Setting up Workload Identity Federation in Google Cloud for Github pipelines

June 6, 2024 - Patrick Kerwood

Setting up authentication for pushing images to Google Artifact Registry from a Github pipeline is usually done by creating a static, forever valid, credential file for at service account, which will probably never be rotated. An alternative to that is to use Workload Identity Federation to exchange a Github issued JWT token with a Google token and use that for authentication.

Read More

Creating a bash script with commandline arguments

May 5, 2024 - Patrick Kerwood

When creating a good bash script for others to use, it's important to create a good user experience. Creating good usage arguments makes all the differnce and really makes your script look proffesional instead of just a list of commands bunced together in a file.

Read More

Local Development With Mirrord

November 30, 2023 - Patrick Kerwood

With Mirrord you can intercept traffic for your pods in your Kubernetes cluster, which allows you to develop your application locally as if it was deployed in your cluster. Utilizing the pods network, environment or even the filesystem. In this post I will be writing some examples that I personally use.

Read More

Creating Kubernetes CRDs with Rust

June 19, 2023 - Patrick Kerwood

You can extend Kubernetes with your own custom objects, but before you can do that you will need create a Custom Resource Definition so that Kubernetes knows what the object is allowed to look like. In this post I will create a very simple Kubernetes CRD for a Book kind using Rust and kube-rs.

Read More

Setup Google Cloud Workload Identity in GKE

June 6, 2023 - Patrick Kerwood

Using a Google service account in your GKE cluster is easy, just create the credential file, apply it as a secret and it's ready for use. But now you have a long lived credential that, if compromised, can be used from anywhere any time. Instead you can use a Kubernetes service account and Google Workload Identity to authenticate to Google Cloud. No need for credential files anymore.

Read More

Signing a Certificate with a CA

April 14, 2023 - Patrick Kerwood

In this post I will use OpenSSL to create a Certificate Authority key pair, a certificate private key with a Certificate Signing Request with Subject Alternate Names and lastly I will sign the CSR with the CA.

Read More

Creating Azure App Registrations with Terraform

July 26, 2022 - Patrick Kerwood

In this blog post I will introduce a Terraform script I have created for managing Azure App Registrations. The code supports two different kinds of App Registrations, one for user logins with groups assignments and one for services which includes adding App Roles and API Permissions.

Read More

Setting up i3 on Fedora

February 12, 2022 - Patrick Kerwood

I finally decided to give the i3wm a go after postponing it for years. This post is my i3 setup with Polybar and other supporting applications.

Read More

Confluence Updater

November 16, 2021 - Patrick Kerwood

If you like to keep your documentation in Git, love writing in markdown but are somehow required to deliver documentation in Confluence, look no further. With Confluence Updater you can build a CI/CD pipeline to render a markdown page to html on change and upload it to Confluence Cloud.

Read More

Setting up Netbox with Pomerium

October 29, 2021 - Patrick Kerwood

This post is a how-to on setting up Netbox with Docker Compose. In this example I will put Pomerium in front of the WebUI to be able to use Azure an Identity Provider and utilize Netbox's remote auth feature to auto create users that Pomerium grants access to.

Read More