Sharing my experiences and knowledge around Terraform, Terraform Cloud and Terraform Registry while working with AWS deployments into Ireland, North Virginia and China.

Introduction

A little bit about me first, I am a Lead DevOps Engineer specialising in Cloud Native solutions. I primarily work with Kubernetes, however I am not against using solutions such as AWS ECS or AWS Fargate. I am a big fan of solutions offered by AWS cloud provider and I am also a certified solutions architect.

This story will focus on my experience around Terraform, Terraform Cloud and Terraform Registry, and well it works with AWS deployments…


Process and considerations while upgrading EKS control-plane to version 1.19

Overview

AWS recently released support for Amazon Kubernetes Service 1.19. With this release there are some new features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS. I have to say, that those EKS upgrades are becoming nice and smooth which is amazing.

If you are looking at

  • upgrading EKS from 1.15 to 1.16 then check out story
  • upgrading EKS from 1.16 to 1.17 …


Story details how to run kube-bench job against EKS cluster

Overview

Kube-bench is an open source project written in Go. This application checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. Entire project is available in github. Tests which are executed are configured with YAML files, and this makes kube-bench easy to update as test specifications evolve.

Security should be a a critical component of configuring and maintaining Kubernetes clusters and applications in any company. …


Setting up latest Mac instances on AWS

General

This is another story to test out the latest release of EC2 instances to see how it can be deployed in a managed way. For this purpose I used AWS CLI and Terraform.

Seeing Mac instances in AWS Cloud was a positive surprise, more details can be found in the official announcement. From my perspective I will be using such machine as Gitlab build runners, however, it will take some time to get them nicely implemented on top of the EC2 Mac instances.

Configuration


Consideration and configuration details to enable Security groups for pods in Kubernetes cluster

Overview

In this story I want to focus on a recently released feature called Security Groups for pods.

Pods are the smallest deployable units of computing that you can create and manage in Kubernetes. A pod is a group of one or more containers, with shared storage/network resources, and a specification for how to run the containers. On the other side we have AWS Security groups (SG). A security group acts as a virtual firewall for your instances to control inbound and outbound traffic. In our case, pod…


General

SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used to add encryption to legacy applications. It can also be used to implement VPNs (Virtual Private Networks) and access intranet services across firewalls.

SSH is a standard for secure remote logins and file transfers over untrusted networks. It also provides a way to secure the data traffic of any given application using port forwarding, basically tunneling any TCP/IP port over SSH. This means that the application data traffic is directed to flow inside an encrypted SSH connection so that it cannot…


Process and considerations while upgrading EKS control-plane to version 1.18

Overview

AWS recently released support for Amazon Kubernetes Service 1.18. With this release there are some new features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS.

If you are looking at upgrading EKS from 1.15 to 1.16 then check out my previous story. And for upgrades from 1.16 to 1.17 check out this story.

Kubernetes 1.18 features

  • Topology Manager has reached beta status. This feature allows the CPU…


Process and considerations while upgrading EKS control-plane to version 1.17

Overview

AWS recently released support for Amazon Kubernetes Service 1.17. With this release there are some great features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS.

If you are looking at upgrading EKS from 1.15 to 1.16 then check out my previous story.

Kubernetes 1.17 features

  • Cloud Provider Labels have reached general availability. If you are using the beta labels in your pod specs for features such as…


Find out how to configure GitLab Runners efficiently and trouble free on Amazon EKS following GitOps strategy.

Overview

Custom Gitlab Runners in AWS is probably the best feature of Gitlab, especially when you have a managed cloud GitLab server. I don’t believe such functionality is offered by any other known provider such as CircleCI, TravisCI, TeamCity or disgusting Jenkins. GitLab Runner is used to run your jobs and send the results back to GitLab. It is used in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab that coordinates the jobs.

I am using Kubernetes platform to spin…


Generate valid SSL certificates using Certbot cli and renewals

Basics

SSL Certificates are small data files that digitally bind a cryptographic key to an organisation’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Commonly, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites.

Note: As of August 2020 most browsers will no longer display the green padlock and address bar to indicate Extended Validation.

When a…

Marcin Cuber

Lead Software/Infrastructure/Devops Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store