[{"content":"What changed in this release The newly built Vagrant box uses Virtualbox instead of VMWare Fusion since Virtualbox is now supported on ARM64 architecture - I just was not aware of this. Kubernetes is now upgraded to version 1.35.0 and the base OS is now also upgraded to Fedora 43 Deprecated assign_static_ip_address script since this issue is now no longer faced after switching to Virtualbox and was a workaround to ensure that the machines will get the correct assigned IP addresses from the Vagrantfile. local-path-provisioner is now upgraded to v0.0.34 and the image tag adheres to the image resolution rules. Use cases with Argocd You can enable gitops by forking the homelab repo and kustomize build . | kubectl apply --server-side -f -. Application definitions can be added to applications directory (When you apply the kustomization, this enables argocd to manage itself). TODOs and blah Need to work on CI (Be that directly Github Actions or with Dagger within Github Actions to make it agnostic). Gateway API (The used nginx ingress controller will be deprecated anyways). ","permalink":"https://thejaxon.github.io/posts/projects/mkube_v1_35/","summary":"MKube automates Kubernetes cluster creation locally, this release upgrades to Kubernetes V1.35.0.","title":"Mkube V1.35.0 🎉🎉"},{"content":"Intro I\u0026rsquo;d like to start by saying that this implementation was done as a test for the flow itself, what was picked was merely for demoing. IRL the use case is different, the flow remains the same, now I can get started.\nAI Image overview takes an image as an input, sends it to Bedrock LLM, gets the description, that\u0026rsquo;s it in a nutshell.\nPrerequisites CloudWatch Synthetics Chrome browser plugin An S3 Bucket to store the screenshots (Will also be used as a source that will trigger the lambda function which invokes Bedrock). Implementation 1. Canary Synthetics Used for monitoring periodically which is why it\u0026rsquo;s great for this use case because the idea is to have weekly screenshots from specific dashboard. Blueprint used was Canary Recorder which allows you to record your actions on a specific website and it repeates those actions for you. Source script can be found here and what it does is that it reaches to coincap, gets the Bitcoin page and screenshots it. 2. Lambda Configured with the created S3 bucket as a trigger so that whenever canary synthetics run, the lambda function also runs since files were uploaded to S3. S3 event is checked and we extract the current path of the screenshot so that we describe the correct image for each run. Needs permissions to access the S3 Bucket and Bedrock. 3. Bedrock Gets invoked via Lambda and is the service used to describe what\u0026rsquo;s in that image. Outcome Sceenshot gets taken and stored in S3 (Via Canary Synthetics) The Bedrock model now returns the following based on our prompt prompt = \u0026#34;\u0026#34;\u0026#34; You are a crypto expert. Analyze the provided screenshot and generate a concise, technical summary for where Bitcoin is heading. Respond in the following JSON format: { \u0026#34;current_price_usd\u0026#34;: \u0026#34;Current price of Bitcoin in USD.\u0026#34;, \u0026#34;summary\u0026#34;: \u0026#34;Overview of where you think the market is heading based on the current chart, whether its the right time to buy or not.\u0026#34; } \u0026#34;\u0026#34;\u0026#34; { \u0026#34;current_price_usd\u0026#34;: \u0026#34;$89,290.30\u0026#34;, \u0026#34;summary\u0026#34;: \u0026#34;Bitcoin is showing a downward trend with a 0.17% decrease. The price chart displays significant volatility with the price having reached a high of $89,838.00 and a low of $89,183.56 in the current period. The market appears to be in a short-term consolidation phase after testing higher levels around $89,800. Given the recent pattern of lower highs and the current price action showing resistance to upward movement, Bitcoin may experience further short-term pressure. However, with substantial market cap ($1.78T) and trading volume ($15.24B), the asset remains fundamentally strong. This minor pullback might present a strategic entry point for those looking to accumulate, though traders should watch for a potential break below $89,000 which could signal further downside.\u0026#34; } References ai_image_overview repository So far, the implemntation was done through the console, later I\u0026rsquo;ll try to automate it with IaC tool.\nBig thanks to Kiro IDE.\nCiao.\n","permalink":"https://thejaxon.github.io/posts/projects/ai_image_overview/","summary":"Combining Canary Synthetics + Lambda + BedRock to periodically describe a graph.","title":"AI Image Overview"},{"content":"To become a Kubestronaut, one must pass all the 5 Kubernetes related certifications. For me, the original plan wasn\u0026rsquo;t about becoming a Kubestronaut.\nOriginal plan Give CKAD a try since i\u0026rsquo;ve never took that exam before. Renew the already expired CKA/CKS certifications and go through the new updates. The following is the timeline where I did the certifications starting with CKAD.\n✅ CKAD =\u0026gt; 04/02/2024 ✅ CKA =\u0026gt; 18/02/2024 ❌ CKS =\u0026gt; 10/11/2024 (Failed unfortunately and had to re-take it, I went through some lessons learned in my CKS Exam V1.31 blog post) ✅ CKS =\u0026gt; 24/11/2024 CKAD In the past I was already preparing for CKAD but never attempted it, you can see the notes written here. I\u0026rsquo;ve used the book Certified Kubernetes Application Developer: In-depth Guidance and Practice by Benjamin Muschko as my main source to prepare for that exam and that was enough for me to get a proper idea and go for it. CKA For the CKA it was a recertification so I was confident, I just needed to refresh my knowledge and for that I read the book Acing the Certified Kubernetes Administrator Exam by Chad M. Crowell CKS Sometimes confidence can be good, sometimes, it\u0026rsquo;s just overconfidence and that was definitely the case, after failing that one on the first attempt, I had to adjust and study more. I went for Killer shell CKS exam simulator which is a solid one. Do it because, why not ? 🧑‍🚀 Since the practical and challenging exams had already been passed, the question to me became, why not give it a go ? What remained were KCNA and KCSA, both are MCQ exams and with some effort to prepare, you should be good to go (Although one must say that KCSA is definitely on the harder side).\nAnd so I did, just prepared and went for it\n✅ KCNA =\u0026gt; 30/11/2024 ✅ KCSA =\u0026gt; 02/12/2024 References Kubestronaut CNCF List Kubestronaut Credly badge CKA exam preparation ","permalink":"https://thejaxon.github.io/posts/certifications/kubestronaut/","summary":"Highlights from my journey to become a CNCF Kubestronaut.","title":"Kubestronaut 🧑‍🚀🚀"},{"content":"Intro I\u0026rsquo;ve never created a Vagrant box on my own, I mean not in a declarative way, once I exported a box but that doesn\u0026rsquo;t really count. This week I\u0026rsquo;ve been experimenting with the idea of building a Vagrant box for NixOS with Hashicorp Packer.\nI\u0026rsquo;ve been using Nix as a package manager for MacOS since almost a month so by no means I\u0026rsquo;m an expert and I\u0026rsquo;ve got a long way to go but I\u0026rsquo;ve got a brief idea about it.\nPacker concepts 1. HTTP Configuration Packer will create an http server serving http_directory when it is set, a random free port will be selected and the architecture of the directory referenced will be available in your builder.\nThis is needed for grabbing our *.nix configuration files but generally you will see it used especially in boot_command when downloading a Kickstart or Cloud-Init configuration files.\n2. Templating Engine - Keep ENV vars in mind I\u0026rsquo;ve used Packer\u0026rsquo;s shell provisioner instead of provisioning via boot_command, while both approaches work, waiting for your commands to be typed on the screen takes way more time than just invoking a bash script.\nI rely on one of the following environment variables provided by Packer\nIf we\u0026rsquo;re using VNC boot_command then {{ .HTTPIP }}:{{ .HTTPPort }} will be used to get the files stored in that directory. If we\u0026rsquo;re using SSH then $PACKER_HTTP_ADDR can be used. In order for us to keep the environment variables present when invoking the script {{ .Vars }} is used. {{ .Path }} points to the path of our shell script. So we end up with the following execute_command that is being used before invoking the script sudo su -c '{{ .Vars }} {{ .Path }}' Vagrant configuration 1. Insecure keys These keys are the \u0026ldquo;insecure\u0026rdquo; public/private keypair we offer to base box creators for use in their base boxes so that vagrant installations can automatically SSH into the boxes.\nThe directory configuration/vagrant_keys contains the needed Vagrant insecure keys that should be inserted.\nPacker boot_command adds the public keys as authorized keys (Boot command uses VNC but later on, our provision script is invoked via SSH so this step is very important).\nThe private key is then used to establish SSH connection to the machine.\n2. Handle vagrant-hostname and vagrant-network generated files Vagrant generates 2 nix configuration files when NixOS is used\n# 1. vagrant-hostname configuration { config, pkgs, ... }: { networking.hostName = \u0026#34;controlplane\u0026#34;; } # 2. vagrant-network configuration { config, pkgs, ... }: { networking.interfaces = { eth1.ipv4.addresses = [{ address = \u0026#34;192.168.100.88\u0026#34;; prefixLength = 24; }]; }; } You should take them into consideration because the nix configuration file will not include them by default and they are dynamically generated so we\u0026rsquo;re not sure about the content untill the machine is provisioned, the solution is to include them with minimal configuration and let vagrant overwrite the file content.\n# Importing the empty nix configuration files imports = [ ./vagrant-hostname.nix ./vagrant-network.nix ]; # Content in both files is kept minimal so that it works when baking the image when invoking nixos-install {} NixOS Configuration 1. Predictable Network Interface naming By default, network cards are not given the traditional names like eth0 or eth1, whose order can change unpredictably across reboots. Instead, relying on physical locations and firmware information, the scheme produces names like ens1, enp2s0, etc. I needed to change that because Vagrant on Mac M1 always has a problem assigning static_ip, thankfully you can disable this feature with usePredictableInterfaceNames = false; and now I can just assign the static_ip specified in the Vagrantfile to eth1.\n2. Temporary Vagrant user for SSH By default NixOS comes with nixos user (which is part of the wheel group), this can be referenced in Packer and after we added our keys it should be fine to connect with that user, however since after the reboot, all our users will be created via configuration.nix file which just includes vagrant user (No more nixos user so we lose SSH connectivity after rebooting the machine).\nboot_command = [ # Add temporary vagrant user to allow for SSH connection to be established, permanent vagrant user is configured via configuration.nix \u0026#34;\u0026lt;wait\u0026gt;\u0026lt;enter\u0026gt;\u0026lt;wait10\u0026gt;\u0026#34;, \u0026#34;sudo su\u0026lt;enter\u0026gt;\u0026lt;wait\u0026gt;\u0026#34;, \u0026#34;useradd vagrant --create-home\u0026lt;enter\u0026gt;\u0026lt;wait\u0026gt;\u0026#34;, \u0026#34;usermod -aG wheel vagrant\u0026lt;enter\u0026gt;\u0026lt;wait\u0026gt;\u0026#34;, \u0026#34;mkdir -pv /home/vagrant/.ssh\u0026lt;enter\u0026gt;\u0026lt;wait\u0026gt;\u0026#34;, \u0026#34;curl http://{{ .HTTPIP }}:{{ .HTTPPort }}/vagrant_keys/vagrant.pub \u0026gt; /home/vagrant/.ssh/authorized_keys\u0026lt;enter\u0026gt;\u0026lt;wait\u0026gt;\u0026#34; ] I\u0026rsquo;ve decided to create a temporary vagrant user as a workaround, enable ssh via this user and on reboot still we have our new permanent vagrant user and still we are allowed to use vagrant private key to SSH into the machine since we allow vagrant insecure keys in its configuration as follows\n# I kept this part minimal, full configuration can be seen in configuration.nix file users.users.vagrant = { name = \u0026#34;vagrant\u0026#34;; isNormalUser = true; openssh.authorizedKeys.keys = [ \u0026#34;ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key\u0026#34; \u0026#34;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key\u0026#34; ]; }; So far that\u0026rsquo;s all, there should be more updates because I\u0026rsquo;m not doing any version locking for the packages used by NixOS.\nUseful Resources NixOS Vagrant boxes with NixBox VMWare ISO Builder Packer plugin not working well with VMware Fusion Pro 13.0 on M1-based chipset NixOS ❄: tmpfs as root ","permalink":"https://thejaxon.github.io/posts/projects/baking_nixos_vagrant_box_with_packer/","summary":"How to create Vagrant box for NixOS on arm64 (Mac M1) via Hashicorp Packer, In this blog I share what I\u0026rsquo;ve learned creating my first Vagrant box.","title":"Baking NixOS Vagrant box with Packer"},{"content":"MKube is the continuation of a personal project that I\u0026rsquo;ve started (Kontainer8)).\nI wanted to have a real Kubernetes cluster available locally, Ideally it should be stable enough so that I can reboot, spin it up again and It should work fine with everything that was configured.\nWhat changed The base box is now bento/fedora 40. cri-o as the container runtime. Cilium as the CNI. Story behind it The project worked quiet well, even in my past role I used to first go, make a demo on that cluster, ensure everything was alright before proceeding.\nSince I\u0026rsquo;ve started using Mac laptop with M1 Chip, I\u0026rsquo;ve faced many issues, I\u0026rsquo;m no longer able to use Virtualbox (Which was the main provider that vagrant uses).\nI looked for workarounds and sure enough, VMWare fusion seemed like a nice alternative and there was a guide on how to combine both Vagrant + VMWare fusion on Mac M1 but I\u0026rsquo;ve struggled finding a base vagrant box that supports that provider on ARM64 architecture.\nRecently I was able to get everything working by using bento/fedora base box, there\u0026rsquo;s a minor issue when using private_network in Vagrant with fedora and that is, the machine doesn\u0026rsquo;t get the proper IP specified assigned, It\u0026rsquo;s addressed in the issue 12762 and a workaround is provided in one of the comments by @CDFN.\nI had to refactor the project, introduce requirements.yml file to install needed dependencies for ansible and finally vagrant up, reload, destroy to make sure everything is alright.\nWhat should be improved I still need to work on the idempotency part of the join script which is the last command invoked but It\u0026rsquo;s very minor at this point. I need to have packer images ready for this project to save time updating and installing dependencies. ","permalink":"https://thejaxon.github.io/posts/projects/mkube_v1_29_12_1/","summary":"\u003cp\u003e\u003ca href=\"https://github.com/theJaxon/MKube\"\u003eMKube\u003c/a\u003e is the continuation of a personal project that I\u0026rsquo;ve started (\u003ca href=\"https://github.com/theJaxon/Kontainer8\"\u003eKontainer8)\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eI wanted to have a real Kubernetes cluster available locally, Ideally it should be stable enough so that I can reboot, spin it up again and It should work fine with everything that was configured.\u003c/p\u003e\n\u003chr\u003e\n\u003ch3 id=\"what-changed\"\u003eWhat changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe base box is now \u003ca href=\"https://portal.cloud.hashicorp.com/vagrant/discover/bento/fedora-40\"\u003ebento/fedora 40\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecri-o\u003c/strong\u003e as the container runtime.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCilium\u003c/strong\u003e as the CNI.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr\u003e\n\u003ch3 id=\"story-behind-it\"\u003eStory behind it\u003c/h3\u003e\n\u003cp\u003eThe project worked quiet well, even in my past role I used to first go, make a demo on that cluster, ensure everything was alright before proceeding.\u003c/p\u003e","title":"Mkube V1.29.12-1"},{"content":"I wanted to renew my expired CKS certification. After some studying, I decided to just go for it.\nMy first attempt was on Sunday, November 10, 2024, at 10:30 PM, and it ended in catastrophic failure. However, I\u0026rsquo;ve also learned some lessons from it.\n1. Time is everything I scheduled the exam at a late time, I know here I\u0026rsquo;m overstating the obvious but honestly I just underestimated the exam.\nIt\u0026rsquo;s not an easy one and It\u0026rsquo;s very time consuming, you will need every minute because you\u0026rsquo;re only given 2 hours to solve 16 performance-based tasks, that\u0026rsquo;s not a lot of time at all and my first attempt resulted in me not having enough time to go through 4 of these questions.\n2. Reiterate over the new exam objectives Since I was previously CKS certified, I just assumed there wouldn’t be significant changes. Boy, was I wrong!\nThe exam changed a lot and that was a surprise for me (Not a good one when you\u0026rsquo;re taking the exam) so better check the new objectives, here i\u0026rsquo;m listing the weakness points for me on the first attempt:\nImplement Pod-to-Pod encryption using Cilium Understand your supply chain (e.g. SBOM, CI/CD, artifact repositories) Use appropriate pod security standards 3. Use exam simulators You can use the provided CKS exam simulator at killer.sh as a way of validation, personally I didn\u0026rsquo;t invest heavily in it, I just wanted to have a feeling of the exam environment once more as i was preparing for my 2nd attempt.\n4. Reschedule ASAP My second attempt was on Sunday, November 24, 2024, at 8:30 AM , I tried to reschedule it earlier but there should also be some room to reiterate over why the first attempt was a failure.\nRegardless It was done in the same month and thankfully the goal was accomplished.\nCertificate verification can be done via LF-k6nmlvu9yy.\nUseful resources CKS Exam Objectives CKS Exam Updates 2024: Your Complete Guide to Certification with KodeKloud Killer Shell CKS - Interactive Scenarios for Kubernetes Security ","permalink":"https://thejaxon.github.io/posts/certifications/cks_exam/","summary":"\u003cp\u003eI wanted to renew my expired CKS certification. After some studying, I decided to just go for it.\u003c/p\u003e\n\u003cp\u003eMy first attempt was on \u003ccode\u003eSunday, November 10, 2024, at 10:30 PM\u003c/code\u003e, and it ended in catastrophic failure. However, I\u0026rsquo;ve also learned some lessons from it.\u003c/p\u003e\n\u003chr\u003e\n\u003ch4 id=\"1-time-is-everything\"\u003e1. Time is everything\u003c/h4\u003e\n\u003cp\u003eI scheduled the exam at a late time, I know here I\u0026rsquo;m overstating the obvious but honestly I just underestimated the exam.\u003c/p\u003e","title":"CKS Exam V1.31"},{"content":"I\u0026rsquo;ve used Hugo in the past and deployed a sample blog, but that was all.\nI published a single post and then forgot about the idea.\nThis is yet another attempt to write more\u0026hellip; I hope so.\nHow was this blog created ? hugo new site thejaxon.github.io \u0026amp;\u0026amp; cd thejaxon.github.io git submodule add https://gitlab.com/gabmus/hugo-ficurinia.git themes/hugo-ficurinia # Refer to https://gitlab.com/gabmus/hugo-ficurinia#configuration for configuration sample touch config.toml # Add blog content hugo new content content/posts/hello_world.md ","permalink":"https://thejaxon.github.io/posts/hello_world/","summary":"\u003cp\u003eI\u0026rsquo;ve used \u003ca href=\"https://gohugo.io/\"\u003eHugo\u003c/a\u003e in the past and deployed a sample blog, but that was all.\u003c/p\u003e\n\u003cp\u003eI published a single post and then forgot about the idea.\u003c/p\u003e\n\u003cp\u003eThis is yet another attempt to write more\u0026hellip; I hope so.\u003c/p\u003e\n\u003chr\u003e\n\u003ch3 id=\"how-was-this-blog-created-\"\u003eHow was this blog created ?\u003c/h3\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ehugo new site thejaxon.github.io \u003cspan style=\"color:#f92672\"\u003e\u0026amp;\u0026amp;\u003c/span\u003e cd thejaxon.github.io\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003egit submodule add https://gitlab.com/gabmus/hugo-ficurinia.git themes/hugo-ficurinia\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#75715e\"\u003e# Refer to https://gitlab.com/gabmus/hugo-ficurinia#configuration for configuration sample\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003etouch config.toml\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#75715e\"\u003e# Add blog content\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ehugo new content content/posts/hello_world.md\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","title":"\u003c Hello World /\u003e"}]