Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Technology Short Take 160

Welcome to Technology Short Take #160! This time around, my list of links and articles is a tad skewed toward cloud computing/cloud management, but I’ve still managed to pull together some links on other topics that readers will hopefully find useful. For example, did you know about the secret macOS network quality tool? You didn’t? Lucky for you there’s a link to an article about it below. Read on to get all the details!


  • Ivan Pepelnjak tackles the “infrastructure-as-code is scary” mindset. (Related: see the first bullet in the “Career/Soft Skills” section below.)
  • Larry Peterson reflects on the evolution of TCP.
  • Vikas Choudhary discusses Istio’s Secure Naming; that is, the name given to services and the Subject Alternative Name (SAN) put on the X.509 certificates used in mTLS.



Cloud Computing/Cloud Management

Operating Systems/Applications

  • I loved this article by Lawrence Jones about how his organization tested and prepared for the impact of latency on their application. There’s some really good stuff in here.
  • Phil Stokes shares a few macOS “power tricks” for security pros.
  • Devbox looks insanely useful. I haven’t tried it yet, but do plan to try it out in the very near future.
  • Jean Yang opines that traffic-based tools leveraging eBPF are going to shake up the entire developer tools industry.
  • I should add this to my standard SSH bastion host OS image. (Also, I loved the story about the origin of the name.)
  • Here’s a walkthrough on using DNSCrypt on macOS.
  • Dan Petrov writes about the secret macOS network quality tool.
  • This article by Cecelia Martinez almost has me convinced I need to give the GitHub CLI a try (even though that is not the article’s primary purpose).



Career/Soft Skills

That’s it for this time around! If you have feedback for me—you want to suggest a new blog I should follow or check, or you have some constructive criticism that will help me make this site better—I’d love to hear from you. Feel free to reach out to me on Twitter, or find me in one of a number of different Slack communities (the Kubernetes and Pulumi Slack communities are good choices). Thanks for reading!

Referencing Configuration Values in Pulumi YAML

Lately I’ve been doing a fair amount of work with Pulumi’s YAML support (see this blog post announcing it), and I recently ran into a situation where I wanted to read in and use a configuration value (set via pulumi config). When using one of Pulumi’s supported programming languages, like TypeScript or Python or Go, this is pretty easy. It’s also easy in YAML, but not as intuitive as I originally expected. In this post, I’ll share how to read in and use a configuration value when using Pulumi YAML.

Configuration values are how you parameterize a Pulumi program in order to make it more flexible and reusable (see this page on configuration from Pulumi’s architecture and concepts documentation). That same page also has examples of using config.Get or config.Require to pull configuration values into a program (the difference between these two, by the way, is that the latter will prevent a program from running if the configuration value isn’t supplied).

In YAML, it’s (currently) handled a bit differently. As outlined in the Pulumi YAML reference, a Pulumi YAML document has four main sections: configuration, resources, variables, and outputs. At first, I thought I’d have to use the variables section along with the Fn::Invoke function, which allows users to “call” or “invoke” some sort of programmatic function, like looking up information from a provider or similar. There are other functions as well, like Base64 encoding or decoding.

As it turns out, though, it’s actually the configuration section that is what you need to read in and use a configuration value. This seems obvious now in retrospect, but it didn’t seem obvious at first. In my case, I wanted to read in and use a configuration value for the underlying provider, like the azure-native:location configuration value used by the Azure Native provider. Here’s what’s needed:

    type: String

Omitting a default: <some value> line from the stanza above, like I did, means that this is a required value (i.e., it is analogous to using config.Require in a programming language).

That’s only half the picture, though. To then later reference this value somewhere else, you use the standard Pulumi YAML interpolation syntax. Continuing the example of using the azure-native:location configuration value, here’s how you would reference that configuration value when creating an Azure resource group:

    type: azure-native:resources:ResourceGroup
      location: ${azure-native:location}
      resourceGroupName: scotts-rg

While this example shows using a provider configuration value (the azure-native:location value), it is equally applicable to any sort of configuration value you need to pass in and reference in a Pulumi YAML document.

I hope this proves useful to someone out there. If you have questions, feel free to reach out to me on Twitter, or come find me in the Pulumi community Slack.

Managing AWS Key Pairs with Pulumi and Go

As I was winding down things at Kong and getting ready to transition to Pulumi (more information on why I moved to Pulumi here), I casually made the comment on Twitter that I needed to start managing my AWS key pairs using Pulumi. When the opportunity arose last week, I started doing exactly that! In this post, I’ll show you a quick example of how to use Pulumi and Go to declaratively manage AWS key pairs.

This is a pretty simple example, so let’s just jump straight to the code:

_, err := ec2.NewKeyPair(ctx, "aws-rsa-keypair", &ec2.KeyPairArgs{
	KeyName:   pulumi.String("key-pair-name"),
	PublicKey: pulumi.String("<ssh-key-material-here>"),
	Tags: pulumi.StringMap{
		"Owner":   pulumi.String("User Name"),
		"Team":    pulumi.String("Team Name"),
		"Purpose": pulumi.String("Public key for authenticating to AWS EC2 instances"),
	if err != nil {
		return err

This code is, by and large, pretty self-explanatory. For PublicKey, you just need to supply the contents of the public key file (use cat or similar to get the contents of the file) where it shows <ssh-key-material-here>. Then specify an appropriate name and adjust the tags as desired. In this particular case, I’m “throwing away” the reference to the newly-created key pair (note the _, err := ec2.NewKeyPair; the underscore indicates I’m discarding that value) because I don’t need to refer to it anywhere else. If I did need to refer to it elsewhere (say, I was going to create a new key pair and launch an instance in the same Pulumi program), then I’d want to catch that return value.

For more information, the API docs for this resource are found here.

In the event you’re wondering how this snippet of code manages key pairs in multiple regions…well, that’s where stacks come into play. You can create multiple stacks for any Pulumi project (including this one), and each stack can target a specific AWS region. This is exactly the approach I’m using. For completeness’ sake, the process looks something like this:

  1. Run pulumi stack init to create a new stack. Specify the name of the new stack.
  2. Run pulumi config set aws:region <asw-region>, replacing <aws-region> with the name of the AWS region this stack should target.
  3. Run pulumi up and you’re good to go.

I hope this example is useful to someone. If you have any questions, feel free to reach out to me on Twitter or find me in the Pulumi community Slack (sign up for the Pulumi community Slack here if you don’t already have an account).

Technology Short Take 159

Welcome to Technology Short Take #159! If you’re interested in finding some links to articles around the web on topics like WASM, Git, Sigstore, or EKS—among other things—then you’ve come to the right place. I’ve spent the last few weeks collecting articles I think you’ll find useful, gleaning them from the depths of Twitter, RSS feeds, Reddit, and Slack. Enjoy, and never stop learning!




Cloud Computing/Cloud Management

Operating Systems/Applications

  • Felix Krause caused quite a stir with his revelation that a number of iOS apps are “able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.” More details are available here.
  • Leigh McCulloch shows how to push to multiple remotes at once.
  • And while we’re speaking of Git, Nick Janetakis shows how to use git shortlog to see all kinds of useful information about a repository.
  • This list of macOS defaults commands may be useful for those who like to tweak their systems.
  • This article by Jacob Davis-Hansson on how your Makefiles are wrong was informative. Some tips didn’t apply to me (not surprisingly, macOS is stuck with an old version of make), but I did learn a few things from the article.
  • Howard Oakley has a great article on macOS memory (as seen via Activity Monitor).



Career/Soft Skills

It’s time to wrap up now; I hope that you found something useful. If you have any feedback (all constructive feedback is welcome!), please feel free to reach out to me. You can find me on Twitter, or in any number of different Slack communities. Thanks for reading!

Jumping Off Cliffs

For quite a few years, I’ve had this desktop wallpaper that I really love. I don’t even remember where I got it or where it came from, so I can’t properly attribute it to anyone. I use this wallpaper from time to time when I want to be reminded to challenge myself, to learn new things, and to step outside of what is comfortable in order to explore the as-yet-unknown. Looking at this wallpaper on my desktop a little while ago, I realized that I may have started taking the inspirational phrase on this wallpaper for granted, instead of truly applying it to my life.

Here’s the wallpaper I’m talking about:

A person jumping off a cliff, with the text &ldquo;We have to continually be jumping off cliffs and developing our wings on the way down&rdquo;

To me, this phrase—illustrated so well by the wallpaper—means taking a leap into the unknown. It means putting yourself into a position where you are forced to grow and adapt in order to survive. It’s going to be scary, and possibly even a bit painful at times. In the end, though, you will emerge different than when you started.

It’s been a while since I did that, at least from a career perspective. Yes, I did change jobs a little over a year ago when I left VMware to go to Kong. If I’m honest with myself, though, Kong was the comfortable choice. (There’s nothing necessarily wrong with that, by the way.) I knew several of the people I’d be working with, the technology shift was incremental, and the job responsibilities were very familiar. In my opinion, the last “big shift” I made was joining Heptio in 2018.

It’s time for that to change. It’s time that I put myself in a position where I must change and grow in order to survive and flourish. It’s time to jump off a cliff and develop my wings on the way down. Starting next week, I am joining Pulumi on the Developer Relations team, working to help users be successful in putting Pulumi’s products and services to work solving their problems.

Why Pulumi? That’s a fair question!

  1. I believe there is real value in using a general-purpose programming language (as opposed to a domain-specific language, or DSL) for infrastructure-as-code use cases. Otherwise, we wouldn’t be seeing other projects like AWS CDK or CDK for Terraform.
  2. I belive that multi-cloud is real. Note that when I say “multi-cloud” I’m talking about using multiple cloud providers and services at an organizational level, not about spanning individual applications across multiple clouds. Organizations are going to naturally choose “best of breed” offerings, and that’s going to naturally lead them down the path of using multiple cloud providers and services.
  3. Put #1 and #2 together and you get Pulumi.

It doesn’t hurt that I’m a fan of Pulumi. I’ve been using it for several years; in fact, I even gave a presentation in 2020 at what I believe was Pulumi’s first-ever Cloud Engineering Summit. (See this GitHub repository for the presentation materials.) Over the last three years I’ve written about Pulumi several times here on the site (see here for a list of all the Pulumi-related articles I’ve published). I like using Pulumi, and I think that’s important.

Equally important—and pertinent to the title and introduction to this post—is that this is going to force me to grow and change. I’m looking forward to building out a new set of skills as I work with and among some amazing folks in the developer advocacy/developer relations space, and I anticipate that being immersed in general purpose programming languages like Golang all day long will force me to become more fluent and conversant in these languages. That, in turn, will draw me closer to a career goal I’ve had for a while of bolstering my programming/software development skills and experience. Finally, Pulumi has a broad number of providers for various services and platform; working with them will bring the opportunity to learn more about all these platforms and services. That’s three key areas of growth that I foresee, but I’m confident there will likely be more.

It is said that companies come and go, but people remain. Or, said another way, it’s the relationships you create over the years that really matter. I’ve been on some pretty amazing teams over the years, and my (former) team at Kong is one of them. I am excited about my new adventure at Pulumi—and looking forward to meeting the team I’ll be working with—but I will miss my team at Kong. I wish you all nothing but success!

As always, I remain available via Twitter (my DMs are open) and I am active in a number of different Slack communities (like the Pulumi Slack community, for example!). Please know that you are welcome to reach out to me anytime, and I look forward to continuing to serve the community.

Recent Posts

Technology Short Take 158

Welcome to Technology Short Take #158! What do I have in store for you this time around? Well, you’ll have to read the whole article to find out for sure, but I have links to articles on…well, lots of different topics! DNS, BGP, hardware-based security, Kubernetes, Linux—they’re all in here. Hopefully I’ve managed to find something useful for someone.


Revisiting X.509 Certificates in Kubeconfig Files

In 2018, I wrote an article on examining X.509 certificates embedded in Kubeconfig files. In that article, I showed one way of extracting client certificate data from a Kubeconfig file and looking at the properties of the client certificate data. While there’s nothing technically wrong with that article, since then I’ve found another tool that makes the process a tad easier. In this post, I’ll revisit the topic of examining embedded X.509v3 certificates in Kubeconfig files.


Posts from the Past, August 2022

I thought I might start highlighting some older posts here on the site through a semi-regular “Posts from the Past” series. I’ll start with posts published in the month of August through the years. Here’s hoping you find something that is useful (or perhaps entertaining, at least)!


Site Category Changes

This weekend I made a couple of small changes to the categories on the site, in an effort to make navigation a bit more intuitive. In the past, readers had expressed some confusion over the “Education” and “Explanation” categories, and—to be frank—their confusion was warranted. I also wasn’t clear on the distinction between those categories, so this post explains the changes I’ve made.


Using Default AWS Resources with Pulumi

Per the AWS documentation (although I’m sure there are exceptions), when you start using AWS you are given some automatically-created resources: a default VPC that contains public subnets in each availability zone in the region along with an Internet gateway and settings to enable DNS resolution. Most of the infrastructure-as-code tutorials that I’ve seen start with creating a VPC and subnets and gateway, but what if you wanted to use these default resources instead? I wasn’t really able to find a good walkthrough on how to do this, so this post provides some sample Go code you can use with Pulumi to identify these default AWS resources and use them.


Technology Short Take 157

Welcome to Technology Short Take 157! I hope that this collection of links I’ve gathered is useful to someone out there. In particular, the “Career/Soft Skills” section is a bit bigger than usual this time around, as is the “Security” section.


Network Programmability and Automation, Second Edition

In late 2015, I was lucky enough to be part of a small crew of authors who launched a new book project targeting “next-generation network engineering skills.” That book, Network Programmability and Automation, was published by O’Reilly and has garnered praise and accolades for tackling head-on the topics that network engineers should consider mastering as the field of network engineering continues to grow and evolve. I was excited about that announcement, and I’m even more excited to announce that the early release of the second edition of Network Programmability and Automation is now available!


Technology Short Take 156

Welcome to Technology Short Take #156! It’s been about a month since the last Technology Short Take, and in that time I’ve been gathering links that I wanted to share with my readers. (I still have quite the backlog of links to read!) Hopefully something I share here will prove useful to someone. Enjoy the links below, and enjoy your weekend!


Making Flatpak Firefox use Private Browsing by Default

In April 2021 I wrote a post on making Firefox use Private Browsing by default, in which I showed how to modify the GNOME desktop file so that Firefox would open private windows by default without restricting access to normal browsing windows and functionality. I’ve used that technique on all my Fedora-based systems since that time, until just recently. What happened recently, you ask? I switched to the Flatpak version of Firefox. Fortunately, with some minor tweaks, this technique works with the Flatpak version of Firefox as well. In this post, I’ll share with you the changes needed to make the Flatpak version of Firefox also use private browsing by default.


Git Difftool and Meld as a Flatpak

I’ve recently started migrating many of the applications on my Fedora 36 laptop to their Flatpak versions. For the most part, this has been pretty straightforward, although there isn’t really any method for migrating configuration and data. Today I ran into a problem with Meld, a graphical diff utility, and using it with the git difftool command. Below I’ll share how I worked around this problem.


Technology Short Take 155

Welcome to Technology Short Take #155, just in time for the 2022 Memorial Day holiday weekend! (Here in the US, at least.) I mean, don’t you want to spend this weekend catching up on some technology-related articles instead of cooking on the grill and gathering with friends and family? I certainly hope not! Still, for those who need a little technology fix over the weekend, hopefully I’ve included something useful in the list of articles below. Enjoy!


Fine-Tuning Control Plane Access with Cluster API

When Cluster API creates a workload cluster, it also creates a load balancing solution to handle traffic to the workload cluster’s control plane. This is necessary so that the control plane endpoint is decoupled from the underlying control plane nodes (which facilitates scaling the control plane, among other things). On AWS, this mean creating an ELB and a set of security groups. For flexibility, Cluster API provides a limited ability to customize this control plane load balancer. In this post, I’ll show you how to use this functionality to fine-tune access to a workload cluster’s control plane when using Cluster API with AWS.


Technology Short Take 154

Welcome to Technology Short Take #154! My link of links and articles from around the Internet is a bit light on networking and virtualization this time around, but heftier in the security, cloud, and OS/application sections. I hope that I’ve managed to include something that you’ll find useful. Enjoy the content!


Technology Short Take 153

Welcome to Technology Short Take #153! My personal and professional life has kept me busy over the last couple of months, so things have been quiet here on the blog. I’ve still been collecting links to share with you, though, and here’s the latest collection. I hope you’re able to find something useful here!


Technology Short Take 152

Welcome to Technology Short Take #152! Normally I’d publish a Technology Short Take in the morning on a Friday, but I really wanted to get this one out so I’m making it live late in the day on a Monday. Here’s hoping I’ve included some content below that you find useful!


Older Posts

Find more posts by browsing the post categories, content tags, or site archives pages. Thanks for visiting!