How to add a self-signed certificate to the GitHub action runner

Adding a certificate to a GitHub runner Imagine having a project where you have a server that you would like to run with TLS. Let’s say, you want to run a Docker registry in a cluster using TLS. You need the generated certificate’s root certificate in the trust store of the GitHub action runner. This is simple with mkcert. The action is simple: name: tests on: pull_request: paths-ignore: - 'CODE_OF_CONDUCT.md' - 'README.md' - 'Contributing.md' workflow_call: push: branches: - main permissions: contents: read # for actions/checkout to fetch code jobs: run-test-suite: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - name: Setup Go uses: actions/setup-go@v3 with: go-version-file: '${{ github.workspace }}/go.mod' - name: Restore Go cache uses: actions/cache@v3 with: path: /home/runner/work/_temp/_github_home/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: Run e2e run: make e2e This is nothing fancy. The fancy thing is coming from the make e2e part. ...

July 4, 2023 · 4 min · hannibal

Comments are back

Well, the previous post was a lie ( or rather a copy and paste error ).

May 11, 2023 · 1 min · hannibal

Test comments

Hello dear reader. I switched to a new theme that has Dark Mode. I’m hoping nothing changed regarding the RSS functionality. I removed the comments because I rarely used them. Also disabled any sort of tracking. Enjoy, Gergely.

May 11, 2023 · 1 min · hannibal

Dark mode and a new theme

Hello dear reader. I switched to a new theme that has Dark Mode. I’m hoping nothing changed regarding the RSS functionality. I removed the comments because I rarely used them. Also disabled any sort of tracking. Enjoy, Gergely.

May 10, 2023 · 1 min · hannibal

Painless controller testing with e2e-framework and tilt

Welcome dear reader. When last we met, we talked a lot about setting up Tilt for rapid controller development. Now, let’s see how powerful Tilt can be once we bring it together with Kubernetes’ e2e-framework. Controller E2E Framework I’d like to present my controller-e2e-framework which brings Tilt and e2e-framework together to easily write and run tests for controllers that work together. This framework can be used to integration test or e2e test controllers that work together. They set up some kind of ref connection between certain objects and perform some operation on said object. ...

March 12, 2023 · 7 min · hannibal

Rapid Kubernetes Controller Development with Tilt

Welcome dear reader. Today, we are going to dive into how to use Tilt to speed up the feedback loop of developing a Kubernetes controller. We are going to do that using an open-source project called OCM which has a controller called ocm-controller. I’m going to walk through the following process: researching tilt what it could do for me understanding the Tilt file trivial mapping of the developer process understanding Starlark adding more features tackling hot swapping troubleshooting Let’s dive in. ...

February 25, 2023 · 23 min · hannibal

Generate a sample YAML file from a CRD

Hello. This one is a quick update. Just a showcase really. I wrote a tool to generate a sample YAML file from a CRD. Given a CRD like this one, it would output a generate yaml sample like this: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AWSCluster metadata: {} spec: additionalTags: {} bastion: allowedCIDRBlocks: ["string"] ami: string disableIngressRules: true enabled: true instanceType: string controlPlaneEndpoint: host: string port: 1 controlPlaneLoadBalancer: additionalSecurityGroups: ["string"] crossZoneLoadBalancing: true healthCheckProtocol: string name: string scheme: string subnets: ["string"] identityRef: kind: AWSCluster name: string imageLookupBaseOS: string imageLookupFormat: string imageLookupOrg: string network: cni: cniIngressRules: - description: string fromPort: 1 protocol: string toPort: 1 securityGroupOverrides: {} subnets: - availabilityZone: string cidrBlock: string id: string ipv6CidrBlock: string isIpv6: true isPublic: true natGatewayId: string routeTableId: string tags: {} vpc: availabilityZoneSelection: string availabilityZoneUsageLimit: 1 cidrBlock: string id: string internetGatewayId: string ipv6: cidrBlock: string egressOnlyInternetGatewayId: string poolId: string tags: {} region: string s3Bucket: controlPlaneIAMInstanceProfile: string name: string nodesIAMInstanceProfiles: ["string"] sshKeyName: string status: bastion: addresses: - address: string type: string availabilityZone: string ebsOptimized: true enaSupport: true iamProfile: string id: string imageId: string instanceState: string networkInterfaces: ["string"] nonRootVolumes: - deviceName: string encrypted: true encryptionKey: string iops: 1 size: 1 throughput: 1 type: string privateIp: string publicIp: string rootVolume: deviceName: string encrypted: true encryptionKey: string iops: 1 size: 1 throughput: 1 type: string securityGroupIds: ["string"] spotMarketOptions: maxPrice: string sshKeyName: string subnetId: string tags: {} tenancy: string type: string userData: string volumeIDs: ["string"] conditions: - lastTransitionTime: string message: string reason: string severity: string status: string type: string failureDomains: {} networkStatus: apiServerElb: attributes: crossZoneLoadBalancing: true idleTimeout: 1 availabilityZones: ["string"] dnsName: string healthChecks: healthyThreshold: 1 interval: 1 target: string timeout: 1 unhealthyThreshold: 1 listeners: - instancePort: 1 instanceProtocol: string port: 1 protocol: string name: string scheme: string securityGroupIds: ["string"] subnetIds: ["string"] tags: {} securityGroups: {} ready: true The link to the repo is here. Enjoy. ...

October 19, 2022 · 2 min · hannibal

Summary of Common Sense guide to Data Structures and Algorithms

Hello! I’ve been working on something extensive these days. Like my Grokking Algorithms summary, I now moved on to read Common-Sense Guide to Data Structures and Algorithms. As with Grokking, I created a Go based repo and added notes for each chapter. The repo can be located here. Enjoy, and thanks for reading. Gergely.

September 25, 2022 · 1 min · hannibal

How to contribute to a new repository

How to contribute to a new repository Hello Dear readers. Today, I’m going to walk you through a process of contributing into a new repository. If you are new to Go development and would like to contribute somewhere but are at a loss in large repositories, this post will be for you. I selected the top repository in trending Go today. Which is istio. I think that’s sufficiently large and I have no idea about the repository, so I’m going to walk you through my process. I did choose a repo that is in the area of my expertise though so I have an easier time deciphering what it is trying to do in the first place. ...

July 1, 2022 · 6 min · hannibal

Hacking on CAPA - The journey of implementing a nontrivial feature in a barely known codebase

Hacking on CAPA - The journey of implementing a nontrivial feature in a barely known codebase Hello Dear readers. Today, I would like to write about a project I’ve been working on these past months or so. This is a longer story and hopefully an interesting one to read. I’m going to write about the journey I took while trying to implement IPv6 based Kubernetes cluster for CAPA and EKS. The interesting points of this journey are twofold. First, understanding IPv6 in AWS land and how it’s configured and how it works. What are it’s limitations and requirements? Topology, routing, security groups, launch configuration, IAM roles, node policies… etc. ...

June 26, 2022 · 14 min · hannibal