Tag Archives: AWS IAM

AWS: eksctl – “Put http://169.254.169.254/latest/api/token: net/http: request canceled”

26 April 2020
 

 We have a Docker image with the eksctl tool included. We also have an ЕС2 with Linux with the eksctl. There is an AWS IAM Instance Profile attached to this EC2 with the AdminAccess policy assigned. On this ЕС2 we have Jenkins running in a Docker container, and it spawns its jobs inside in additional… Read More »

AWS Elastic Kubernetes Service: a cluster creation automation, part 1 – CloudFormation

24 April 2020
 

 The task is: create automation to roll out an AWS Elastic Kubernetes Service cluster from scratch. Will use: Ansible: to automate CloudFormation stack creation and to execute eksctl with necessary parameters CloudFormation with NestedStacks: to create an infrastructure – VPC, subnets, SecurityGroups, IAM-roles, etc eksctl: to create a cluster itself using resources created by CloudFormation… Read More »

AWS Elastic Kubernetes Service: running ALB Ingress controller

21 April 2020
 

 AWS ALB Ingress Controller for Kubernetes – is a Kubernetes controller which actually controls AWS Application Load Balancers (ALB) in an AWS account when an Ingress resource with the kubernetes.io/ingress.class: alb annotation is created in a Kubernetes cluster. This Ingress resource in its turn describes an ALB Listeners configuration with SSL termination or traffic routing… Read More »

Kubernetes: part 5 — RBAC authorization with a Role and RoleBinding example

26 March 2020
 

 The next task is to add a new user who will have access to check pods state and watch logs – any other operations must be prohibited. AWS EKS uses AWS IAM for authentification in a Kubernetes cluster (check the Kubernetes: part 4 – AWS EKS authentification, aws-iam-authenticator and AWS IAM post for details), bot… Read More »

Kubernetes: part 4 – AWS EKS authentification, aws-iam-authenticator and AWS IAM

3 September 2019
 

  Let’s proceed with our AWS Elastic Kubernetes Service, EKS. Previous parts: Kubernetes: part 1 – architecture and main components overview Kubernetes: part 2 – a cluster set up on AWS with AWS cloud-provider and AWS LoadBalancer Kubernetes: part 3 – AWS EKS overview and manual EKS cluster set up. In the previous – Kubernetes:… Read More »

AWS: IAM users keys rotation, EC2 IAM Roles and Jenkins

30 May 2019
 

 Today I checked our IAM-users and “suddenly” recalled that it’s good to update their credentials sometimes: Well, that’s good to do but here is a question: it’s simple enough to set an expire for keys in IAM, but what to do with all scripts which are used in our Jenkins and which are using those… Read More »

OpenVPN: Let’s Encrypt DNS verification on AWS Route53 and OpenVPN Access Server SSL certificate auto update

24 May 2019
 

 In addition to the OpenVPN: SSL and hostname configuration post about OpenVPN Access Server, set up and configuration. So, three months passed and it’s time to renew Let’s Encrypt SSL certificate (see. Prometheus: Alertmanager и blackbox-exporter — проверка срока действия SSL и нотификация в Slack, Rus). I could use a well-know for me scheme with… Read More »