Logs
Cross-account image pulls with Amazon ECR pull-through cache
2023-Dec-15 • by David Norton
Amazon ECR's pull-through cache feature is a helpful tool to allow usage of public image repositories while buffering your system from unexpected downtime.
However, we ran into an issue because our artifacts (ECR images) were stored in a different AWS account than our compute (Kubernetes nodes).
Terraform module versions do not get pinned by lock file
2023-Apr-25 • by David Norton
Like Terraform providers, modules support a version range. Unlike providers, they do not get pinned by the
.terraform.lock.hcl file.
Terraform modules are opinions
2022-Nov-12 • by David Norton
If you don't have an opinion, don't distribute a module.
Ditch those static CI credentials! The beauty of dynamic cloud credentials for your pipelines using OIDC
2022-Jun-21 • by David Norton
Rather than manage static AWS credentials for your CI pipelines, use dynamic credentials via the GitLab OIDC provider.
Use yq to parse, filter, and generate YAML
2022-Mar-16 • by David Norton
yq is a handy tool for manipulating YAML.
Just say no to :latest
2022-Mar-02 • by David Norton
Don't specify latest in your Dockerfile! Or anywhere else! Do you want to live in a van down by the river?
Run a Tailscale VPN relay on ECS/Fargate
2022-Feb-22 • by David Norton
This is the first of our client logs, describing a problem encountered by a client, and a solution we helped design and deliver.
Today we'll describe how we used Tailscale and ECS to help our client build an inexpensive, simple VPN solution.