Tag Archives: AWS IAM

ArgoCD: a Helm chart deployment, and working with Helm Secrets via AWS KMS

22 November 2020

 In the previous post ArgoCD: an overview, SSL configuration, and an application deploy we did a quick overview on how to work with the ArgoCD in general, and now let’s try to deploy a Helm chart. The most interesting part of this is how to enable the Helm Secrets. Had some pain with this, but… Read More »

AWS: eksctl – “Put net/http: request canceled”

26 April 2020

 We have a Docker image with the eksctl tool included. We also have an ЕС2 with Linux with the eksctl. There is an AWS IAM Instance Profile attached to this EC2 with the AdminAccess policy assigned. On this ЕС2 we have Jenkins running in a Docker container, and it spawns its jobs inside in additional… Read More »

AWS Elastic Kubernetes Service: a cluster creation automation, part 1 – CloudFormation

24 April 2020

 The task is: create automation to roll out an AWS Elastic Kubernetes Service cluster from scratch. Will use: Ansible: to automate CloudFormation stack creation and to execute eksctl with necessary parameters CloudFormation with NestedStacks: to create an infrastructure – VPC, subnets, SecurityGroups, IAM-roles, etc eksctl: to create a cluster itself using resources created by CloudFormation… Read More »

AWS Elastic Kubernetes Service: running ALB Ingress controller

21 April 2020

 AWS ALB Ingress Controller for Kubernetes – is a Kubernetes controller which actually controls AWS Application Load Balancers (ALB) in an AWS account when an Ingress resource with the kubernetes.io/ingress.class: alb annotation is created in a Kubernetes cluster. This Ingress resource in its turn describes an ALB Listeners configuration with SSL termination or traffic routing… Read More »

Kubernetes: part 5 — RBAC authorization with a Role and RoleBinding example

26 March 2020

 The next task is to add a new user who will have access to check pods state and watch logs – any other operations must be prohibited. AWS EKS uses AWS IAM for authentification in a Kubernetes cluster (check the Kubernetes: part 4 – AWS EKS authentification, aws-iam-authenticator and AWS IAM post for details), bot… Read More »

Kubernetes: part 4 – AWS EKS authentification, aws-iam-authenticator and AWS IAM

3 September 2019

  Let’s proceed with our AWS Elastic Kubernetes Service, EKS. Previous parts: Kubernetes: part 1 – architecture and main components overview Kubernetes: part 2 – a cluster set up on AWS with AWS cloud-provider and AWS LoadBalancer Kubernetes: part 3 – AWS EKS overview and manual EKS cluster set up. In the previous – Kubernetes:… Read More »

AWS: IAM users keys rotation, EC2 IAM Roles and Jenkins

30 May 2019

 Today I checked our IAM-users and “suddenly” recalled that it’s good to update their credentials sometimes: Well, that’s good to do but here is a question: it’s simple enough to set an expire for keys in IAM, but what to do with all scripts which are used in our Jenkins and which are using those… Read More »

OpenVPN: Let’s Encrypt DNS verification on AWS Route53 and OpenVPN Access Server SSL certificate auto update

24 May 2019

 In addition to the OpenVPN: SSL and hostname configuration post about OpenVPN Access Server, set up and configuration. So, three months passed and it’s time to renew Let’s Encrypt SSL certificate (see. Prometheus: Alertmanager и blackbox-exporter — проверка срока действия SSL и нотификация в Slack, Rus). I could use a well-know for me scheme with… Read More »