Latest blog posts

Generating Signed S3 URL's

Generating Signed S3 URL's
Updated 10 months ago Published 10 months ago
One of the great but often forgotten features provided by S3 is the ability to generate temporary signed URL's that can be used to view, upload and delete files from a bucket.
Signed URL's are a secure and easy way to provide a temporary upload path for a client without the need to build any intermediate services to handle the uploads for you.
In this post we will cover how you can provision a signed URl for a file already present within a bucket, You can currently only create signed URl's to GET a file via the AWS cli.
You will need to ensure you have the AWS cli installed.
aws s3 presign s3://devnotnull.com-signed/$FILE --expires-in 604800

Deploying Github actions runners to Kubernetes

Deploying Github actions runners to Kubernetes
Updated 1 year ago Published 1 year ago
Managed runners for Github actions can be quite expensive as such for most folk and organisations it's likely cheaper to host the runners of your own infrastructure and given this is 2023 your probably running kubernetes somewhere.
This guide is up-to-date as of November 4th 2023.
This guide will cover how you can deploy Github runners to a Kubernetes cluster at the organisational level.
To start you will need to generate a new token, any user that has been granted admin rights to your organisation should have the permissions required to create a new token.
There are still a few issues with the new Fine grained tokens for Organisation level permissions so we will create a classic PAT token.

Make an S3 bucket public

Marking an S3 bucket as public via the AWS cli
Updated 1 year ago Published 1 year ago
Flagging a bucket with public permissions is a pretty simple affair and there are several ways in which you can achieve this goal.
The easiest of the possible path ways is you apply a policy to your bucket with global read permissions
Here is an example of the policy, This can be applied via the AWS S3 web ui or preferably via the AWS cli.
{
  "Version": "2012-10-17",
  "Statement": {
    "Action": "s3:GetObject",
    "Effect": "Allow",
    "Resource": "arn:aws:s3:::devnotnull-ui-feat-feat-migrate-to-tailwind/*",
    "Principal": "*"
  }
}
And here is an example command to apply the aforementioned policy to a bucket via the AWS cli.

Homelab update November 2023

A quick overview of my Homelab as of November 2023
Updated 1 year ago Published 1 year ago
I have been an avid Homelabber for a while now and I've built up what I consider to be a pretty sweet setup, I started off with a single repurposed PC that I upgraded from over a full over server rack.
As sad as it may sound I have always loved the idea of hosting my own server's and all of the application that I have come to depend on.
At work I mainly work with cloud providers, which is 100% the correct approach for any large company that needs to build quickly and at scale. But I've never liked the fact that so many of the managed services provided are obfuscated from the end user.
I like to understand how stuff works and my Homelab has allowed for me to explore this curiosity.

Networking

Lets encrypt certificates and Kubernetes

A simple guide listing how you generate AWS SSL certs for use in your Kubernetes cluster.
Updated 1 year ago Published 1 year ago
I've recently started to migrate my home network away from Pfsense and over a shiny new Ubiquity Dream machine pro, I can hear the screams of disgust from some of the networking folk already.
Over the past few years I have been running Pfsense at the core of my home network and It's served me extremely well and i've learnt a hell of a lot along the way.
But I'll admin that whilst I loved the feature set provided the pure power and occasional complexity of the features provided was a lot of overhead and simple updates were often a more hassle than I had time for being a new parent as such I decided it as time to bite the bullet and move to something a bit easier to manage. I already use a number of Ubiquiti switches and access points at home so the decison to move over to an entirely Ubiquity based setup was a pretty easy decision.
But I'll openly admit the feature gap between Pfsense and the Ubiquiti Dream machine pro was something I thought that could be easily mitigated, some things were easy to migrate, other features I decided I could live without. But some features I really missed.
One of the aforementioned nifty features provided by Pfsense was it's built in HaProxy plugin which I previously used to hook up the external pod IP's provisioned from load balanced Kubernetes services, it even included automated ACME certificate provisioning.

Microservices are not always the answer

Microservices have become the defacto architectural pattern most most organisations both large and small, But is this a good thing?
Updated 1 year ago Published 1 year ago
Before we start, what is the official definition of 'mircoservices'.
Micro-services - also known as the Microservices architecture - is an architectural style that structures an application as a collection of services that are:
  • Independently deployable
  • Loosely coupled
  • Organized around business capabilitiesMicro-services
  • Owned by a small team
The micro-service architecture enables an organisation to deliver large, complex applications rapidly, frequently, reliably and sustainably - a necessity for competing and winning in today’s world.
As developer's we always want to build the best solution possible, and to the end we often take inspiration from others and stand on the shoulders of giants.

Installing Debian and Proxmox on a Hetzner server.

Updated 1 year ago Published 4 years ago
For this example i shall be using a dedicated server from Hertzer https://www.hetzner.de/en/. A shout out to Hertzer if your looking for cheap and beefy dedicated hosting then these guys are your best bet.
Setting up the Hertzer server
This guide assumes your server has Debian 8 (Jessie installed)
Config when tested
Intel Core i7-920

Bootstrap an Kubernetes 1.20 cluster with Ansible

Updated 1 year ago Published 1 year ago

Bootstrap an Kubernetes 1.20 cluster with Ansible

This guide assumed you already have a provisioned Proxmox host.
You will also need to install ansible and ansible galaxy.
Leading on from one of my previous posts where I ran over how you use a Hertzner server to boostrap a Kubernetes, I have in the meanwhile moved away and migrated all of my servers to my shiny new Homelab.
I still make exclusive use or Proxmox but I also have a a fairly beefy Trunas scale NAS which I use to host all of my internal infrastructure's storage.

Manually installing Kubernetes 1.10 on Proxmox.

Simple Kubernetes 1.10 install guide.
Updated 1 year ago Published 4 years ago
This guide assumes that you already have an operational Proxmox instance.
Step One - Creating the vms
Now you have your host networking setup your ready to create your virtual machines, for this setup we will be creating a cluster of 3.
The layout will be,
node-01 10.20.30.101
node-02 10.20.30.102
node-03 10.20.30.103

How to create a simple AWS Lamda function with Typescript.

A simple tutorial running over how to deploy a Lambda function along with DynamoDB
Updated 1 year ago Published 4 years ago
Over the course of this tutorial you will be deploying a set of simple todo Lambda function, you will be deploying 3 separate artefacts.
  • Create endpoint
  • Get all todo's endpoint
  • Get by id todo's endpoint

What will we be working with

AWS Lambda is a service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second.
AWS DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It’s a fully managed NoSQL database database with built-in security, backup and restore, and in-memory caching for internet-scale applications.