Hi !

I’ve been looking for a way to create reproducible development environments without relying on VSCode. Devcontainers are awesome, they give me: a fully reproducible development environment, and thus tremendous consistency a configuration that can be shared with the whole team, since it’s declared in a simple JSON file tool isolation - each project can have its own stack, without conflicts and most importantly, my machine stays clean of all this tooling The only problem I have with devcontainers is that they rely on VSCode to run. As a CLI-first engineer, and as a Vim user, I had to find another way. ...

It has been some time that I’ve been searching for a way to expose my self-hosted apps without opening my network to the internet. I’ve finally found the solution : Cloudflare tunnels. They only require an outbound connection and remove the need to expose any ports directly. Requirements: A Cloudflare-managed domain (you can also transfer an existing domain to Cloudflare) A Kubernetes cluster (in my case, managed with FluxCD following GitOps best practices) Authenticating and creating the tunnel First, download cloudflared on your machine ...

In the world of Kubernetes and Helm, managing secrets securely and efficiently is crucial, especially when dealing with production databases. This article chronicles my journey to implement a dynamic secret generation mechanism for a StatefulSet’s database container using Helm. My objective was to generate a password for the database container of a StatefulSet using Helm. The requirements were to create the secret during the initial installation, to reuse the same secret when upgrading the release and to ensure the secret persists even if the release is deleted ...

Today a colleague of mine who is new to Kubernetes asked me what was the CNI running on our production cluster, I knew the answer but I wanted to doublecheck, just to see if I could climb up to the source of truth. My first reflex was to search in the kube-system namespace for pods with a CNI-like name. And I quickly found what I was looking for : With this I was pretty sure Antrea was the chosen CNI, but I knew there were other ways to verify it. ...

Today at my job I managed to get our new product up and running on kubernetes, deployment and statefulsets are working but I wanted to test the app’s behavior while accessing it from the outside. As we have multiple services running on the cluster and as we want to secure the connection through TLS it is best to use an Ingress (resources and controllers). I already did the Ingress controller setup earlier, using Ingress-nginx-controller so I just had to create an Ingress-resources and I wanted to discuss about my process here. ...

Pulling images from a private registry with kubernetes In this example I am going to use Harbor. For the sake of best practices and security we first have to create a robot account on harbor : Then select the harbor repo on which the robot account will have these permissions : You then have a confirmation message from harbor, keep the secret : we will register it into a kubernetes secret in our cluster. ...

I recently had to setup an Ingress in one of the Kubernetes cluster of my job, so I wrote a short explanation for my colleagues that are not aware of Kubernetes Ingresses and since it provide usefull explanations on it I figured I’ll also share it here : Classic Ingress in Kubernetes An Ingress in Kubernetes is an object that makes microservices available outside the cluster. It routes incoming requests to the appropriate services, much like a traditional load balancer. ...

When you try to optimize the size of an image it is possible to display the size of every layers : docker history <image-id> For example : (ins)❯ docker history 7383c266ef25 IMAGE CREATED CREATED BY SIZE COMMENT 7383c266ef25 12 days ago CMD ["nginx" "-g" "daemon off;"] 0B buildkit.dockerfile.v0 <missing> 12 days ago STOPSIGNAL SIGQUIT 0B buildkit.dockerfile.v0 <missing> 12 days ago EXPOSE map[80/tcp:{}] 0B buildkit.dockerfile.v0 <missing> 12 days ago ENTRYPOINT ["/docker-entrypoint.sh"] 0B buildkit.dockerfile.v0 <missing> 12 days ago COPY 30-tune-worker-processes.sh /docker-ent… 4.62kB buildkit.dockerfile.v0 <missing> 12 days ago COPY 20-envsubst-on-templates.sh /docker-ent… 3.02kB buildkit.dockerfile.v0 <missing> 12 days ago COPY 15-local-resolvers.envsh /docker-entryp… 336B buildkit.dockerfile.v0 <missing> 12 days ago COPY 10-listen-on-ipv6-by-default.sh /docker… 2.12kB buildkit.dockerfile.v0 <missing> 12 days ago COPY docker-entrypoint.sh / # buildkit 1.62kB buildkit.dockerfile.v0 <missing> 12 days ago RUN /bin/sh -c set -x && groupadd --syst… 113MB buildkit.dockerfile.v0 <missing> 12 days ago ENV PKG_RELEASE=1~bookworm 0B buildkit.dockerfile.v0 <missing> 12 days ago ENV NJS_RELEASE=2~bookworm 0B buildkit.dockerfile.v0 <missing> 12 days ago ENV NJS_VERSION=0.8.4 0B buildkit.dockerfile.v0 <missing> 12 days ago ENV NGINX_VERSION=1.25.5 0B buildkit.dockerfile.v0 <missing> 12 days ago LABEL maintainer=NGINX Docker Maintainers <d… 0B buildkit.dockerfile.v0 <missing> 12 days ago /bin/sh -c #(nop) CMD ["bash"] 0B <missing> 12 days ago /bin/sh -c #(nop) ADD file:4b1be1de1a1e5aa60… 74.8MB