For some reason the GitHub API will either take a JWT or an access token depending on which endpoint you are accessing. It’s often not clear which is required, but it’s useful to have both available so that you can access the broad spectrum of endpoints they provide. If you are using a GitHub App you can generate these using the PEM private key.
Automatically print usage for Golang Cobra CLI sub-commands
When you run a Cobra (Golang CLI) application, it will print out nicely-formatted usage information derived from the root command. However it is up to you to print out subsequent usage information for commands underneath and their subcommands. $ go run main.go Various functionality for doing things from the CLI. Usage: your-binary [command] Available Commands: ... By accessing fields in the...
Use ElasticMQ to test AWS SQS using AWS SDK v2 in Golang
AWS SQS can be great low-friction service for developing applications that use a queue. But being a cloud-based managed service, how would you write isolated integration tests for it? Without either sharing a queue, or creating new queues in AWS each time, you can run ElasticMQ as an SQS-compatible queue and configure the AWS SDK to use that instead. There are less examples for version 2 (v2) of...
Convert existing namespace to subnamespace using Hierarchial Namespace Controller
The Hierachial Namespace Controller is great for simplifying managing multiple namespaces that can be grouped together, but what if you already have all your namespaces created and being used? Since Kubernetes is declarative we can update the existing namespaces and add configuration to tell the controller what we are trying to do. If you have the kubectl-hns plugin installed you can see a...
Scheduled Deployment Pod rollout restarts using Kubernetes CronJob
Most of the time your Deployments will self-heal when your Pods crash, Nodes go down or other unexpected circumstances. When your Pods get stuck, projects like do a good job of automatically restarting or rescheduling them. But what if you just want a simple restart every so often (say once a week) or on specific days of the month? Then all you need is a CronJob. Have included placeholders where...
Adopt existing Deployment, StatefulSet or Daemonset resources into Helm install
Most Helm adoption kubectl examples will show adding the annotations and label required for Helm 3 to adopt resources, but with Deployments this may cause issues if the nested Pod spec isn’t patched also. Either way you will need to add a app.kubernetes.io/managed-by label and meta.helm.sh/release-name and meta.helm.sh/release-namespace annotations. For most resources you can simply label...
Open Policy Agent example using Terraform
Simple example of how to use Open Policy Agent with Terraform including setting up a GitHub Action. The Agent can either be run as an API (that you can query) or in standalone mode (via the command line) and requires 3 things, Policies, Inputs and a Query. Documentation does not explain particularly well (for a newcomer) what each part of the supplied commands do, so please find a breakdown below...
Setting up Workload Identity on GKE per service/namespace
Workload Identity on Google Kubernetes Engine allows you to access Google Cloud services directly from a container in a Pod. This works by binding the Kubernetes Service Account to the Google Cloud Service Account, which visually looks confusing since they both have a very similar format as email addresses! The Google Cloud documentation for Workload Identity is a little abstract, so I’ve...
Use Bash to wait for Docker container to start by tag
If you run a container in the background and want to wait until it has started up before doing anything else, you can use a combination of docker ps and docker inspect to check within a Bash loop whether it is finally running. This can be useful if you want to run tests checking if the container is responding on a specific port for example. You can remove the --all option for docker ps and the...
jq error key/0 is not defined when selecting fields with numbers and dashes
If you are trying to select a JSON field with a number or dash, you may get a jq compile error. As mentioned in a GitHub issue, the key gets parsed as a substraction so we need to enclose it in additional quotes.