Assuming IAM roles in another account from your EKS workloads is extremely powerful. This can be achieved in various ways but the simplest is via IRSA. Prerequisites In order to assume roles in remote accounts you first need to create an IAM OpenID Connect Identity Provider in the account you wish to provide access to. …
Before IRSA (IAM Roles for Service Accounts) we had a few options for assuming IAM roles within EKS. The easiest was to grant the required pod permissions to the EKS node IAM role. Huge downside here is we cannot follow least privilege practices, everything running on the EKS node will be granted these extended permissions. …
In this post we dive into what exactly Kubernetes does and how it can improve how you build, deploy and manage your applications. We dive into the various components and how they can help when running containers. We also explore the various benefits this type of infrastructure can provide compared to traditional software platforms and …
What is GitOps? GitOps is a technique of leveraging Git to manage infrastructure provisioning and software deployments. GitOps uses many of the features of Git to manage and trigger deployments. Pull Requests are used to view changes between deployments, this process allows changes to be fully validated and reviewed. GitOps uses a single Git repository …
Moving on-premise workloads to the cloud can bring tremendous benefits. Cloud environments can be highly available, scalable, and extremely reliable. However, there are some cloud migration risks you need to fully comprehend before you start to think about migrating workloads. We have identified the main risks that organizations face when migrating workloads to the cloud. …
Kubernetes AutoScaling allows us to automatically scale due to a surge in demand without over-provisioning our capacity. This lowers the cost of ownership, we can further lower the operational costs by leveraging additional strategies, such as AWS Spot instances. How you scale your Kubernetes cluster will largely depend on how you are hosting Kubernetes. In …
The Terraform Kubernetes provider is used to create resources within Kubernetes. Once the provider is configured, you can provision and manage Kubernetes resources with Terraform as you would any other service. The main benefit is the simplified management by using the same tool to provision Kubernetes infrastructure and deploy applications. Another nice benefit is that …
The AWS Load Balancer Controller (previously ALB Ingress Controller) natively integrates with AWS Application Load Balancers and Network Load Balancers. This allows you to leverage these resources to route traffic into your Kubernetes cluster. If you’re running Kubernetes on AWS and like the idea of having your ingress controller natively integrated into AWS load balancing …
So, why would you want to leverage Grafana to visualise your kubernetes metrics? Grafana is the world’s most popular way to create dashboards. This enables us to query, visualise, alert on and understand our metrics no matter where they’re stored. Grafana can connect to a plethora of data sources; Prometheus, Graphite, and AWS CloudWatch are …
Kubernetes is directly instrumented with the Prometheus client library. Monitoring Kubernetes with Prometheus makes perfect sense as Prometheus can leverage data from the various Kubernetes components straight out of the box. Prometheus is an open-source cloud native project, targets are discovered via service discovery or static configuration. Prometheus uses PromQL which is a flexible query …
Do you have records in a Private Hosted Zone in Route53? Would you like to resolve those records within your EKS cluster, allowing your pods to resolve internal addresses? Well I have great news, CoreDNS provides a route53 plugin which can enable just that! The CoreDNS Route53 plugin allows records from Route53 to be directly …
Knowing each kubectl commands is great knowledge to have, especially when studying to pass the certification exam. However, when troubleshooting issues directly on the CLI, efficient Kubernetes CLI tools to allow you to achieve things faster and easier isn’t a bad thing. Below is a list of kubernetes cli tools to help install, manage, troubleshoot …
So why might you be considering configuring a Traefik Kubernetes Ingress Controller? Well, Traefik provides a few features straight out of the box which are simply a joy to use. It’s simple to setup and maintain plus it handles the most demanding production environments. Auto service discovery allows newly deployed services to be automatically added …
kubectl allows you to run commands against Kubernetes clusters. You can use kubectl to complete various actions, such as deploy applications, inspect and manage cluster resources, and view logs. When working with large datasets JSON Path can be an invaluable tool on the command line. It allows us to view data in a human readable …
Testing should to be done on all layers of an application. Infrastructure as code shouldn’t be an exception. The benefits of completing testing against our Terraform IaC within our infrastructure pipelines is that we can immediately validate if it’s in a compliant state. These approaches could also enable Test Driven Development (TDD) when writing infrastructure …
IAM requirements differ between project to project. Depending on the complexity, we could create the IAM resources with Terraform in the relevant layer. However, having the IAM resources dynamically create within its own module, or even combining them with their resource counterparts, gives us great power. Combining the IAM instance profile/role within an ASG module …
WordPress is used by over 60 million users, it has powerful features and runs various workloads across the planet. We wanted to run WordPress on ECS as efficiently as possible, this post covers how we attempted that. We’ll also dive into how to customise the example solution to fit your requirements. Why ECS? ECS is …
When leveraging Cloudflare to help protect your site from malicious actors you’ll need to allow Cloudflare to send visitor requests to your origin. This is achieved by allowing Cloudflare IP addresses. This can be done at the time you deploy your infrastructure. However, unless you are deploying frequently the IP list will soon be outdated …
By leveraging the Cloudflare Terraform provider you can manage your Cloudflare resources using the same refined processes and pipelines you already have in place for your cloud infrastructure. Configuration kept in version control reaps various benefits, such as auditable changes and ease of rollback when issues occur. It’s clear to see why when managing vital …
You can protect load balancers from unwanted traffic in various ways. You can achieve this by using feature rich third party products such as Cloudflare & Incapsula. Or depending on the use case, you can also leverage native AWS services. In this post, I’ll be focusing on using ALB with WAF & Cloudfront. I’ll also …
This post showcases the simplicity of leveraging Terraform Workspaces for blue green deployments. Including the benefits this can bring to your projects and how to best structure your project repo when leveraging Jenkins, Terraform & Ansible together. Blue and Green Deployments Blue Green deployments is a deployment strategy that reduces downtime and risk by running …
Auto rotating credentials with secrets manager enables you to follow AWS security best practices. It allows you to rotate your credentials often to a set schedule in a safe and controlled manner. With AWS Secrets Manager, you can either rotate the secret for a single user with a single password or rotate by alternating between …
Running Terraform locally is perfect when creating and testing new functionality in development or testing accounts. However, it’s best not to use this approach for staging and production environments. A Terraform Pipeline gives us predictable, well defined and repeatable actions to take when deploying Terraform infrastructure. In this post we’ll run through the base structure …
Sometimes instantiating a fresh Jenkins instance is perfect for testing various aspects of the CI pipeline. Whether this is to test major changes in a safe and controlled manner completely separate from your existing pipelines or to test new plugins or processes without any risk. By far the quickest and easiest way is to spin …
When managing resources in multiple AWS accounts you need to know how you want to manage your state files. This will determine which approach is viable for managing multiple AWS accounts with Terraform. If you’re happy to have a single state file in a central account containing all resources for all other accounts then life …
