Posts

Last week, I talked about GitOps, and how you can use GitOps methodologies with GitLab and Anthos. This was a GitLab-hosted event, and I thank them for giving me the opportunity to talk about those topics :-) You can watch the replay here.

French only, sorry!

Dans la suite de mon article Identity-Aware Proxy for On-Prem applications, j’ai récemment enregistré un webinar avec mon collègue Olivier Vautrin à ce sujet. Vous pouvez y accéder en cliquant sur ce lien.

Edit: Added a note about JWT header validation. I have a couple internal systems that I run at home, and that I want to be able to access from outside. I want only my partner and myself to be able to access those systems, and I want that access to be as transparent as possible for her. For that, I decided to use Google’s Identity-Aware Proxy (IAP)! IAP is a Google Cloud feature that allows you to implement Google’s BeyondCorp security model.

I know it’s a little bit late, but here are the videos (in French) of my talks at the Google Cloud Paris Summit 2019 (which happened on June 18th, 2019). The first is a demo of Anthos I gave during the keynote. My laptop failed to recognize the projector when it woke up, which is why I talk without any demo for the first 3 minutes (which were the longest in my life!

If you are using GCP, you may at one point need to change the billing account associated with all your projects. This “billing account migration” can happen for a number of reasons, but a common one is the consolidation of several existing billing accounts under a new one. Below, you’ll find a small script to allow you to do that quickly. This script takes all the projects linked to one billing account and reassigns them to a new one.

Google Cloud Platform (GCP) uses a specific resource hierarchy. At the very top, you have an organisation, tied to a domain (for example: mrtrustor.net). Inside that organisation, you can have folders and subfolders. Finally, you have projects, which can be inside folders, or directly under the organisation node. Projects are where your cloud resources (VMs, databases, etc.) actually live. By default, projects are completely isolated from one another, especially at a network level.

Until now In my first post on this blog, I explained how I created this blog. At the time, I was using: Hugo as a static site generator, that is a tool that turns Markdown into a pretty static website. AWS S3 to host the website itself. Docker to run Hugo and generate the website from my Markdown files. Since then, I joined Google and using Amazon’s services to host my personal blog didn’t seem very “corporate” :-) So, I had updated my setup like this:

Note: Since writing this post, I joined Google. We have released a feature called IP Aliases that addresses the problem described in this article, and much more. Activating IP Aliases requires creating a new cluster. If you can’t do that, then you can now change the configuration of the ip-masquerade-agent as described here. This gives the same end-result as the solution described in this article, but is much cleaner.

This is the second and last part of my AWS re:Invent recap. Go check out the first part if you haven’t done so already. In this second post, I will outline the products announced by Werner Wogels during his keynote. You will also find a small opinionated analysis of the impact of each product, based on the current market and ecosystem. I tagged the really important ones with a [Game Changer] in the title.

Two weeks ago, thanks to my company, Oxalide, I had the chance to attend AWS re:Invent, in Las Vegas. This is the first part of a recap of all the announcements (yes, there are so many things to talk about that it doesn’t fit in a single post). You will also find a small opinionated analysis of the impact of each product, based on the current market and ecosystem.