While deploying argo-cd from helm chart you can create credential template(git uri, ssh key) in values.yaml under configs.credentialTemplates section.

credentialTemplates:
ssh-creds:
url: git@github.com:argoproj-labs
sshPrivateKey: |
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----

Then helm chart creates secret for this credentials in k8s. It is good, but we have…

Some terraform resources support suffix argument for name, bucket etc.

For example

iam_policy resource:

name - (Optional, Forces new resource) The name of the policy. If omitted, Terraform will assign a random, unique name.name_prefix - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. …

As described here Google Kubernetes Engine (GKE) offers integrated support for two types of Cloud Load Balancing for a publicly accessible application:

  1. Ingress
  2. External Network Load Balancing

For Ingress type, when you specify kind: Ingress in a Kubernetes manifest, you instruct GKE to create an Ingress resource. A GLB load…

I am sending EKS logs to ELK stack. It is working great, but AWS ELB health check creates lots of logs and does not let me track other events properly on Kibana dashboard.

My images are based on nginx. Here is nginx configuration to disable nginx logging for ELB-HealthChecker/2.0

First…

I am working on terraform modules in private git repos. I use my default ssh key(~/.ssh/id_rsa) on macOS for my own personal git repos.

GitHub does not allow using same key for other git account. I created another ssh key pair and uploaded to GitHub. But git clone or terraform init still uses default key pair. Running ssh-agent and adding my new key to ssh agent with ssh-add did not help.

Solution

Use GIT_SSH_COMMAND env variable.
Create new ssh key, Add new public key to Github and set GIT_SSH_COMMAND

$ ssh-keygen -t rsa -f ~/.ssh/mynewssh
$ export GIT_SSH_COMMAND="ssh -i ~/.ssh/mynewssh"
$ ssh-agent
$ ssh-add ~/.ssh/mynewssh
$ terraform init
on Fish shellset -gx GIT_SSH_COMMAND "ssh -i ~/.ssh/mynewssh"

Ismail YENIGUL

Devops Engineer

By default, Argo CD has only one built-in user admin. If you want to create new users, you must configure k8s configmaps.

In this example, I will explain how to create local users, custom permissions for the users and setting password. I installed argocd with helm at https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd

We are…

MongoDB Atlas documentation recommends using the following mongodump command with URI syntax to dump a database. But it does not work well with as reported at https://github.com/golang/go/issues/37362

$ mongodump --uri="mongodb+srv://dbUser:mypass@mycluster.jnszz.mongodb.net/mymongodb"2021-03-03T19:15:19.165+0000 error parsing command line options: error parsing uri: lookup mycluster.jnszz.mongodb.net on 127.0.0.53:53: cannot unmarshal DNS message2021-03-03T19:15:19.165+0000 try 'mongodump…

Source: https://kreuzwerker.de/post/aws-multi-account-setups-reloaded

In this article, I will explain what needs to be done to implement multi aws accounts with AWS CLI step by step. I am planning to create story series for AWS Multi-Account deployment.

AWS Accounts

We will create the following child accounts under an AWS Organization.

security
mgmt
dev
stage
prod

Architecture

  • Create…

Falco is a Kubernetes threat detection engine. Falco supports Kubernetes Audit Events to track the changes defined in k8s audit rules made to your cluster.

But unfortunately, AWS EKS is a managed Kubernetes service, and it only can send audit logs to CloudWatch. …

If you are running Jenkins on AWS EC2 instance, you can push build docker image on Jenkins and push to ECR registry without creating credentials on Jenkins

You can get a sample Jenkinsfile from my gist.

This pipeline login to ECR and build docker image from Dockerfile in my git…

ismail yenigül

Devops Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store