gcp Kubernetes

Install Halyard & Spinnaker on GKE

Create IAM Service Account Spinnaker will use this IAM Service Account to access Google Cloud Storage (GCS) (storage.admin). export SERVICE_ACCOUNT_NAME=spinnaker-itsmetommy-saexport SERVICE_ACCOUNT_FILE=spinnaker-itsmetommy-sa.json export SERVICE_ACCOUNT_DISPLAY_NAME=”Spinnaker Account”export PROJECT=$(gcloud info –format=’value(config.project)’)gcloud –project ${PROJECT} iam service-accounts create \ ${SERVICE_ACCOUNT_NAME} \ –display-name ${SERVICE_ACCOUNT_DISPLAY_NAME} sleep 10 SA_EMAIL=$(gcloud iam service-accounts list \ –project=${PROJECT} \ –filter=”email ~ ${SERVICE_ACCOUNT_NAME}” \ –format=’value(email)’)gcloud –project ${PROJECT} projects […]

gcp General Kubernetes

Kubernetes: Using GKE Workload Identity For this example, I will be setting up access to Google Secrets Manager. Setup Environment Variables PROJECT_ID = Google Project ID GSA_NAME = Google IAM Service Account K8S_NAMESPACE = Kubernetes namespace KSA_NAME = Kubernetes Service Account export PROJECT_ID=[YOUR_PROJECT_ID] export GSA_NAME=sonic-itsmetommy export K8S_NAMESPACE=itsmetommy export KSA_NAME=sonic Create Kubernetes Service Account kubectl create serviceaccount ${KSA_NAME} -n ${K8S_NAMESPACE} […]

gcp JFrog Kubernetes

Kubernetes: Migrate Local Storage to Google Cloud Storage Bucket

I ran into an issue where having a local disk wasn’t the best solution and decided it was time to migrate to a Google Cloud Storage Bucket. This particular situation has to do with Artifactory where I was using a PersistentVolume (gcePersistentDisk) and now wanted to use a storage bucket (the right way). I had […]


Kubernetes: Install Grafana & Prometheus on GKE using helm kube-prometheus-stack

Updated: September 23, 2020 Add Repo helm repo add prometheus-community helm repo add stable helm repo update Create custom_values.yaml GKE uses kubeDNS by default, so I enabled it. I created persistent disks and added an Internal Load Balancer by adding a google specific annotation. cat <<EOF > custom_values.yaml coreDns: enabled: false kubeDns: […]

General Kubernetes

Kubernetes: Sealed Secrets

Why use Sealed Secrets? Sealed Secrets provides a mechanism to encrypt a Secret object so that it is safe to store in a private or public repository. How it works Sealed Secrets comprises the following components A controller deployed to cluster A CLI tool called kubeseal A custom resource definition (CRD) called SealedSecret Upon startup, […]