Category Archives: Configuration/Orchestration

Terraform: managing EKS Access Entries and EKS Pod Identities

24 August 2024
 

 So, we have an AWS Elastic Kubernetes Service cluster with Authentication mode EKS API and ConfigMap, which we enabled during upgrade of the EKS Terraform module from version 19.21 to 20.0. Before switching EKS Authentication mode completely to the API, we need to transfer all users and roles to Access Entries of the EKS cluster… Read More »

Terraform: EKS and Karpenter version upgrade 19.21 to 20.0

13 July 2024
 

 It seems like a common task to update a version of a Terraform module, but terraform-aws-modules/eks version 20.0 had some pretty big changes with breaking changes. The changes relate to authentication and authorization in AWS IAM and AWS EKS, which I analyzed in the post AWS: Kubernetes and Access Management API, the new authentication in… Read More »

AWS: RDS IAM database authentication, EKS Pod Identities, and Terraform

7 July 2024
 

  We’re preparing to migrate our Backend API database from DynamoDB to AWS RDS with PostgreSQL, and finally decided to try out AWS RDS IAM database authentication, which appeared in 2021. IAM database authentication, as the name implies, allows us to authenticate to RDS using AWS IAM instead of the login-password from the database server… Read More »

AWS: Karpenter and SSH for Kubernetes WorkerNodes

23 June 2024
 

  We have an AWS EKS cluster with WorkerNodes/EC2 created with Karpenter. The process of creating the infrastructure, cluster, and launching Karpenter is described in previous posts: Terraform: Building EKS, part 1 – VPC, Subnets and Endpoints Terraform: Building EKS, part 2 – an EKS cluster, WorkerNodes, and IAM Terraform: Building EKS, part 3 –… Read More »

Pritunl: launching a VPN in AWS on EC2 with Terraform

23 June 2024
 

  I’ve already written a little about Pritunl before – Pritunl: Running a VPN in Kubernetes. Let’s return to this topic again, but this time on EC2 in AWS, without Kubernetes. So, what we need to do is to run some kind of VPN service for the project to have access to Kubernetes APIs/Kubernetes WorkerNodes/AWS… Read More »

Dependabot: GitHub, and Terraform versions management

30 May 2024
 

  Over time, as the project grows, sooner or later the question of upgrading versions of packages, modules, and charts will arise. You can do it manually, of course, but only up to a certain point, because eventually you simply won’t be able to physically monitor and update everything. There are many solutions for automating… Read More »

GitHub Actions: Terraform deployments with a review of planned changes

7 March 2024
 

  In the GitHub Actions: deploying Dev/Prod environments with Terraform blog I’ve already described how we can implement CI/CD for Terraform with GitHub Actions, but there is one significant drawback to that solution: there is no way to review changes before applying them with terraform apply. GitHub Actions has the ability to use Reviewing deployments… Read More »

Terraform: creating a module for collecting AWS ALB logs in Grafana Loki

24 February 2024
 

 An example of creating a Terraform module to automate log collection from AWS Load Balancers in Grafana Loki. See how the scheme works in the Grafana Loki: collecting AWS LoadBalancer logs from S3 with Promtail Lambda blog. In short, ALB writes logs to an S3 bucket, from where they are picked up by a Lambda… Read More »

Karpenter: the Beta version – an overview of changes, and upgrade from v0.30.0 to v0.32.1

5 November 2023
 

 So, Karpenter has made another big step towards the release, and in version 0.32 it has moved from Alpha to Beta. Let’s take a quick look at the changes – and they are quite significant – and then upgrade to EKS from Karpneter Terraform module and Karpenter Helm chart. The process of installing Karpenter was… Read More »

GitHub Actions: Docker build to AWS ECR and Helm chart deployment to AWS EKS

7 October 2023
 

 So, we have a deployed Kubernetes cluster – see the Terraform: Creating EKS, Part 1 – VPCs, Subnets, and Endpoints series. And we have a GitHub Actions workflow to deploy it – see GitHub Actions: Deploying Dev/Prod environments with Terraform. It’s time to start deploying our backend to Kubernetes. Here we will use GitHub Actions… Read More »