August 9, 2022

Terraform CDK - Managing our GitHub Organisation

Preface Introduction At reecetech, we’re currently in development stages of migrating our repositories from Stash (BitBucket) to GitHub. The Delivery Engineering team has been on the forefront of this migration process and slowly have been onboarding teams and helping them migrate their build and deploy plans over. This migration has been in the works for the past several months. What is Terraform? Terraform is a cloud resource provisioning solution that uses straightforward, declarative programming as its infrastructure.

March 3, 2022

Building Amazon Linux 2 VMs in VSphere

Building Amazon Linux 2 VMs in VSphere Overview Reece utilises many different virtualised Linux based operating systems for on premise and cloud environments. This includes nodes for Kubernetes clusters as well as virtual machines used for other purposes like application servers. For certain use cases we utilise Red Hat Linux and clones such as CentOS and Rocky Linux, however especially for Kubernetes master and worker nodes (which basically just have to be able to run containers), we have switched to Amazon Linux 2 as base operating system (even for our on-premise VSphere environment) - also to align on-premise and cloud environment builds / post build steps where possible.

January 12, 2022

Edit Helm3 Manifest Secret In Place

Preface Introduction At reecetech we have been using Helm to template and apply Kubernetes resources for a few years. We went through the pain of updating from Helm2 to Helm3, a migration that took far longer than we estimated 😅. Helm3 is a large improvement for us as it uses Kubernetes secrets inside the namespace the Helm chart is installed. This allows for a very small server side footprint for Helm.

September 1, 2021

Securing Informix database passwords using Hashicorp Vault

The reecetech solution to secure password delivery using Hashicorp Vault, Active Directory, and shell scripts (ksh93 no less!). We used to store passwords in plain-text, but those days are over.

August 25, 2021

Dynamic Admission Control in Kubernetes

Preface Introduction At reecetech, it is common for personnel to engage with build and deployment pipelines. This also entails configuration of Helm Charts. With consideration that anybody can make a mistake, it only seems sensible to put safeguards within these delivery pipelines. Everyone has a different scope and agenda, so holistically the system can be overlooked and lead to misconfiguration. An example of this may be a Software Engineer desires more Memory and/or CPU to boost their application performance.

August 12, 2021

macOS Docker Volume Performance

Introduction With widespread macOS adoption for developers at reecetech, it became important for us to solve a well-known issue with Docker bind volumes performance when using Docker for Mac. Docker for Mac uses a Linux VM to perform Docker operations, acting as a shim between Docker and the macOS kernel. This raises an issue with performance when trying to bind mount a volume to Docker from the local Mac environment.

July 8, 2021

Development Security Bug Bash

Developers stop feature work for a week to focus on paying down technical debt by gamifying the reduction of security CVEs.

June 18, 2021

AWS Lambda and SAM Gotchas

Thinking of utilising Amazon Web Services (AWS) Lambda services for your next API project? Maybe you’re even considering using the AWS Serverless Application Model (SAM) to speed up and simplify your AWS Lambda development process. This article will explore a few of the “gotchas” that took our team by surprise when using AWS Lambda and AWS SAM together. While AWS Lambda provides low maintenance and cost-effective way to run quick running code in the Amazon Web Services cloud, you need to be aware that it is a different paradigm to traditional HTTP API services you may be familiar with.

April 12, 2021

Migrating Kubernetes from Docker to Containerd

Overview Reece operates multiple on-premise and cloud hosted K8s clusters for many years and we heavily utilise docker as our container runtime for master and worker nodes. As most readers would be aware by now, the Kubernetes update to 1.20 also announced the deprecation and future removal of the much loved docker interface. This post documents our journey from docker to a suitable replacement option. Options The two most obvious alternatives are cri-o and containerd.

January 29, 2021

Federate Kubernetes with AWS IAM using OIDC

Introduction At reecetech, we want to consume AWS services from the pods running in our Kubernetes clusters. The Kubernetes clusters are predominantly hosted on-prem in VMware, although there are some worker nodes that run on EC2 instances. In order to use AWS services, the pods are required to be authenticated with AWS. We used OpenID connect to federate the identity pods have in our Kubernetes clusters (RBAC) to AWS IAM. This allows the pods to be able to assume a role in AWS using the AWS STS AssumeRoleWithWebIdentity API call.