/container-registry/docs/overview https://cloud.google.com/container-registry/docs/pushing-and-pulling Auth gcloud auth logingcloud auth configure-docker Pull # Option 1 – pull from Docker Hub docker pull [USERNAME]/[IMAGE]:[TAG] # Option 2 – pull from GCR docker pull [REPOSITORY_NAME]/[FOLDER]/[IMAGE]:[TAG] Example # Option 1 – pull from Docker Hub docker pull itsmetommy/go-guestbook:latest # Option 2 – pull from GCR docker pull us.gcr.io/[PROJECT_ID]/itsmetommy/go-guestbook:latest Tag Note: Use […]

Categories
gcp General Kubernetes

Kubernetes: Using GKE Workload Identity

https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity https://cloud.google.com/blog/products/containers-kubernetes/introducing-workload-identity-better-authentication-for-your-gke-applications For this example, I will be setting up access to Google Secrets Manager. Setup Environment Variables PROJECT_ID = Google Project ID GSA_NAME = Google IAM Service Account K8S_NAMESPACE = Kubernetes namespace KSA_NAME = Kubernetes Service Account export PROJECT_ID=[YOUR_PROJECT_ID] export GSA_NAME=sonic-itsmetommy export K8S_NAMESPACE=itsmetommy export KSA_NAME=sonic Create Kubernetes Service Account kubectl create serviceaccount ${KSA_NAME} -n ${K8S_NAMESPACE} […]

Categories
General

Kubernetes: Install Sonarqube on GKE with Google SQL

SonarQube is an open sourced code quality scanning tool. You can use a helm chart, but at the time of writing this blog I didn’t see a Google SQL proxy option. I ended up using helm template to generate the majority of the yaml files and added the Google SQL proxy parts myself. https://github.com/Oteemo/charts/tree/master/charts/sonarqube Create Database […]

Categories
General Kubernetes

Kubernetes: Sealed Secrets

Why use Sealed Secrets? Sealed Secrets provides a mechanism to encrypt a Secret object so that it is safe to store in a private or public repository. https://github.com/bitnami-labs/sealed-secrets How it works Sealed Secrets comprises the following components A controller deployed to cluster A CLI tool called kubeseal A custom resource definition (CRD) called SealedSecret Upon startup, […]

Categories
General Linux

Auto-Renew Let’s Encrypt Wildcard Certificate using Google Cloud DNS

Let’s go over how to create a Wildcard Certificate that also auto-renews. Wildcards are challenged by DNS-01. This challenge asks you to prove that you control the DNS for your domain name by putting a specific value in a TXT record under that domain name. This requires DNS access, especially when you are automating the […]