Rotating Github (Action) secrets

So, here’s a fun problem I ran into at work: We use Github Actions to deploy all our services to Kubernetes. And in order to do a deployment, we have kube configs (as secrets) setup to connect to a Kubernetes cluster when a workflow runs. The Kubernetes config has an expiration date and will become invalid when the Kubernetes certificates are rotated (k0s takes great care of that). When they expire, the deploys fail until we update the secret on Github Actions....

February 11, 2024 · 5 min

Terraform and OpenStack: Boot an instance from CD-ROM

In the spirit of “this took me way too long”, here’s how to boot an instance with a CD-ROM on OpenStack, using Terraform. Why would I need this? In a perfect world, I have templates to bootstrap instances. Means, the instances are ready to go when booted. I customise them with cloud-init and let them do all kinds of cool (or necessary) stuff like configuring the network, setting hostnames, adding user accounts and then maybe joining them to a cluster....

May 13, 2021 · 3 min

Foursquare: How private is private?

Location is one of my hobbies. Even though I don’t map items for openstreetmap and the like, I still try out at least every location-related startup there is. Foursquare, as you probably know is a location-based game — get points and badges to check into locations. The points are aggregated into weekly leaderboard (of penis envy) and everyone gets a fresh start every Monday morning. Check-in Foursquare has different check-in modes....

May 25, 2010 · 4 min

EC2 security group owner ID

I recently had the pleasure to setup an RDS instance and it took me a while to figure out what the --ec2-security-group-owner-id parameter needs to be populated with when you want to allow access to your RDS instance from instances with a certain security group. To cut to the chase, you need to log into AWS and then click the following link — done.

May 9, 2010 · 1 min