Thomas Kooi's blog

Automating code review with reviewdog
Using reviewdog to assist with golang code review on Gitlab

Your time spend on code review should be optimized as much as possible. Automation is something that can help you with this, and detecting security bugs within go code can be done using tools such as gosec. This post looks into configuring reviewdog to assist in gitlab merge request reviews using tools such as gosec.

Gitlab CI
Running Kubernetes on Gitlab CI
Running a Kubernetes cluster in your Gitlab CI jobs

When you work on infrastructure, develop helm charts or simply want you run your tests in a more production like environment, running Kubernetes on your Gitlab CI may a good fit for you. Luckily, it’s only a little bit of configuration to set-up!

Kubernetes Gitlab CI k3s kind
ModSecurity with ingress-nginx
Making use of ModSecurity WAF in the ingress-nginx

This post is about enabling the ModSecurity feature for ingress-nginx in practice.

ModSecurity is an open source web application firewall (WAF). It can help you provide an additional layer of security in front of your application. I will leave the the what and how on usnig a WAF for others to talk about (there quite a few good blog posts available on the web on this topic), and this post will soley focus on enabling the functionality in ingress-nginx.

Kubernetes Nginx Security WAF
Setting up Linkerd
Installing Linkerd2 into an existing Kubernetes Cluster

One awesome tool that I got to learn a great deal more about during KubeCon EU is Linkerd 2. It’s simple to use and looks really promising. This post is about setting it up and the things I encountered during that process.

Kubernetes Linkerd Service Mesh
Distributed storage on Kubernetes using Rook
Solving state using rook

The past few months I’ve heavily invested into learning Kubernetes. So far, I’ve loved every part of it. At work I am constraint at the environments we run our systems in. We’re not able to move to the public cloud for various reasons, and do not have any persistent storage available through an API that can be easily mounted and controlled using a storage plugin / driver. So I started browsing around.

Kubernetes Rook Storage
Using Packer for faster provisioning
Speeding up the provisioning process by installing things ahead of time

I have various Terraform modules for many purposes and often they end up using CentOS with a Docker install script. While demoing something to a co-worker, we had to wait ~7 minutes for a Terraform apply it to finish with an install script. This should be a lot faster, so I sat down this sunday and looked into Packer.

DigitalOcean Packer Terraform
Docker Swarm log collection
Docker swarm services log collection using Logspout

There are many solutions for performing log collection or log management. Personally I’ve got experience with using the ELK stack. So this post will focus on ELK with Logspout for log collection.

Docker Swarm mode Logspout
How to upgrade a Docker Swarm Mode cluster
Upgrade the Docker engine on a a Docker Swarm mode cluster without downtime

Here’s how to upgrade Docker in a Swarm mode cluster without cluster down time.

Docker Swarm mode
Project: Terraform Swarm mode cluster
Using Terraform to provision a swarm cluster on DigitalOcean

I recently started playing around with Terraform. Since I often manually spin up a couple of droplets on DigitalOcean to set up a Swarm mode cluster to try out some projects or set ups, I figured I should put all of that into code as my first Terraform project. I created a Terraform module for provisioning a basic Swarm mode cluster during this project. Ideal for labs or development clusters.

Terraform Orchestration DigitalOcean Swarm mode