It is time for me to quit managing all of my Kubernetes configurations on a random number of servers and Git repos. Sadly, my usage of the Git repos has ONLY been used to perform backups of my code and not used as a way to manage configuration changes. I have been running in DigitalOcean’s infrastructure since 2017, Member since 1/14/2017. I’ve steadily moved from just Droplets into their more managed infrastructure to include Kubernetes and App Platform. The App Platform is what sits in front of this website (something I’ll need to further document some day). I’m hoping to get some time to also tinker with their Functions but time is not always on my side. ...

I ran into a small problem recently when I was leveraging my site updating code referenced in Automating Static WordPress Updates. The problem was that I was unable to update content reliably for two reasons: The content was not properly switching out the hostname in the URL when I would crawl my backend WordPress site. I actually implemented something that helped to correct this but it lead to problem #2. I should probably post a new article on the changes I made in my script… My script would only crawl the external static site so updates were not getting published. This lead me to creating this post! Now that I have the problems covered, let’s get right to it. In order to resolve the issue, I needed my Kubernetes to have split DNS for certain hosts. I needed my static site updating script to be able to crawl my backend WordPress and NOT crawl the public facing static site. ...

I recently had to do some tinkering in Oracle Cloud Infrastructure (OCI) with Compute Instances and the Key and Secrets Management in Oracle Vault. I wanted to be able to replicate AWS EC2 instance capability to access secrets based upon the instance’s permissions without requiring any usernames, passwords, tokens, etc… to be stored on the instance itself. In AWS, I already know how to do this via IAM Roles and Policies. Before we begin, I’m assuming that you already have created a Vault and Secret that will be accessed. You can reference the Oracle Cloud documentation on creating secrets and vaults here. I also assume that you have a Compute instance created that is running some type of Linux. Mine is running OL8. ...

I needed to make sure I had two users in an Amazon Redshift cluster (readonly and readwrite). I needed to make sure their permissions were set appropriately so the first step was to first see what their permissions were on the schema and then the tables. First we check their schema permissions with the below query that makes use of the has_schema_privilege function: SELECT u.usename, s.schemaname, has_schema_privilege(u.usename,s.schemaname,'create') AS user_has_create_permission, has_schema_privilege(u.usename,s.schemaname,'usage') AS user_has_usage_permission FROM pg_user u CROSS JOIN (SELECT DISTINCT schemaname FROM pg_tables) s WHERE (u.usename = 'readonly' OR u.usename = 'readwrite') AND s.schemaname = 'public'; The query above filters on the specific users and schema I’m checking against. You are welcome to customize this query to look for all users and/or all schemas. This query results in the below permissions on the public schema for these users: ...

I started messing around with my WordPress by first adding in a layer of security in Adding Nginx in Front of WordPress. After putting Nginx in front of my WordPress, I decided that I would further secure it by also Building a Static WordPress. That’s great and all but maybe it was time to make Nginx give me some performance gains rather than just some security controls. That is exactly what we’re going to do in this blog post. Now that Nginx is sitting in front of WordPress, we can use it to control some of the performance aspects. ...