June 20, 2020

Grafana remote image renderer

Introduction Since the Grafana Image Renderer plug-in is not supported anymore from Grafana 7.0 some changes are required to switch to the remote image renderer, and run it as a docker container. This post goes into the details of setting-up a remote image renderer for Kubernetes, on amd64, arm/v7 and arm64. Multi-arch build The official git repo only supports linux/amd64 at this moment but there is an issue for arm-support. Read more

June 15, 2020

Gitlab CI/CD docker builds with docker 19.03 images

Introduction In this previous post I came accross an issue that I wanted to write about in more details: Why it is bad to rely on any kind of latest tags How docker 19.03-dind will break your gitlab-ci docker builds and what you can do about it If you do not use latest your pipeline is not already broken but this may still be interesting for you since this summary will help you update. Read more

June 14, 2020

Building docker images for multiple architectures with docker buildx

Introduction In this previous post we have been exploring how to build docker images for multiple architectures. In this post we will look into streamlining this approach using docker buildx, both locally and in gitlab-ci. Step-by-step Enable buildx In order to use docker buildx you will need: A recent docker version; I am running 19.03.11 on linux enable the experimental features: export DOCKER_CLI_EXPERIMENTAL=enabled Running docker buildx should show you: Read more

June 14, 2020

Testing gitlab-ci pipelines locally

Introduction Debugging gitlab-ci pipelines can be a tedious task, especially as the pipeline does not run in the inner loop. Fortunately the gitlab-runner can be installed locally, allowing you to test many aspects of the CI/CD pipeline prior to commit. Read more

May 19, 2020

Kubernetes RBAC explained

Introduction Whether it is from CI/CD or from the command-line, I often see the default kube-config with cluster-admin rights being used. This is like permanently working with root privileges and there certainly are more secure ways. In this post we will look into demystifying Kubernetes RBAC, and setting-up more suitable permissions for two use-cases: a CI/CD pipeline that needs full permissions on anything located in a given Namespace a reader who needs to access resources for troubleshooting purposes Concepts Roles and ClusterRoles define sets of permissions to objects at the namespace and cluster scope. Read more

Content licensed under CC BY 4.0