I thought I’d strike again with a small hands-on tutorial on using Janos, a tool we created to simplify the migration to EKS 1.16 as required by Amazon. This will be the final step towards ending EKS 1.15 support by May 3, 2021. Nothing too fancy. Just straight to the point :)

Kubernetes sometimes deprecates apiVersions. Most notably, many deprecations occurred in the 1.16 release.

This means that you need to update your yaml files before!

Therefore, you will need to update your Kubernetes manifests to the correct API references before that deadline! At SumUp, we automated this process as we have a large number of clusters.

We started by reading…

We catch up with Pablo Loschi, our Argentinian Senior DevOps Engineer based in Berlin.

Here at SumUp, we’re always looking for great talents to be part of the company and help us develop the best solutions for small businesses all over the world.

Pablo Loschi is one of those talents. And if you’re a Backend Developer looking to become a DevOps Engineer, he has some interesting insights for you.

“I grew up in Argentina, and I’ve been living in Berlin for just over a year now. As a child, I remember reading all the Windows 95 help section before…

How to build a proof-of-concept in about 15 minutes

This guide is an update to a previous story of mine.

Why another guide? Because it addresses the same issue in a simpler way.
Generally speaking, simplifying is the art of distilling information. It’s all about organizing ideas and concepts to extract only the meaningful parts.

This guide will get you to a working example of setting up an API gateway from scratch which will use JWT with ACL to authorize a user to reach an endpoint. For other parts, you can refer to the excellent Kong documentation.

“Simplicity is the ultimate sophistication.” Leonardo da Vinci (1452–1519)

Context: Investigating different API gateways

At Sumup we…

At Applift we are building API services and need to allow or restrict certain calls based on roles, we choose to use this using jwt tokens support server-to-server or client-to-server communication, using JWTs as our API tokens. Here is a short example on on how to do this in a sample application.

Our test application, called cafe, lets you order either tea via the tea service or coffee via the coffee service.
You indicate your drink preference with the URI of your HTTP request: URIs ending with /tea get you tea and URIs ending with /coffee get you coffee. …

Konga is a fully featured open source, multi-user GUI, that makes the hard task of managing multiple Kong installations a breeze.

It can be integrated with some of the most popular databases out of the box and provides the visual tools you need to better understand and maintain your architecture.

You can see a LIVE DEMO (username: demo password: demodemodemo)

This guide assumes that you have deployed Kong using something similar to our previous post:

Hands on!

From the previous point to have to files that are going to be used for this: one yaml file with the information for Kong to…

At Applift we are handling a high volume of traffic with hundreds of millions of events daily (clicks, impressions, actions, in-app events, etc.).
This means we need to be able to scale our servers fast to handle traffic spikes and also to control who has access to our servers and with which permissions.
We have chosen to build our infrastructure on top of K8s to allow elasticity and scalability.
We use Kong as our API gateway to control and throttle access to the cluster.

So what is Kong?

Kong is an orchestration microservice API gateway. Kong provides a flexible abstraction…

With Lucas Collino we installed Mattermost at our workplace, the free edition has some MUST features that slack doesn’t:

Unlimited search history & integrations

Self-hosted one-to-one and group messaging, file sharing and search

Custom Branding , if you want to match your company’s style ;) (https://goo.gl/yQNh2E)

We are based on https://github.com/mattermost/mattermost-kubernetes

This guide assumes that you have nginx , helm and cert manager running, there is a guide for that here.

We will be using wildcard certificates for *.mycompany.com …

Based on this previous story , we started managing several certificates for different applications and it was becoming harder to maintain (also we were hitting the rate limits for Let’s-ecnrypt), so with Lucas Collino we found a way to use wildcard certificates (as recommended).

This allows creating a single *.mycompany.com certificate which fits all the applications we support.

The certificate is stored in a secret in the kube-system namespace, we replicated that secret across all namespaces, so developers can access it in their own namespaces.

This guide assummes that you have followed the previous one, and you have Helm and…

At my job (in Fravega) we have been struggling for some days dealing with certificates. It turns out that we didn’t find an updated guide for this, so we decided to write our own.

Following this guide but with changes required for dns validation(needed for private ingress!) and to work with cert manager v0.6.2

This guide assumes that you have K8s cluster working with external dns and nginx-ingress-controller installed, the following steps are:

  1. Install helm
  2. Install cert manager
  3. Create a user in AWS with route53 permissions
  4. Create Staging ClusterIssuer with DNS validation
  5. Create Certificate
  6. Create a test Ingress

Install helm

Helm is…

Pablo Loschi

Devops K8s and some random stuff from here and there. Berlin based, working at Sumup

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store