Skip to content

Welcome

This is a personal blog, where I will share my thoughts and experiences on various topics.

Here the posts are smaller bitsized chunks, for long reads please visit my github pages website.

Gitstafette Server Deployment

In this post, we examine the deployment of the Gitstafette server.

We cover the deployment on Google Cloud Platform (GCP) and Amazon Web Services (AWS). After describing the deployment target, we dive into the deployment automation (on AWS) using GitHub Actions.

What is the Gitstafette Server?

Earlier this year, I wrote about bringing Webhooks into your Homelab. The Gitstafette Server is the server-side component of the Gitstafette application.

The Gitstafette project is a way to relay webhooks from one service to another through a secure connection.

ChatGPT Generated title image

Proxy Dockerhub access with K3S

ChatGPT Generated title image

The Problem

When you are running a Kubernetes cluster, you will often deploy images from Dockerhub.

This can be slow, as the images have to be downloaded from the internet.

This can be a problem if you have a slow internet connection, or if you have to deploy many images at once.

You also waste bandwidth, as the images are downloaded multiple times.

In addition, you might want to be able to scan the images for security vulnerabilities before deploying them. Or you need to authenticate to download the images, as many images run into rate limiting issues otherwise.

The Solution

One way to solve this problem is to use a proxy.

This proxy can be used to cache images, so that they do not have to be downloaded from Dockerhub every time.

This is also known as a Pull Through Cache1 2, which is a common solution to this problem.

This can speed up the deployment process, as the images are already available on the local network. And prevents being rate limited, as the images are only downloaded from Dockerhub Once. An additional benefit, is that the hosts do not need to have direct access to Dockerhub, and do not need to the credentials, limiting the exposure of the credentials.

Homelab Webhooks

In this blog, we'll explore how I handle webhooks in my home lab.

My home lab is not accessible from the internet, so I need a way to receive webhooks from external services.

This will be a multi-part blog where we'll explore the following topics:

  • use case, requirements, and design (this blog)
  • code implementation, using Go lang (this blog)
  • server deployment using Docker Compose, AWS, and Hashicorp tools (future blog)
  • client deployment using Kubernetes (future blog)
  • monitoring and tracing using Prometheus, Grafana, and OpenTelemetry (future blog)

Let's get started!

ChatGPT Generated title image

Azure Entra SSO for TAP GUI via Keycloak

ChatGPT Generated title image

In recent years, I've worked with many customers who want to add SSO to a developer tool but run into blocking issues.

These are the two most common issues:

  1. there is no update-compatible way to configure Proxy configuration
  2. they want to use Technical Accounts, but they are not supported or allowed by their corporate SSO solution

Working with customers on Tanzu Application Platform(TAP)1, I often run into the first.

Tanzu Developer Portal2, the main GUI of TAP, is based on Backstage3 and the authentication is in Backstage is provided by adding plugins.

Many of these authentication plugins do not support configuring an outgoing Proxy other than changing the plugin's code.

This is not an acceptable solution for our customers.

This guide explores how we can leverage Keycloak4 to function as an authentication proxy.

Automate Image signing with Tekton Chains to Private Registry

As we hear about more and more (software) Supply Chain attacks, securing our software supply chain becomes increasingly important. One of the ways to do this is to sign our container images.

In this post, we will look at how to automate the signing of container images using Tekton Chains6.

We use the Tekton Operator, Kyverno, SecretGen Controller, and Kaniko to automate the signing of the images. Then, verify the image's signature using the cosign tool.

ChatGPT Generated title image

Homelab Introduction

In this blog I'll explain how I've setup my homelab, what I use it for and how I manage it.

The homelab is a collection of Raspberry Pi's, a Western Digital NAS, some network switches, a Fritz Box, and two Asus Mini PCs.

The homelab is primary used for explorig and learning new technologies, such as Kubernetes, GitOps, DevSecOps, and self-hosting my own applications.