Using multi-factor authentication (MFA) in AWS I will go over setting up multiple AWS profiles using MFA. Create your Access key. Add account(s) This will update ~/.aws/credentials. It will create 3 profiles. aws configure –profile account1-default aws configure –profile account2-default aws configure –profile account3-default Example aws configure –profile account1-default AWS Access Key ID [None]: XXXXX # Updates ~/.aws/credentials AWS Secret Access Key [None]: […]

gcp General Kubernetes

Kubernetes: Using GKE Workload Identity For this example, I will be setting up access to Google Secrets Manager. Setup Environment Variables PROJECT_ID = Google Project ID GSA_NAME = Google IAM Service Account K8S_NAMESPACE = Kubernetes namespace KSA_NAME = Kubernetes Service Account export PROJECT_ID=[YOUR_PROJECT_ID] export GSA_NAME=sonic-itsmetommy export K8S_NAMESPACE=itsmetommy export KSA_NAME=sonic Create Kubernetes Service Account kubectl create serviceaccount ${KSA_NAME} -n ${K8S_NAMESPACE} […]

gcp JFrog Kubernetes

Kubernetes: Migrate Local Storage to Google Cloud Storage Bucket

I ran into an issue where having a local disk wasn’t the best solution and decided it was time to migrate to a Google Cloud Storage Bucket. This particular situation has to do with Artifactory where I was using a PersistentVolume (gcePersistentDisk) and now wanted to use a storage bucket (the right way). I had […]


Kubernetes: Install Sonarqube on GKE with Google SQL

SonarQube is an open sourced code quality scanning tool. You can use a helm chart, but at the time of writing this blog I didn’t see a Google SQL proxy option. I ended up using helm template to generate the majority of the yaml files and added the Google SQL proxy parts myself. Create Database […]


Kubernetes: Install Grafana & Prometheus on GKE using Helm kube-prometheus-stack Add Repo helm repo add prometheus-community helm repo update Create custom_values.yaml GKE uses kubeDNS by default, so I enabled it. I created persistent disks and added an Internal Load Balancer by adding a google specific annotation. cat <<EOF > custom_values.yaml coreDns: enabled: false kubeDns: enabled: true prometheusOperator: createCustomResource: false alertmanager: alertmanagerSpec: storage: volumeClaimTemplate: […]