/categories/tutorials/Recent content in tutorials on amasucci.comHugo -- gohugo.ioen-usThu, 24 Feb 2022 06:32:34 +0100/posts/cicd-and-iac-design-a-pipeline/Thu, 24 Feb 2022 06:32:34 +0100/posts/cicd-and-iac-design-a-pipeline/IaC Design a CD Pipeline - CICD and IaC Episode 4 This is the last episode of the miniseries CICD and IaC. In this episode we are going to put everything together and see what’s next. In the previous episodes This mini series started with the first episode about externalising the terraform configuration using yaml decode and yaml files instead of terraform variables. We discussed the different reasons: Store configuration in the env (12 factor app) Easier to review and less surprises compared to the overrides mechanisms offered by TF vars Automatic validation Then we saw how to seal our terraform modules with docker./posts/cicd-and-iac-test-terraform-with-terratest/Thu, 24 Feb 2022 06:32:34 +0100/posts/cicd-and-iac-test-terraform-with-terratest/Test terraform In this third episode of the miniseries CICD and IaC we are going to see how to test the artifact we created in the previous video. In the previous episodes In previous episodes (link to the playlist) I showed you how to externalise the terraform configuration using the yamldecode function in terraform and how to create artifacts for terraform code using Docker. Today we are going to start from where we left, and I am going to create a simple test for our module./posts/cicd-and-iac-dockerize-terraform/Thu, 10 Feb 2022 18:00:34 +0100/posts/cicd-and-iac-dockerize-terraform/Dockerise terraform In this second episode of the miniseries CICD and IaC we are going to see how to create immutable artifacts for our terraform code. In the previous episode We saw how to externalise the configuration of our terraform code → we moved all our variables in a single variable using terraform structured types. While this is nice, because yaml is more readable than HCL, readability is not the only reason for moving the config/variables outside./posts/cicd-and-iac-externalise-terraform-configuration/Thu, 03 Feb 2022 18:00:34 +0100/posts/cicd-and-iac-externalise-terraform-configuration/Externalise Terraform Configuration This article is part of a miniseries. In the miniseries I will show with practical examples how to apply concepts of CI/CD to IaC, we are going to see how to create independent immutable artifacts for our IaC. How to package them and how to test their deployment. This is for experienced terraform users so I won’t describe the terraform and how it works (let me know if you are interested I can make a miniseries to cover that too)./posts/database-migrations-best-practices/Sun, 23 Jan 2022 22:10:34 +0100/posts/database-migrations-best-practices/Database Schema Migrations Updating your application from time to time requires deeper changes that may affect the data layer. When you have to touch the data and your database, it’s always important to consider the impact of changes and how to minimise the risks. For what we are going to talk today, code is not strictly necessary but it can help, plus I wanted to play a bit with Kotlin./posts/api-backwards-compatibility/Thu, 13 Jan 2022 17:10:34 +0100/posts/api-backwards-compatibility/API Design - Backward and Forward Compatibility Designing APIs is non-trivial, especially because, at design time we have limited information about their use and consumption. Today we are going to talk about APIs, Backwards and Forwards Compatibility… and how to bump the version of an API in case there is a need for it. Practical example Let’s start with an example, lets say we have an API, something similar to Twitter, with an endpoint that accepts a payload like this:/posts/versioned-configuration-and-deployments-in-kubernetes-with-spring-cloud-config/Wed, 10 Apr 2019 10:06:46 +0100/posts/versioned-configuration-and-deployments-in-kubernetes-with-spring-cloud-config/How are you deploying your pods to Kubernetes? You are about to say helm, aren't you? You ended up on this page probably because you are looking for an alternative to helm. Stop googling and start reading, here I am going to explain what works for me. A while ago I was looking for a tool with the following features: Versioned deployments Centralised configuration With a template engine Able to manage secrets Easy to run from the command line Multi environment [ dev | staging | prod ] Able to keep track of changes and deployment history but I couldn't find anything./posts/simplify-secret-management-with-openssl-and-docker/Sun, 18 Mar 2018 08:20:30 +0100/posts/simplify-secret-management-with-openssl-and-docker/Simplify secret management with OpenSSL and Docker, if you are looking for a secure and easy way to store and access secrets you may find the following post useful. A while ago I covered something similar in this post How to encrypt and decrypt a file on the command line. This post can be seen as the next step to not only encrypt and decrypt values but also to manage secrets across multiple environments, I am going to show you how combine OpenSSL with Docker to get the best of both tools./posts/how-to-generate-tls-certificates-with-cert-manager-and-letsencrypt-in-kubernetes/Sat, 17 Mar 2018 15:05:10 +0100/posts/how-to-generate-tls-certificates-with-cert-manager-and-letsencrypt-in-kubernetes/Kubernetes simplifies management of containerised applications and promotes automation of all the aspects of a deployment. It can do even more if combined with third parties components that's what we are going to do today, we are going to use cert-manager and letsencrypt to generate TLS certificates automatically. Requirements This guide assumes that you are already familiar with kubernetes and that you have access to kubernetes cluster with an ingress controller, if you don't, you can have a look at the previous posts:/posts/how-to-extract-keys-from-github/Fri, 27 Oct 2017 05:08:51 +0100/posts/how-to-extract-keys-from-github/The following post will explain how to get all the public keys used by members of a team in github. This can be useful whenever you want to setup ssh keys to give access to a new machine. Before starting you need an access token in order to call your GitHub api, the easiest way is creating a personal access token and select the read:org as in the screenshot below. If you are interested in other in other authorization mechanisms refere to the official documentation./posts/how-to-configure-nginx-on-kubernetes-1_8_1-as-ingress-controller/Sun, 22 Oct 2017 12:20:34 +0100/posts/how-to-configure-nginx-on-kubernetes-1_8_1-as-ingress-controller/What is an Ingress controller An ingress controller is component in the kubernetes cluster that manages the traffic coming into the cluster. Through ingress configurations you can define the rules to access the containers in you pod. For more info refer to the official documentation. Default backend A default backend is required so ingress can redirect all the requests not matching any rule in ingress configuration. First of all we are going to create a namespace for our ingress controller/posts/how-to-configure-dashboard-on-kubernetes-1_8_1/Sun, 22 Oct 2017 12:01:51 +0100/posts/how-to-configure-dashboard-on-kubernetes-1_8_1/Dashboard This is the second of three articles, the other two are How to install Kubernetes 1.8.1 on centos 7.3 Configure Nginx as Ingress Controller Kubernetes offers a dashboard where you can visualise the status of you cluster, as you can see from the picture below you have a global view of everything running on the cluster. The following configuration, is not the most secure, this is for simplicity and you can always disable it by simply running kubectl delete -f dashboard./posts/how-to-install-kubernetes-1_8_1-on-centos-7_3/Sun, 22 Oct 2017 12:01:51 +0100/posts/how-to-install-kubernetes-1_8_1-on-centos-7_3/This step by step tutorial is based on the official kubeadm tutorial and few other resources I found online. Add comments if something is not working or you have problems, I also found very useful the k8s slack channel. This is the first of three articles, the other two are Configure Kubernetes Dashboard Configure Nginx as Ingress Controller What you need: A box running Centos 7.3 few gigs of ram (I would suggest at least 4) One hour of your time./posts/how-to-encrypt-and-decrypt-a-file-on-the-command-line/Sat, 13 May 2017 18:12:37 +0100/posts/how-to-encrypt-and-decrypt-a-file-on-the-command-line/Soon or later we may need to encrypt files, here a quick way to encrypt/decrypt file from the command line. How to Encrypt How to Decrypt/posts/schedule-multiple-bash-script-with-cron/Sat, 13 May 2017 18:02:49 +0100/posts/schedule-multiple-bash-script-with-cron/In several occasions you may need to postpone the execution of some web requests, for performance reasons, timelines in response or resource consumption. In few PHP projects I found very useful the script below. It uses a scripts directory to read all the sh files from. Each file in the scripts directory gets moved to a running directory before execution. At the end of the execution it checks the return value and based on the result moves the sh file to the completed directory or the failed directory.