All about clouds and that devops

kubernetes tools

Kubernetes tools

This list is being updated on regular basis General info https://kubernetesreadme.com/ Comparison API comparison https://kube-api.ninja/ https://learnk8s.io/research https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit#gid=907731238 Hosting kapsule https://www.scaleway.com/en/ free https://cloud.okteto.com/ Secrets External secrets management integration with k8s https://github.com/godaddy/kubernetes-external-secrets Integrate Kubernetes with 1Password https://github.com/1Password/onepassword-operator Kubernetes mutating webhook for secrets-init injection https://github.com/doitintl/kube-secrets-init AWS EKS Secrets store CSI driver https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/ RBAC RBAC practices and tooling https://rbac.dev/ Visualize RBAC https://github.com/team-soteria/rback RBAC Manager is designed to simplify authorization in Kubernetes https://github....

March 16, 2024 · 2 min · Oleksandr Kulbida

K8s Security Best Practices

Keep the cloud provider platform secure Least privilege Secure traffic into cluster Run security test in development environments Mirror environments Cluster authentication & authorization Leverage OIDC for k8s authentication RBAC - define roles In cluster network/security/micro segmentation Prevent namespace-to-namespace communication Network policy Policy & Governance k8s admission controllers Read only Non-privileges ports Runtime security & monitoring...

August 7, 2022 · 1 min · Oleksandr Kulbida

Terraform Best Practices

Collaboration Use remote state and state locking For certain backends like AWS S3, enable versioning to make it easier to recover your state if needed Agree on naming convention Use meaningful tags to easily identify resources: environment, owner, project keys are must You can also add cloud-custdodian for components which are out of terrarfom/IaC tools, which could automatically tag your manually created resources with Owner Creator based on CloudTrail events Don’t reinvent the wheel Use existing shared and community modules....

March 23, 2024 · 2 min · Oleksandr Kulbida

EKS with instance-store nitro-based node-group

Userdata is compatible with the standard AWS EKS Terraform module, with the sole recommendation being the utilization of a custom AMI. In order to use instance-store you also need to install local-static-provisioner - https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner Terraform example: eks-dev-instance-store = { instance_types = ["r6id.large"] min_size = 1 max_size = 3 desired_size = 1 block_device_mappings = {# Root volume xvda = { device_name = "/dev/xvda" ebs = { volume_size = 24 volume_type = "gp3" iops = 3000 encrypted = false delete_on_termination = true } } } ami_id = data....

March 16, 2024 · 2 min · Oleksandr Kulbida

Simple rds access

There are numerous solutions for accessing private RDS instances, many of which require thoughtful design. The solution I use sometimes is straightforward: I deploy it as a Helm chart within a k8s cluster. In this setup, access to the RDS is contingent on having access to the k8s cluster with the appropriate RBAC configurations. While it may not be perfect, it’s secure, quick to implement, and requires minimal maintenance. The following command demonstrates the basic principle:...

December 23, 2023 · 1 min · Oleksandr Kulbida

Resolving Helm issues after kubernetes upgrade

After upgrading Kubernetes (k8s), you might encounter errors such as no matches for kind "Deployment" in version "apps/v1beta1". These errors typically indicate that certain resources have become deprecated. To resolve these issues without the need to delete your Helm chart, you can follow this simple solution: helm plugin install https://github.com/helm/helm-mapkubeapis helm mapkubeapis <releasename> helm upgrade <releasename> It’s important to note that you may still need to update your Helm chart templates, especially if there have been structural changes between versions....

December 23, 2023 · 1 min · Oleksandr Kulbida

EKS expose pods through cross-account Load balancer

Expose Amazon EKS pods through cross-account load balancer https://aws.amazon.com/blogs/containers/expose-amazon-eks-pods-through-cross-account-load-balancer/

December 23, 2023 · 1 min · Oleksandr Kulbida

EKS simplified access

Simplified EKS access https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-eks-controls-iam-cluster-access-management/ https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/ https://github.com/hashicorp/terraform-provider-aws/issues/34982

December 23, 2023 · 1 min · Oleksandr Kulbida

Loki S3 Dynamodb

While using Loki with S3 and Dynamodb it’s mandatory to add provision_config details as default might affect your budget https://grafana.com/docs/loki/latest/configuration/#provision_config [provisioned_write_throughput: <int> | default = 3000] # DynamoDB table default read throughput. # CLI flag: -<prefix>.read-throughput [provisioned_read_throughput: <int> | default = 300]

October 26, 2022 · 1 min · Oleksandr Kulbida

Bigdata comparison within AWS,Azure,GCP

July 21, 2021 · 0 min · Oleksandr Kulbida