In the first post – AWS: Web Application Firewall overview, configuration, and its monitoring – we spoke about its main components, created a WebACL and Rules for it, and did basic monitoring. Also, we’ve configured WebACL’s logs collection with AWS Kinesis, but now it’s time to see them Logz.io, as CloudWatch Logs isn’t available for… Read More »
AWS WAF (Web Application Firewall) is an AWS service for monitoring incoming traffic to secure a web application for suspicious activity like SQL injections. Can be attached to an AWS Application LoadBalancer, AWS CloudFront distribution, Amazon API Gateway, and AWS AppSync GraphQL API. In case of finding any request that sits WAF’s rules, it… Read More »
AWS CloudTrail is a service for auditing AWS accounts events and is enabled by default. It saves all actions that were done by a user, IAM role, or an AWS service via AWS Console, AWS CLI, or AWS SDK. CloudTrail will write information about every API call, log in to the system, services events, and… Read More »
Recently, AWS blocked our AWS Simple Email Service because of its low bounce rate. This can be checked in the AWS SES > Reputation Dashboard, our account currently has Under review status: After we’ve connected AWS Tech Support, they enabled it back, but we must solve the issue asap, and have to monitor AWS SES… Read More »
One of the goals of the ArgoCD implementation in our project is to use new Deployment Strategies for our applications. In this post, we will observe deployment types in Kubernetes, how Deployment is working in Kubernetes and a quick example of the Argo Rollouts. Deployment Strategies and Kubernetes Let’s take a short overview of the… Read More »
Amazon Web Services has a special AWS Hero program for people, who made a significant contribution to the AWS community. Suddenly, I was nominated there and announced in June in the AWS Container Hero category. Mainly, because of this blog and AWS/Kubernetes/EKS posts. And by the way – I’m the very first AWS Hero… Read More »
An application, cluster, or repository can be created In ArgoCD from its WebUI, CLI, or by writing a Kubernetes manifest that then can be passed to kubectl to create resources. For example, Applications are Kubernetes CustomResources and described in Kubernetes CRD applications.argoproj.io: [simterm] $ kubectl get crd applications.argoproj.io NAME CREATED AT applications.argoproj.io 2020-11-27T15:55:29Z [/simterm] And… Read More »
In the previous post ArgoCD: users, access, and RBAC we’ve checked how to manage users and their permissions in ArgoCD, now let’s add an SSO authentification. The idea is that we don’t add user accounts locally in the ArgoCD’s ConfigMap, but instead will use our Okta users databases and Okta will perform their authentication. And… Read More »
ArgoCD has two types of users – local, that are set in the argocd-cm ConfigMap, and SSO. Below, we will speak about local user management, and in the next chapter will see how to integrate ArgoCD and Okta, because local users can’t be grouped in groups. See the documentation on the Local users/accounts page. For… Read More »
During applications deploy from a Helm chart described in the Istio: shared Ingress/AWS ALB, Helm chart with conditions, Istio, and ExternalDNS we are getting the “spec.ports[0].nodePort: Forbidden: may not be used when `type` is ‘ClusterIP’” error. Let’s reproduce it and find solutions with kubectl and Helm to solve it. The “spec.ports[0].nodePort: Forbidden: may not be… Read More »