How to get off Yahoo! mail
tl;dr - You can get off Yahoo! Mail (or any other “free” email provider) by connecting a POP-capable mail client (like Thunderbird), downloading all your mail, getting a new mail server/service, ensuring all important emails go to the new account, and finally deleting your account. Believe it or not, until recently I had an active ~18 year old Yahoo! mail account. A while ago after a few hacks that Yahoo!
Securing Your Kubernetes Cluster
tl;dr - Check out Kubernetes features like PodSecurityPolicy, NetworkPolicy. There are also Fantastic fun analogy-laden Talks from Kubecon 2017 (Austin) and Kubecon 2018 (Copenhagen). CIS standards for Kubernetes clusters exist. There are also companies like Aqua that produce tools like kube-bench that let you test your clusters CIS benchmarks. It’s also important to remember to secure the machine as well as the Kubernetes cluster – so the usual Unix server administration advice applies.
Switching From kube-lego To cert-manager
tl;dr - I switched from Jetstack’s kube-lego to cert-manager (it’s natural successor), and am pretty happy with the operator pattern they’ve decided to adopt, switch over was easy, but I tripped myself up for a bit because I don’t like using Helm. Complete resource definitions (that worked for me, YMMV) are in the TLDR section @ the bottom. I’m taking a break from my regularly scheduled programming (I’m in the middle of a series on trying out monitoring/observability tools/frameworks in Kubernetes) to write about my switch from jetstack/kube-lego to jetstack/cert-manager.
Switch From ployst/docker-letsencrypt to Jetstack's kube-lego
tl;dr - I switched from ployst/docker-letsencrypt which I considered less complicated than jetstack/kube-lego initially. Turns out jetstack/kube-lego is pretty simple and *just works* which is amazing, props to the team over at jetstack and as always the kubernetes team, for making this more intelligent automation possible. You could honestly just read the jetstack/kube-lego guide, it’s real good. If you wanna see my path through it, keep reading. Up until now I’ve been using ployst/docker-letsencrypt, and it’s been working fine, however I’ve longed for a solution that didn’t require me to manually kubectl exec scripts, and kube-lego is that tool.
LetsEncrypt Systemd Recipes
If you’re unfamiliar with Let’s Encrypt, it’s a project (I believe originally sponsored by the EFF) that creates a first of it’s kind free automated and open certificate authority. This means administrators who run websites can get free access to SSL certificates. In the past I’ve had to go to sites like StartSSL or purchase a certificate from my hosting provider (and of course, some still do), but Let’s Encrypt has been wonderful for me (I highly recommend donating to Let’s Encrypt).