I was about to start installing a monitoring stack at home to monitor my Linux devices when I learned Grafana Cloud now has a forever free plan.

And let me tell you, it’s just like they said it is; “A free plan that’s actually useful”. Some of what you get for free:

  • 10,000 series for Prometheus metrics
  • 50 GB of logs
  • 14-day retention for metrics and logs

But more importantly, you don't need to maintain a time-series Database nor a Grafana instance in your environment.

In this post, we will describe the steps to get you up and running. …


Modified image from Maria Letta’s Free Gophers Pack

In a previous post, we explored how Ansible can integrate with Google Calendar for Change Management, without getting into the details of the Ansible module that was built for this purpose. In this post, we will cover the nuts and bolts of it.

While most Ansible modules are written in Python (see this example), that’s not the only option you have. You can use other programming languages as well if you prefer so. And if you like Go, this post is for you!

If you are new to Go on the other hand, here are some pointers to get started.

Ansible and Go


Is anytime a good time to execute your automation workflow? The answer is probably no, for different reasons.

If you want to avoid simultaneous changes to minimize the impact on critical business processes and reduce the risk of unintended service disruptions, then no one else should be attempting to make changes at the same time.

In some scenarios, there could be an ongoing scheduled maintenance window. Or maybe there is a big event coming up, a critical business time, a holiday, or you prefer not to make changes on a Friday night.

Whatever the reason is, we want to signal…


Often times, when discussing automation strategies, the topic of Python vs Ansible comes up. However, automation goes beyond a script, task, tool or platform. Don’t fall into the trap of looking at this as a binary solution!.

I see Ansible as a framework to wire things together, to reduce the overhead of mundane tasks. Interconnecting different building blocks to orchestrate an end-to-end automation workflow, which in most cases involves different tools, platforms or resources in a diverse ecosystem across multiple domains in your organization.

If you are comfortable running Python to automate parts of your infrastructure, but find yourself in…


In the previous post, we examined different (SSL/TLS) certificate combinations to secure a gRPC channel. As the number of endpoints grows, this process soon gets too complicated to carry out manually. It’s time to look at how to automate the generation of signed certificates our gRPC endpoints can use without our intervention. We will explore alternatives for private and public domains. If you want to jump directly into the code, check out the repository.

This is part 2 of a series of three posts. In part 1 we covered setting gRPC TLS connections manually. …


There are different ways to establishing a secure TLS connection with Go and gRPC. Contrary to popular belief, you don’t need to manually provide the Server certificate to your gRPC client in order to encrypt the connection. This post will provide a list of code examples for different scenarios. If you just want to see the code, go to the source-code repository. You need to clone this repository to follow along (Go1.11+).

“Web browsers don’t hold public certificates for TLS, why should my application?” [Not Required: gRPC Client Certs in Go]

This is part 1 of a series of three…


Do you want to forget about NAT and run containers without having to translate IP addresses? Then you need public IP addresses, lots of them. Unfortunately, the price of each IPv4 address is exceeding $20, so you won’t get one for each and every one of your containers. On the other hand, there is no shortage of IPv6 addresses, so you could in theory assign a unique one to as many containers as you’d like.

When the Internet protocol (IP) that helps deliver this blog post to your device was defined back in 1981, the internet addresses that identify sources…


TL;DR: Kubernetes multi-cluster networking should be simple in order to scale. If you don’t want to worry about complex routing, overlay networks, tunneling or have to necessarily encrypt the traffic between clusters (assuming your applications are already doing so), then running IPv6 transparently should help.

I just came back from Kubecon NA 2018, where I had the chance to attend very inspirational sessions that covered Kubernetes multi-cluster networking from different angles. Among them:


One of the things I love the most about Kelsey Hightower’s Kubernetes The Hard Way guide— other than it just works (even on AWS!)—is that it keeps networking clean and simple; a perfect opportunity to understand what the role of the Container Network Interface (CNI) is for example. Having said that, Kubernetes networking is not really very intuitive, especially for newcomers… and do not forget “there is no such thing as container networking

While there are very good resources around this topic (links here), I couldn’t find a single example that connects all of the dots with commands outputs that…

Nicolas Leiva

Solutions Architect at Red Hat (ex Cisco). Cloud, Go and Open Source enthusiast.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store