Setting up Workload Identity Federation in Google Cloud for Github pipelines
June 6, 2024 - Patrick KerwoodSetting up authentication for pushing images to Google Artifact Registry from a Github pipeline is usually done by creating a static, forever valid, credential file for at service account, which will probably never be rotated. An alternative to that is to use Workload Identity Federation to exchange a Github issued JWT token with a Google token and use that for authentication.
Read MoreCreating a bash script with commandline arguments
May 5, 2024 - Patrick KerwoodWhen creating a good bash script for others to use, it's important to create a good user experience. Creating good usage arguments makes all the differnce and really makes your script look proffesional instead of just a list of commands bunced together in a file.
Read MoreLocal Development With Mirrord
November 30, 2023 - Patrick KerwoodWith Mirrord you can intercept traffic for your pods in your Kubernetes cluster, which allows you to develop your application locally as if it was deployed in your cluster. Utilizing the pods network, environment or even the filesystem. In this post I will be writing some examples that I personally use.
Read MoreCreating Kubernetes CRDs with Rust
June 19, 2023 - Patrick KerwoodYou can extend Kubernetes with your own custom objects, but before you can do that you will need create a Custom Resource Definition so that Kubernetes knows what the object is allowed to look like. In this post I will create a very simple Kubernetes CRD for a Book kind using Rust and kube-rs.
Read MoreSetup Google Cloud Workload Identity in GKE
June 6, 2023 - Patrick KerwoodUsing a Google service account in your GKE cluster is easy, just create the credential file, apply it as a secret and it's ready for use. But now you have a long lived credential that, if compromised, can be used from anywhere any time. Instead you can use a Kubernetes service account and Google Workload Identity to authenticate to Google Cloud. No need for credential files anymore.
Read MoreSigning a Certificate with a CA
April 14, 2023 - Patrick KerwoodIn this post I will use OpenSSL to create a Certificate Authority key pair, a certificate private key with a Certificate Signing Request with Subject Alternate Names and lastly I will sign the CSR with the CA.
Read MoreCreating Azure App Registrations with Terraform
July 26, 2022 - Patrick KerwoodIn this blog post I will introduce a Terraform script I have created for managing Azure App Registrations. The code supports two different kinds of App Registrations, one for user logins with groups assignments and one for services which includes adding App Roles and API Permissions.
Read MoreSetting up i3 on Fedora
February 12, 2022 - Patrick KerwoodI finally decided to give the i3wm a go after postponing it for years. This post is my i3 setup with Polybar and other supporting applications.
Read MoreConfluence Updater
November 16, 2021 - Patrick KerwoodIf you like to keep your documentation in Git, love writing in markdown but are somehow required to deliver documentation in Confluence, look no further. With Confluence Updater you can build a CI/CD pipeline to render a markdown page to html on change and upload it to Confluence Cloud.
Read MoreSetting up Netbox with Pomerium
October 29, 2021 - Patrick KerwoodThis post is a how-to on setting up Netbox with Docker Compose. In this example I will put Pomerium in front of the WebUI to be able to use Azure an Identity Provider and utilize Netbox's remote auth feature to auto create users that Pomerium grants access to.
Read More