Istio from A to Y
Istio is an open-source service mesh that allows you to connect, secure, control, and observe the services of an application. We will see how to install Istio, and how to use it to secure and monitor our services.| a-cup-of.coffee
A blog of a coffee lover who spends most of his time learning and tinkering with YAML.| a-cup-of.coffee
GoAuthentik is a selfhosted service to provide SSO authentication on all applications, let's see how it works| A cup of coffee
I think many of us have our own collection of smart gadgets at home, connected to platforms like Jeedom, Home Assistant, or others. Personally, I have about ten sensors that allow me to monitor temperature, air quality, electricity consumption, and a few actuators to control lights and smart plugs. Most of my gadgets work with WiFi or ZigBee (a protocol used by Xiaomi, Philips Hue, Ikea, etc.). So far, nothing too complicated, everything is integrated into Home Assistant and I can control eve...| A cup of coffee
Falco from A to Y# When managing a server fleet, it is often challenging to have visibility into what is happening on the servers. We can never truly know when a user is attempting to bypass our system’s security. Logs (if they exist) are usually buried in the noise, making it difficult to detect abnormal behaviors that could be a sign of an intrusion. Using a log aggregator like Loki or Elasticsearch can be an effective solution for centralizing logs and making them more easily exploitable.| A cup of coffee
Introduction# The Web of Trust (WoT) is a concept used in the field of computer security and cryptography. It is a decentralized trust model that allows for the verification of digital identities and ensures the integrity of communications. In the context of public key cryptography, the Web of Trust is used to validate users’ public keys. Each user can generate a key pair, consisting of a private key and a public key.| A cup of coffee
GitOps# What is GitOps?# GitOps is a methodology where Git is at the center of delivery automation processes. It serves as the “source of truth” and is coupled with programs to continuously compare the current infrastructure with that described in the Git repository. It should not be confused with CI/CD, which involves testing the application code and delivering it. Indeed, GitOps follows the same process but incorporates other aspects of the application architecture:| A cup of coffee
Loki is an open-source log management system designed by Grafana Labs. It is known for being user-friendly and highly performant. Loki is designed to be used with Grafana using an equivalent to LogQL, a query language similar to Prometheus’s (to learn more about Prometheus, click here). In this article, we will see how to install all the necessary components to use Loki and Promtail. We will also learn how to store logs on an object storage (Minio) to achieve high availability in a Loki clu...| A cup of coffee
Introduction# Vault is a secret management tool developed by Hashicorp. It allows for secure storage and management of secrets. In this article, we will see how to use Vault to manage your application’s secrets. Vault was released in 2015 and has become an essential tool for secret management. It is used by many companies for its flexibility and security. Its scope is wide, it can be used to store secrets, certificates, SSH keys, API tokens, etc.| A cup of coffee
Creating your own cloud at home?# I constantly use virtual machines to test scripts, host services, perform deployment tests, etc. I usually use Proxmox in my lab, and Libvirt at work. Recently, I have been deepening my knowledge of public clouds like AWS, GCP, Azure, etc. And if there is one thing that fascinates me, it’s how quickly you can create a virtual machine. I sometimes use Cloud-Init to automate the creation of my virtual machines or Packer to create VM templates, but we are talk...| A cup of coffee
Introduction# When you deploy an application on Kubernetes, it may need secrets to function. These secrets can be passwords, SSH keys, tokens, etc. But how do you manage these secrets? How do you store them? How do you share them with developers or allow developers to create them? For example, you want to define a secret corresponding to an API token. And in a GitOps approach, you store your Kubernetes manifests in a Git repository.| A cup of coffee
What is Prometheus?# Prometheus is a monitoring solution created by SoundCloud in 2012 and open-sourced in 2015. In 2016, Prometheus became the second project to join the Cloud Native Computing Foundation (the first being Kubernetes). Prometheus is designed to monitor metrics from applications or servers. It consists of 3 parts: The query engine to retrieve metrics from exporters; The Time Series Database (TSDB) that stores short-term data; The web service that allows querying the database.| A cup of coffee
Tmux is a terminal multiplexer that allows you to create and control sessions. It is often used to run a command in the background and be able to close the terminal without stopping the process. When you start Tmux, it initiates a session stored (by default) in your /tmp directory. By closing the window, reopening a terminal, and running tmux attach, you can retrieve your processes. It is also possible to open multiple Tmux sessions at the same time.| A cup of coffee
IPFS (InterPlanetary File System) is a P2P(Peer to Peer) protocol that allows for the decentralized distribution of files. The term “InterPlanetary” highlights the primary goal of IPFS: to overcome the technical difficulties and constraints of communication between planets.| A cup of coffee
Dagger.io is a project that was announced some time ago by Solomon Hykes, and its philosophy caught my attention. It is a CI/CD service that allows running jobs in Docker containers. The added value of Dagger is that it is not limited to Yaml (like Gitlab-CI, Github Action, Drone.io) or a custom DSL (like Jenkins). It allows running jobs using Python, Go, Java, TypeScript, or even GraphQL code. It is somewhat similar to Pulumi but for CI/CD jobs.| A cup of coffee
Introduction# Usually, when I start writing documentation, I always begin with a definition (often sourced from Wikipedia). Since the Wikipedia page for cert-manager is not very comprehensive (and also to be trendy and mention it at least once), I will ask ChatGPT to write this definition for me. Cert-manager is a certificate management tool for Kubernetes. It automates the generation, renewal, and management of SSL/TLS certificates for your applications on the cluster.| A cup of coffee
2024 - 8# Date Title Description 09/07/2024 Istio from A to Y Istio is an open-source service mesh that allows you to connect, secure, control, and observe the services of an application. We will see how to install Istio, and how to use it to secure and monitor our services. 12/05/2024 Awtrix Ulanzi + Domotic = ❤️ Review of the Ulanzi TC001 with Awtrix 3 firmware and its integration with Home Assistant.| A cup of coffee
Linkedin Administrateur système passionné par l’univers du libre et de l’open-source, je suis toujours à la recherche de défis et de nouvelles technologies à découvrir dans la gestion d’infrastructure et d’automatisation de tâches. J’apprécie d’ailleurs mettre à profit ma double compétence dans le domaine de l’administration système et du développement logiciel, ainsi que les connaissances associées, dans le cadre de projets personnels. Projets me permettant égalem...| A cup of coffee
Administration d’Infrastructure Boot PXE avec NetBoot Introduction à DNSMasq| A cup of coffee
CI/CD# Dagger.io, a Universal CI DevOps# Cert-Manager Dagger.io, a Universal CI Creating your MicroVM cloud at home? Vault from A to Z Domotique# Awtrix Ulanzi + Domotic = ❤️ Infrastructure# Cert-Manager Creating your MicroVM cloud at home? Loki from A to Y Prometheus from A to Y Kubernetes# ArgoCD from A to Y Cert-Manager Falco from A to Y Istio from A to Y How to manage secrets in Kubernetes with Sealed-Secret Talos - An Immutable OS for Kubernetes Network# IPFS - A protocol for archivi...| a-cup-of.coffee
Istio is an open-source service mesh that allows you to connect, secure, control, and observe the services of an application. We will see how to install Istio, and how to use it to secure and monitor our services.| a-cup-of.coffee
