Categories
gcp General Kubernetes

Kubernetes: Using GKE Workload Identity

https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity https://cloud.google.com/blog/products/containers-kubernetes/introducing-workload-identity-better-authentication-for-your-gke-applications For this example, I will be setting up access to Google Secrets Manager. Setup Environment Variables PROJECT_ID = Google Project ID GSA_NAME = Google IAM Service Account K8S_NAMESPACE = Kubernetes namespace KSA_NAME = Kubernetes Service Account export PROJECT_ID=[YOUR_PROJECT_ID] export GSA_NAME=sonic-itsmetommy export K8S_NAMESPACE=itsmetommy export KSA_NAME=sonic Create Kubernetes Service Account kubectl create serviceaccount ${KSA_NAME} -n ${K8S_NAMESPACE} […]

Categories
gcp JFrog Kubernetes

Kubernetes: Migrate Local Storage to Google Cloud Storage Bucket

I ran into an issue where having a local disk wasn’t the best solution and decided it was time to migrate to a Google Cloud Storage Bucket. This particular situation has to do with Artifactory where I was using a PersistentVolume (gcePersistentDisk) and now wanted to use a storage bucket (the right way). I had […]

Categories
Kubernetes

Kubernetes: Install Grafana and Prometheus on GKE using helm

Updated: September 23, 2020 https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack Add Repo helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo add stable https://kubernetes-charts.storage.googleapis.com/ helm repo update Create custom-values.yaml GKE uses kubeDNS by default, so I enabled it. I created persistent disks and added an Internal Load Balancer by adding a google specific annotation. cat <<EOF > custom-values.yaml coreDns: enabled: false kubeDns: […]

Categories
General Kubernetes

Kubernetes: Sealed Secrets

Why use Sealed Secrets? Sealed Secrets provides a mechanism to encrypt a Secret object so that it is safe to store in a private or public repository. https://github.com/bitnami-labs/sealed-secrets How it works Sealed Secrets comprises the following components A controller deployed to cluster A CLI tool called kubeseal A custom resource definition (CRD) called SealedSecret Upon startup, […]

Categories
Kubernetes

Kubernetes: Install Bitnami Elasticsearch & Kibana using Helm

https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch What is it? Elasticsearch Elasticsearch is a distributed, open source search and analytics engine for all types of data, including textual, numerical, geospatial, structured, and unstructured. Kabana Kibana is a free and open user interface that lets you visualize your Elasticsearch data and navigate the Elastic Stack. Repo Add repo. helm repo add bitnami […]