Handling Secrets with SOPS

Installation using homebrew brew install sops manual download download from GitHub https://github.com/getsops/sops/releases Using SOPS Create a sops.yaml sops.yaml creation_rules: # encrypt stuff in .secrets - aws_profile: default kms: arn:aws:kms:eu-central-1:1234567890:key/abcdefg-0123456-abcdefg (1) path_regex: ^./secrets/.*$ (2) 1 We are using AWS KMS for encryption/decryption 2 All files in the directory .secrets will be encrypted Inplace Encrypt sops -e -i .secrets/mysecret.yaml Inplace Decrypt sops -d -i .secrets/mysecret.yaml Complete Example using PGP Install GPG and create a new Key Install the GPG binaries .Linux / apt sudo apt install gnupg ...

April 19, 2024 · 2 min · 308 words · Micha Kops

GitHub Release Pipeline for Java

Goals Set up Maven build pipeline for a Java 11 app Release Maven artifact on GitHub using GitHub actions Setup Maven Assuming that we have a project named sample-app released for my hascode GitHub account: We’re adding some release information to our project’s pom.xml: pom.xml <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.hascode</groupId> <artifactId>sample-app</artifactId> <version>1.0.0-SNAPSHOT</version>bookmark-manager <name>sample-app</name> <description>hasCode.com Bookmark Manager</description> <scm> <developerConnection>scm:git:https://github.com/hascode/sample-app.git </developerConnection> </scm> <distributionManagement> <repository> <id>github</id> <name>GitHub</name> <url>https://maven.pkg.github.com/hascode/sample-app</url> </repository> </distributionManagement> <properties> <java.version>11</java.version> <project.scm.id>github</project.scm.id> </properties> [..] </project> ...

May 14, 2021 · 2 min · 398 words · Micha Kops

MySQL and phpMyAdmin Setup with Docker-Compose

Goals Setup mySQL with phpMyAdmin connected using docker-compose (for development purpose) Prerequisites docker-compose installed Setup This is our docker-compose.yml: version: '3.2' services: db: image: mysql:8.0 container_name: mysql-container restart: always ports: - '6603:3306' environment: MYSQL_ROOT_PASSWORD: 12345678 app: depends_on: - db image: phpmyadmin/phpmyadmin container_name: phpmyadmin restart: always ports: - '8080:80' environment: PMA_HOST: db Running docker-compose up Starting mysql-container ... done Starting phpmyadmin ... done Attaching to mysql-container, phpmyadmin [..] We may now login using the following ultra-secure credentials ;) User: root, Password: 12345678 ...

May 14, 2021 · 1 min · 81 words · Micha Kops

WordPress Docker Setup

Goals Run WordPress via Docker / Docker-Compose Increase the Upload Filesize Limit Create Docker Compose Configuration Create a docker-compose.yml: version: '3.1' services: wordpress: image: wordpress restart: always ports: - 8080:80 environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser WORDPRESS_DB_PASSWORD: examplepass WORDPRESS_DB_NAME: exampledb volumes: - wordpress:/var/www/html db: image: mysql:5.7 restart: always environment: MYSQL_DATABASE: exampledb MYSQL_USER: exampleuser MYSQL_PASSWORD: examplepass MYSQL_RANDOM_ROOT_PASSWORD: '1' volumes: - db:/var/lib/mysql volumes: wordpress: db: Run Docker Compose / Start Containers docker-compose up WARNING: Found orphan containers (wordpress-docker_phpmyadmin_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up. Starting wordpress-docker_db_1 ... done Starting wordpress-docker_wordpress_1 ... done Attaching to wordpress-docker_db_1, wordpress-docker_wordpress_1 [..] db_1 | 2021-04-03T18:58:17.247963Z 0 [Note] mysqld: ready for connections. db_1 | Version: '5.7.33' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server (GPL) ...

May 14, 2021 · 1 min · 204 words · Micha Kops

Testing OpenAPI Swagger Schema Compliance with Java, JUnit and assertj-swagger

The OpenAPI and Swagger API description format are becoming important standards to specify API contracts for RESTful web services and the Microservices trend pushes the need for such contracts even further. Therefore arises the need for software architects, testers and developers to write tests to verify if an exposed API follows such a specified contract. In the following tutorial I will demonstrate a setup with Java, Maven, JUnit and the designated contract-testing-library, assertj-swagger that verifies the validity of such a contract exposed by a Spring Boot application against a local stored definition. ...

August 31, 2018 · 5 min · 871 words · Micha Kops

Creating Microservices with Bootique

When it comes to writing microservices in Java, plenty of tools and frameworks exist. In the following tutorial, I’d like to demonstrate another minimalistic framework called Bootique by implementing a simple microservice exposing its functions either as a RESTful web-service or as a runnable command executed using the command line. Bootique Command Line Dependencies Using Maven here, we’re adding the following elements to our project’s pom.xml: Bootiques Bill of Materials as dependency management: bootique-bom Bootique Jersey for our REST service: bootique-jersey Bootique Logback for logging: bootique-logback Maven Shade Plugin to assemble our fat-jar ...

September 18, 2016 · 6 min · 1070 words · Micha Kops

Continuous Delivery with GitHub Cloud and GitHub Pipelines

Atlassian has added a continuous integration service as a new feature to their GitHub Cloud product. It’s called GitHub Pipelines and it is similar to Travis CI for GitHub offering a nice integration for continuous integration/delivery pipelines for projects hosted on GitHub. It’s still in the beta phase and requires a sign-up but nevertheless I’d like to demonstrate the current state of this service and how easy it is to add scripted pipelines to a project. ...

July 1, 2016 · 4 min · 760 words · Micha Kops

Helm Snippets

Common operations Add Helm Repository helm repo add NAME URL e.g. for the Bitnami repository: helm repo add bitnami https://charts.bitnami.com/bitnami 1 ↵ "bitnami" has been added to your repositories List Repositories helm repo list 130 ↵ NAME URL bitnami https://charts.bitnami.com/bitnami Searching in a Helm Repository helm search repo wordpress NAME CHART VERSION APP VERSION DESCRIPTION bitnami/wordpress 15.2.30 6.1.1 WordPress is the world's most popular blogging ... bitnami/wordpress-intel 2.1.31 6.1.1 DEPRECATED WordPress for Intel is the most popu... ...

March 1, 2010 · 4 min · 697 words · Micha Kops

Kubernetes Snippets

Rerun existing completed Job kubectl replace deletes the old job, if there is any error, your job definition is lost, don’t forget to save it first! Replace an existing Job with itself kubectl get job JOBNAME -o yaml | kubectl replace --force -f - Sometimes there are errors importing the job template due to auto-generated labels or selectors .. a quick and dirty hack is to filter them out using jq ...

March 1, 2010 · 10 min · 1924 words · Micha Kops