Secure deployment to Kubernetes with a service account
Secure deployment to Kubernetes with a service account

Now that I have a number of pipelines running I would like to deploy these to Kubernetes through a service account. that is quite simple. As an admin user provide resources such as: the namespaces, optionally with limited resources; an isolated service account with restricted access to one namespace; an encoded config file to be used by the Gitlab pipeline. Service Account with permissions The following file serviceaccount.yaml creates the service account, a role, and attach that role to that account:

read more
Kubernetes for the hobbyist with Kops
Kubernetes for the hobbyist with Kops

Earlier I posted about my hobby cluster on GKE which I want to keep under an affordable budget. Unfortunately Google Cloud will start charging a management fee from june 2k20 of 10$ct per hour (=$73/mnth) just like AWS. If they unilaterally change the rules, let’s get out of here! I’m thinking of moving to a self-managed Kubernetes cluster on AWS with spot instances: 1 x 1GiB master-node (t2.micro spot instance, $2.

read more
Affordable GKE cluster
Affordable GKE cluster

With any project, personal or for clients, I develop and build applications in Docker containers; so it would be really convenient to run these as containers in production. Usually I’ll spin up a small Ubuntu VM (GCP/Azure/AWS/Digital Ocean) and install Docker manually. I would love to run everything with Kubernetes as a container orchestrator, but the costs of such a cluster for personal usage seems rather high. Until I found this article by Remko Seelig, using Kubernetes on Google Cloud with preemptible nodes, which is about half the price of regular instances.

read more
Nginx-Ingress with cert-manager and Let’s Encrypt
Nginx-Ingress with cert-manager and Let’s Encrypt

I was happy with Helm when a far-more-experienced-Kubernetes-guy told me I should not use Helm because Tiller is unsafe and some other reasons. Now I follow the method of Tobias Bradtke, with the advantage of declarative application management; while I keep one cluster-definition in one Git repository. update: The most apparent change of Helm 3 is the removal of Tiller, which makes the templating as shown here less relevant

read more