Technology Short Take 193

Welcome to Technology Short Take #193! I know it has only been a couple weeks since the last Tech Short Take, but I am guessing that readers won’t really mind another one. Here is my latest collection of articles and posts about data center-related technologies. Enjoy!

Networking

• Brian Linkletter shares his 2026 list of network simulators and emulators. (Hat tip to Ivan P. for the link.)
• Emmanuel Vitus brings to light a battle over IPv4 address space and the control of the regional internet registries.
• Doug Dawson discusses the recent FCC ban on consumer-grade routers and the potential impacts to industry and ISPs.

Servers/Hardware

• RIP Mac Pro. I had a “classic Mac Pro” (2012 era) for a long time, and I loved that system. (I even ran Linux on it for a while.) It is a shame to see it go.
• I mentioned on social media (Mastodon/Bluesky) that I recently purchased all the hardware for a new PC build. It’ll be part PC/part home server, as I look to expand the type and scope of services that I self-host. Don’t be surprised if a few articles emerge out of this.

Security

• Trivy’s GitHub Actions were compromised by attackers, leading to the exposure of CI/CD secrets. This post on the Socket blog has more details, and Rose Security has a write-up that provides more details on how a typosquatted domain and a fake version tag were involved.
• At least one other software supply chain exploit has been tracked back to the Trivy compromise: the Python litellm module on PyPI steals credentials.
• The Docker side of the Trivy compromise is shared in detail in this Docker blog post.

Cloud Computing/Cloud Management

• Looking for some help in migrating away from Ingress-NGINX? This announcement of Ingress2Gateway 1.0 might be just what you are seeking.
• The FluxCD team published a post discussing Morgan Stanley’s “Stairway to GitOps” presentation, which describes the firm’s five-year journey from push-based pipelines to a self-service GitOps platform.
• Although I am not an AI fanboy, I do recognize that LLMs can offer value in a variety of areas, and so exploring the utility of local LLMs is something of a side project of mine. As a result, this article on using the Terraform MCP with a local LLM was of interest to me.
• InfraKitchen kind of feels like “Backstage for Terraform.”
• I’ve been talking about KISS versus DRY in IaC for a while now, but Rose Security unpacks KISS versus DRY in IAC so much more elegantly than I can.
• I am apparently behind the times, as it was just this past week that I learned about waypoint proxies in Istio ambient mode. John Howard has a “waypoint proxies the hard way” tutorial that might prove useful if you’re interested in learning more.

Operating Systems/Applications

• Akkana Peck shares how it was an HDMI connection that was causing USB errors in the dmesg log.
• Terence Eden re-affirms that is 100% OK to wait on AI.
• And while I am on the topic of AI, I enjoyed this article explaining some of the rational reasons people may resist AI (and other modern technologies).
• Samuel Karp shares a little bit of the reasoning behind the move to annual LTS releases of containerd.
• Bcachefs is out of the Linux kernel and moving to DKMS.
• This tale of fixing eBPF spinlock issues in the Linux kernel is a long and detailed read—but interesting! I didn’t understand all the code, but I still enjoyed reading about the journey of finding the root cause(s) and addressing them.
• William Collins introduces gridctl, a tool for managing MCP configurations.
• Andre Garzia shares why Apple lost them as a customer. This is just a continuation of trends that have been around for some time—as far back as 2012 when I first discussed leaving OS X (as macOS was known then). It is also why the majority of my time is spent on Linux now (I use Ubuntu at work and Arch Linux BTW on my personal systems).

Storage

• Frank Denis has a good article on options for full disk encryption on Linux.

Programming/Development

• Markus Unterwaditzer shares how to move from GitHub to Codeberg. I stop relying on GitHub alone some time ago, although many of my repositories/projects are still there just for accessibility.

Virtualization

• Looking for a few weekend home lab experiments?
• William Lam explains how to create custom Virtual Machine Classes using an updated to the vSphere Automation REST API.

That’s all for this time around. I hope you found something useful! I am always open to hearing from readers, so I invite you to contact me—I am available on social media (Bluesky, Mastodon, and X/Twitter), and you can find me in some Slack communities (the Kubernetes Slack instace is one notable example). My email address also is not hard to find. I’d love to hear from you!

Talking About Pulumi and Network Automation

Heard about Pulumi, but aren’t sure what it is? Maybe you know a little bit about Pulumi—like that it does infrastructure as code (IaC), but using general purpose programming languages—and you’re wondering where it fits in a larger automation framework? Or maybe you’re a network engineer just starting to dabble in network automation, and you’re wondering if this Pulumi thing is something you should check out. If any of these apply to you, then the latest Network Automagic podcast episode is right up your alley.

I recently had the opportunity to join Steinn Bjarnarson and Urs Baumann for an episode of Network Automagic. The focus of our discussion—although I will say we diverged a bit here and there—was on Pulumi, what it is, and whether it fits into a larger network automation framework. After all, if you can use general purpose programming languages like Python with Pulumi, why not just use Pulumi in a Python program that also does network automation stuff?

All in all, recording the podcast with Steinn and Urs was great fun, and I hope that the final product ends up being helpful for folks. There’s a variety of ways to listen in on the episode:

Via the Network Automagic web site

Via the Network Automagic channel on YouTube (here is a link to the specific episode)

Via Spotify

Via Apple Podcasts

As you can see, there are plenty of options to listen (and a few that I didn’t include—check the Network Automagic web site for more!). Thanks to Steinn and Urs for having me on the show!

Technology Short Take 192

Welcome to Technology Short Take #192! Who’s interested in some links to data center technology-related articles and posts? If that’s you, you’re in the right place. Here’s hoping you find something useful!

Networking

• Interested in an autonomous network engineering agent powered by Claude? (Hat tip to Russ S. for sending this my way.)

Security

• Google’s Threat Intelligence Group recently published some details around Coruna, an iOS exploit kit targeting a range of iOS versions and equipped with a number of potential exploits.
• As an example of one of the challenges around “default” secuity settings, Rory McCune highlights the fact that MicroK8s does not enable role-based access control.
• Bryce Kerley explains Web PKI—the infrastructure that powers secure connections on the modern Web.
• Mike Masnick writes about the massive surveillance stack hiding inside the “age verification” checks.

Cloud Computing/Cloud Management

• I’ve had this article on AWS Lambda for the containers developer sitting in my read queue since first publication in 2023. (Sorry, Massimo.) I finally got around to reading it—really reading it, not just skimming it—and I found it to be helpful in helping me get a better grasp on Lambda.
• The AWS Load Balancer Controller recently gained support for Kubernetes Gateway API. This allows Kubernetes administrators to use AWS ALBs or NLBs for Gateway resources, and eliminates annotation-based configuration in favor of Custom Resource Definitions (CRDs).

Operating Systems/Applications

• While using containers is certainly a step forward in securing autonomous agents—such as what NanoClaw is doing—I don’t think it’s enough on its own. Helpful, yes, but there is still more to do. Am I wrong?
• Does Gentoo’s migration from GitHub to Codeberg—obstensibly due to Microsoft’s AI emphasis—signal a turning point?
• The recent announcement of a partnership between Motorola and GrapheneOS opens the possibility for the privacy-focused smartphone OS to arrive on new hardware platforms.
• Although some sites are sensationalizing early news about Windows 12 (in particular, how much of the OS will be subscription-based), the PC World article that appears to be the source for these sites paints a different picture.
• Tara Tarakiyee says it’s not about “the year of the Linux desktop,” it’s about the decade of Linux.
• KubeSimplify introduces ing-switch, a tool to assist in migrating away from Ingress NGINX to Traefik or Gateway API.
• The fmd command-line tool provides an way to find Markdown files based on metadata. I’ve been looking for something like this!
• Nick Janetakis has a shell alias for getting outdated packages across distributions (Arch, Debian, and macOS+Homebrew).

Programming/Development

• I was recently introduced to ast-grep (website, GitHub repository), a CLI tool that leverages the abstract syntax tree (AST) of code to allow users to find (and potentially change) values in code without great effort and at scale. I am not a programmer by trade so I do not have any immediate use cases, but there is one use case that I am exploring (if it works out, it will be the topic of a future blog post). Here is one example of what you can do with ast-grep.
• Datadog reviews how they reduced the size of their Agent Go binaries by 77%.
• Andrew Nesbitt makes the assertion that package registries are more than just infrastructure—they are also governance.
• Via Chris Short, I noted the OSI has adopted SPDX IDs for open source license URLs. (By the way, Chris’ DevOps’ish newsletter is outstanding—highly recommended.)
• David Anderson shares some thoughts on LLM coding. One quote really stood out to me: “The psychology of LLMs use worries me deeply. It’s a system that could not be better designed to encourage harmful behaviors if you tried, because it mixes a couple of very potent psychological traps. And it’s further being pushed by a large amount of venture money, and being co-opted by grifters with vested interests.”
• Leonardo de Moura argues for the need for formal verification of AI-written software.

Career/Soft Skills

• A colleague (thanks James L.!) shared this rather long essay on generative AI with me. While the article is a lengthy read, it really resonated with me. I am including it here in this situation because so much of the discusion in the article relates to our careers and how we view our work.
• These two articles (part 1, part 2) paint a not-rosy picture of the future should AI have the impact people are saying (hoping?) it will have. (Hat tip to Michael K for the link.)

That’s all I have for now. I love to hear from readers, so feel free to reach out and say hi! You can find me on X/Twitter, Mastodon, and Bluesky. My email address isn’t hard to find, so you also have the option of sending me a message that way. Thanks for reading!

Using Mitmproxy to Observe kubectl Traffic

When I first started learning Kubernetes, I had the idea that observing the network traffic between a client system using kubectl and the Kubernetes API Server would be a useful thing to do. The source of the idea is unclear; I am unsure why I thought this would be useful as a learning tool. Regardless, I continued on with learning Kubernetes and never really pursued this idea—until this week. I found it can be a useful troubleshooting technique, but I will leave it up to you to determine if it is a useful learning technique. In this post, I will show you how to observe kubectl traffic using mitmproxy.

This technique is inspired by/informed by Ahmet Alp Balkan’s similarly-named blog post from 2019. Unfortunately, I found the instructions there to be incomplete (most likely just due to the passage of time and continued evolution of the tools involved).

I used the following tools and environments in my testing:

• The tests were conducted on a Linux system running Ubuntu 24.04.4. The commands should work similarly on macOS.
• Mitmproxy was installed from the Ubuntu repositories using apt.
• kubectl version 1.33.3 was used to communicate to a self-managed cluster on AWS (in other words, not Amazon EKS) running Kubernetes 1.32.9. The cluster was bootstrapped using kubeadm. I wouldn’t expect any major/significant differences with other versions of kubectl or Kubernetes.
• I was using a client certificate to authenticate to Kubernetes. It’s unclear to me how this might work—if it works at all—with alternate authentication mechanisms.

Prepare Client Certificates

Before you can start mitmproxy, you’ll first need to extract the client certificates from the Kubeconfig file. A couple of ways exist to do this; a blog post of mine from 2022 contains what I believe is the easiest way. The method involves yq (to extract information from the Kubeconfig) and base64 (to decode the client certificate and client key). Refer to the linked blog post for full details.

1. First, extract the client certificate (adjust the users[0] as needed based on the Kubeconfig file):

   yq '.users[0].user.client-certificate-data' < kubeconfig | base64 -d >> client-cert.pem
   

2. Next, extract the client key:

   yq 'users[0].user.client-key-data'< kubeconfig | base64 -d >> client-cert.pem
   

Running Mitmproxy and Watching Traffic

Now that you have the client certificate and key in hand, you’re ready to launch mitmproxy and observe some traffic. Mitmproxy requires a few specific configuration flags for this use case:

• You’ll need to disable HTTP/2 support with --set http2=false.
• Mitmproxy must be configured with the client certificate you extracted above (using --set client_certs=client-cert.pem).
• In this particular case, since the cluster CA isn’t trusted, mitmproxy also has to be told not to verify the upstream certificate with --set ssl_insecure=true.

Putting all this together, the full command looks like this:

mitmproxy -p 5000 --set ssl_insecure=true --set http2=false --set client_certs=client-cert.pem

Then, in a separate window, run your kubectl command:

HTTPS_PROXY=:5000 kubectl get po -A --insecure-skip-tls-verify

You should see the traffic pop up in the window running mitmproxy, and can review the traffic flow(s) in detail.

As explanation: the HTTPS_PROXY part redirects traffic through the instance of mitmproxy you just launched, and --insecure-skip-tls-verify tells kubectl not to verify the upstream certificate—which it can’t do because it’s seeing mitmproxy’s certificate, not the cluster’s certificate.

There you go—now you can observe traffic between kubectl and the Kubernetes API server. As I mentioned at the start of this post, this technique is useful for troubleshooting. I did not find it useful as a learning tool, but others might.

I hope you find this useful. Thanks to Ahmet for setting me down the right path! If you have questions, feel free to reach out. I’m available on social platforms (X/Twitter, Mastodon, Bluesky, and LinkedIn), or you can drop me an email. I’d be happy to help if I’m able.

Running the Azure CLI in a Container

Like perhaps some readers, I am quite particular about what gets installed on my systems. I try to keep my systems as “clean” as possible, doing my best to avoid tools that have an extensive list of dependencies that must be installed and updated. Where that isn’t possible—such as with the Azure CLI, which has a massive number of Python modules that are required in order for the tool to function—I will use various isolation mechanisms. For the Azure CLI, that’s typically been a Python virtual environment. Somewhat recently, though, I had an idea to try using a container. In this post, I’ll share what worked and what did not work when trying to run the Azure CLI in a container.

First, though, a disclaimer: I am not an Azure expert, nor am I a Python expert. I know enough to get by. If I share something here that’s incorrect, please contact me and constructively show me my errors so that I can fix them.

Before I started down this path, I was sure this would be a slam dunk. I mean, this is what containers are for, right? If you do some web searches for running the Azure CLI in a container, you’ll find articles that give you this command line:

docker run -it mcr.microsoft.com/azure-cli

(Note that this assumes you are using Docker instead of something like Podman.)

This does work, as long as you’re willing to operate in an interactive shell in the container. I was looking for something a bit different: I wanted to create an alias for az that executed the container in my current shell instead of putting me into a separate shell inside the container. Something like this, for example:

alias az="docker container run --rm mcr.microsoft.com/azure-cli az"

I quickly found that you need to map in your Azure configuration directory from outside the container, or your configuration won’t persist. (In theory you could remove the --rm parameter and keep the container around.) Now the docker command in your alias starts to look like this:

docker container run --rm -v ${HOME}/.azure:/root/.azure mcr.microsoft.com/azure-cli az

Oh, you need access to your SSH keys? You’ll have to map those in, too:

docker container run --rm -v ${HOME}/.azure:/root/.azure \
-v ${HOME}/.ssh:/root/.ssh mcr.microsoft.com/azure-cli az

Except that then I remember that I am running as root in the container, and so any files created by the Azure CLI will be owned as root outside the container, too. No worries; I’ll just run it as a different user ID. Unfortunately, that involves building and maintaining my own container image to specify that the Azure CLI should run as something other than root. At this point, you’ll likely come to the same conclusion I did, and decide that a Python virtual environment is fine.

I was about to classify this experiment as “Death by a Thousand Cuts”, because every time I turned around I was finding some annoyance or blocker caused by Docker and containers. And then I remembered Distrobox.

Distrobox uses a container, but the container is “tightly integrated” with the host. For example, a Distrobox container shares the home directory of the user. For this use case, this makes the situation appreciably simpler—I no longer need to map in volumes for the Azure configuration or for my SSH keys.

Getting this working with Distrobox was only a few steps:

1. Create a new Distrobox container (I chose to use Debian 13):

   distrobox create -n azcli -i debian:13
   

2. Enter the new container with distrobox enter azcli and install a few tools. (This is one oddity of Distrobox: it will use the ~/.bashrc from your host, which may references tools that don’t exist in the container. In my situation, I needed to install Starship and a few command-line tools.)

3. Install the Azure CLI in the Distrobox container by following the Linux installation instructions. (One side note here: I chose Debian 13, but technically Debian 13 isn’t yet supported.)

4. In the Distrobox container, export the Azure CLI so it is accessible from the host system:

   distrobox-export -b /usr/bin/az
   

If you omit step 4, then you are sort of back to where I was earlier in this article—you’ll enter the Distrobox container and run the az commands from a separate shell. However, once you complete step 4 (which is done from within the Distrobox container), then on the host you will run az. That’s it! All of the files, all the dependencies, etc., are all stored in the Distrobox container. Your system remains “clean.”

Wrapping Up and Additional Resources

After trying to use a “standard” Docker container, I was convinced that trying to run the Azure CLI in a container was more work than just falling back to a plain old Python virtual environment. With Distrobox, though, it’s a piece of cake! Just create the Distrobox container, install the Azure CLI, export it, and you’re done.

I hope you’ve found this article helpful. I encourage you to check out Distrobox, either via the Distrobox web site or via the GitHub repository. Feel free to find me online (X/Twitter, Mastodon, Bluesky, or LinkedIn) and let me know what sort of cool things you end up doing with Distrobox!

Technology Short Take 191

Welcome to Technology Short Take #191! This is my semi-regular collection of links related to technology disciplines, including networking, security, cloud computing, storage, and programming/development. I hope that I’ve managed to curate an interesting and useful set of links for readers. Enjoy!

Technology Short Take 190

Welcome to Technology Short Take #190! This is the first Tech Short Take of 2026, and it has been nearly three months (wow!) since the last one. I can’t argue that I fell off the blogging bandwagon over the end of 2025 and early 2026. I won’t get into all the reasons why (if you’re interested then feel free to reach out and I’ll fill you in). Enough about me—let’s get to the technical content! Here’s hoping you find something useful.

Setting up a VPC Route Server with Pulumi

If you need to work with BGP in your AWS VPCs—so that BGP-learned routes can be injected into a VPC route table—then you will likely need a VPC Route Server. While you could set up a VPC Route Server manually, what’s the fun in that? In this post, I will walk you through a Pulumi program that will set up a VPC Route Server. Afterward, I will discuss some ways you could check the functionality of the VPC Route Server to show that it is indeed working as expected.

Technology Short Take 189

Welcome to Technology Short Take #189, Halloween Edition! OK, you caught me—this Tech Short Take is not scary. I’ll try harder next year. In the meantime, enjoy this collection of links about data center-related technologies. Although this installation is lighter on content than I would prefer, I am publishing anyway in the hopes of trying to get back to a somewhat-regular cadence. Here’s hoping you find something useful and informative!

Posts from the Past, October 2025

Every now and then, I publish one of these “Posts from the Past” articles that looks back on content I’ve created and posted over the life of this site. This year marks 20 years of content—I can hardly believe it! Don’t worry, though; you won’t have to go through 20 years of past posts. Here is a selection of posts from mid- to late October over the last decade or so. I hope you find something useful, informative, or at least entertaining!

Using Git Pre-Commit Hooks

A while ago I wrote an article about linting Markdown files with markdownlint. In that article, I presented the use case of linting the Markdown source files for this site. While manually running linting checks is fine—there are times and situations when this is appropriate and necessary—this is the sort of task that is ideally suited for a Git pre-commit hook. In this post, I’ll discuss Git pre-commit hooks in the context of using them to run linting checks.

Technology Short Take 188

Welcome to Technology Short Take #188! I’m back once again with a small collection of articles and links related to a variety of data center-related technologies. I hope you find something useful!

Networking

• Scott Hogg discusses using dual-stack network configurations on your DNS name servers as part of an overall IPv6 deployment plan.
• Leon Adato explains why knowing what’s under the hood helps when it comes to networking telemetry.
• Via Ivan Pepelnjak, I found Suresh Vina’s article on using netlab to build network labs.

Security

• The use of malicious software packages continues to be a vector for attacks; here’s the latest discovery of malicious Go and npm packages.
• James Kettle explains why HTTP/1.1 must die.
• Gary Marcus and Nathan Hamiel discuss why the combination of LLMs plus coding agents has the potential to result in a security nightmare.
• Weaponized RAR files are delivering a backdoor to Linux systems using only a filename—more details in the linked article.
• WhatsApp patches a zero-click exploit targeting iOS and macOS devices. I don’t use WhatsApp, but I know lots of folks that do (it’s especially popular among my international friends). If you’re a WhatsApp user, be sure to update.
• More software supply chain attacks, this time targeting CrowdStrike’s npm packages, have been observed as part of a larger campaign known as “Shai-Hulud.”

Cloud Computing/Cloud Management

• Mike Roberts explains why you probably don’t want to use AWS’ new GitHub Actions Lambda Deployment action.
• What would you do if AWS deleted your account and all your data?
• AWS has finally released universal macOS installers for the AWS CLI.

Operating Systems/Applications

• Adam Thompson shares how to improve Logitech MX Master 3 mouse support on Arch Linux.
• Mitchell Hashimoto shares some lessons learned when they rewrote the Ghostty GTK application.
• Some of the creators of Open Policy Agent (OPA) are joining Apple. Interesting.
• Simon Späti shares details on their journey from macOS to Arch Linux with Omarchy.
• Here is a useful post on systemd service hardening.
• The details of this post on Apple’s new Memory Integrity Enforcement (MIE) are a bit beyond me, I’ll be honest. I’m of two minds on the new technology. On one hand, it’s nice to see progress at fixing memory safety-related bugs and exploits. On the other hand, this progress could only be achieved, as the article states, through combining “the unique strengths of Apple silicon hardware with our advanced operating system security.” In other words, more tightly coupling the hardware and the OS.

Programming/Development

• Go has changed the way the language handles GOMAXPROCS in the 1.25 release.

Virtualization

• In advance of VMware Explore 2025—which apparently is/was this week in Las Vegas—William Lam shares an update on the nested ESXi 8.0 and ESXi 9.0 virtual appliance.

Career/Soft Skills

• Ashley Willis talks about the value and importance of the quiet season. I particularly found this sentence applicable to my own life: “So yes, I’m writing again. And maybe I’m less ’everywhere’ than I used to be. But I’d rather show up less often and have something worth saying than burn myself out trying to convince the world I’m still here.” Well said, IMO.
• All too true.
• I don’t know if I would go so far as to say I am an AI hater, but I am most definitely opposed to AI in its current form. (I don’t even like calling it “AI” when it’s really nothing more than a statistical model for putting words together. But that’s another discussion for another day…) As the author says, being a hater is a “kind of integrity” all its own—so I say, if you’re an AI hater, don’t be afraid to say so.

It’s time to wrap up now—but don’t be sad, I’ll be back soon with more content. In the meantime, if you’d like to reach out to me to provide some feedback on this article or any article, I’d love to hear from you! Feel free to contact me via Bluesky, via Mastodon, via X/Twitter, via Slack (I frequent a number of different communities, including the Kubernetes Slack instance) or even via email. Thanks for reading!

Creating a Talos Linux Cluster on AWS with Pulumi, 2025 Edition

A little over two years ago, I wrote a post on creating a Talos Linux cluster on AWS using Pulumi. At the time of that post, the Pulumi provider for Talos was still a prerelease version. Since then, the Talos provider has undergone some notable changes necessitating an update to the example code I have on GitHub. For your reading pleasure, therefore, I present you with the 2025 edition of a tutorial for using Pulumi to create a Talos Linux cluster on AWS.

Technology Short Take 187

Welcome to Technology Short Take #187! In this Technology Short Take, I have a curated collection of links on topics ranging from BGP to blade server hardware to writing notes using a “zettelkasten”-style approach, along with a few other topics thrown in here and there for fun. I hope you find something useful!

Technology Short Take 186

Welcome to Technology Short Take #186! Yes, it’s been quite a while since I published a Technology Short Take; life has “gotten in the way,” so to speak, of gathering links to share with all of you. However, I think this crazy phase of my life is about to start settling down (I hope so, anyway), and I’m cautiously optimistic that I’ll be able to pick up the blogging pace once again. For now, though, here’s a collection of links I’ve gathered since the last Technology Short Take. I hope you find something useful here!

Bootstrapping Dual-Stack Kubernetes on Flatcar with Kubeadm

Recently I needed to be able to stand up a dual-stack (IPv4/IPv6) Kubernetes cluster on Flatcar Container Linux using kubeadm. At first glance, this seemed like it would be relatively straightforward, but as I dug deeper into it there were a few quirks that emerged. Given these quirks, it seemed like a worthwhile process to write up and publish here. In this post, you’ll see how to use Butane and kubeadm to bootstrap a dual-stack IPv4/IPv6 Kubernetes cluster on AWS.

Technology Short Take 185

Welcome to Technology Short Take #185, the first of 2025! I’m excited for the opportunity to continue to bring readers articles and links of interest across data center- and cloud-related technologies (along with some original content along the way). I had originally intended for this post to be my last post of 2024, but personal challenges got in the way. Enough of that, though—on to the content!

Using Multiple AWS Regions with Pulumi and S3 Backend

For a while now, I’ve been using Direnv to manage environment variables when I enter or leave certain directories. Since I have to work with more than one AWS account, one of the use cases for me has been populating AWS-specific environment variables, like AWS_REGION or AWS_PROFILE. This generally works really well for me, but recently I ran into a bit of a corner case involving multiple AWS regions, Pulumi, and using S3 as the Pulumi backend. In this post, I’ll share the workaround that allows this configuration to work as expected.

Technology Short Take 184

Welcome to Technology Short Take #184! This Tech Short Take is a bit shorter than the usual ones, but then again this week—at least in the US—is a bit shorter than most weeks due to the Thanksgiving holiday. Even so, I hope that I’ve managed to include some information that folks find useful. Also, thanks to some feedback from readers, I’ve tried hard to ensure that links are more descriptive and informative than they’ve sometimes been in the past; let me know how I did. Now, on to the content!

EKS, Bottlerocket, and Cilium with Pulumi

In late 2023, I added some Go code for use with Pulumi to stand up an Amazon Elastic Kubernetes Service (EKS) cluster “from scratch,” meaning without using any prebuilt Pulumi components (like the AWSX VPC component or the EKS component). The code is largely illustrative for newer users, written to show how to stitch together all the components needed for an EKS cluster. In this post, I’ll show you how to modify that code to use Bottlerocket OS as the node OS for your EKS cluster—and share some information on installing Cilium into (onto?) the cluster.

• Technology Short Take 183 4 Oct 2024
• Technology Short Take 182 6 Sep 2024
• Preloading Extra Images with Kubernetes Image Builder 30 Aug 2024
• Storing Pulumi State in the Project Directory 23 Aug 2024
• Review: Lenovo ThinkPad X1 Carbon Gen11 21 Aug 2024
• Technology Short Take 181 16 Aug 2024
• Using SOPS with Pulumi 14 Aug 2024
• Bootstrapping Talos Linux over SSH 5 Aug 2024
• Using Vale to Improve my Writing 29 Jul 2024
• Technology Short Take 180 26 Jul 2024
• Using a Git Commit Template 15 Jul 2024
• Technology Short Take 179 28 Jun 2024
• Technology Short Take 178 31 May 2024
• Endpoint Selectors and Kubernetes Namespaces in CiliumNetworkPolicies 30 May 2024
• Getting Barrier Working Between Arch Linux and Ubuntu 29 May 2024
• Technology Short Take 177 17 May 2024
• Tracking EC2 Instances used by EKS with AWS CLI 17 Apr 2024
• Tracking ENIs used by EKS with AWS CLI 15 Apr 2024
• Technology Short Take 176 15 Mar 2024
• Linting your Markdown Files 1 Mar 2024
• Technology Short Take 175 23 Feb 2024
• Technology Short Take 174 9 Feb 2024
• Using NAT Instances on AWS with Pulumi 5 Feb 2024
• Using SSH with the Pulumi Docker Provider 22 Jan 2024
• Technology Short Take 173 19 Jan 2024
• Technology Short Take 172 5 Jan 2024
• Selectively Replacing Resources with Pulumi 3 Jan 2024
• Dynamically Enabling the Azure CLI with Direnv 18 Dec 2023
• Conditional Git Configuration 15 Dec 2023
• Automatically Transforming Git URLs 11 Dec 2023