security

So, here’s a fun problem I ran into at work: We use Github Actions to deploy all our services to Kubernetes. And in order to do a deployment, we have kube configs (as secrets) setup to connect to a Kubernetes cluster when a workflow runs. The Kubernetes config has an expiration date and will become invalid when the Kubernetes certificates are rotated (k0s takes great care of that). When they expire, the deploys fail until we update the secret on Github Actions....

In the spirit of “this took me way too long”, here’s how to boot an instance with a CD-ROM on OpenStack, using Terraform. Why would I need this? In a perfect world, I have templates to bootstrap instances. Means, the instances are ready to go when booted. I customise them with cloud-init and let them do all kinds of cool (or necessary) stuff like configuring the network, setting hostnames, adding user accounts and then maybe joining them to a cluster....

Location is one of my hobbies. Even though I don’t map items for openstreetmap and the like, I still try out at least every location-related startup there is. Foursquare, as you probably know is a location-based game — get points and badges to check into locations. The points are aggregated into weekly leaderboard (of penis envy) and everyone gets a fresh start every Monday morning. Check-in Foursquare has different check-in modes....

I recently had the pleasure to setup an RDS instance and it took me a while to figure out what the --ec2-security-group-owner-id parameter needs to be populated with when you want to allow access to your RDS instance from instances with a certain security group. To cut to the chase, you need to log into AWS and then click the following link — done.