Setting up latest Mac instances on AWS

Image for post
Image for post

General

This is another story to test out the latest release of EC2 instances to see how it can be deployed in a managed way. For this purpose I used AWS CLI and Terraform.

Seeing Mac instances in AWS Cloud was a positive surprise, more details can be found in the official announcement. From my perspective I will be using such machine as Gitlab build runners, however, it will take some time to get them nicely implemented on top of the EC2 Mac instances.

Configuration

Image for post
Image for post

Cracking on, I am making use of Ireland region to get this setup configured and I will be deploying Catalina machines :). Big Sur is not supported yet, probably because of M1 chips that Apple released last month but support to be expected in 2021. …


Consideration and configuration details to enable Security groups for pods in Kubernetes cluster

Image for post
Image for post

Overview

In this story I want to focus on a recently released feature called Security Groups for pods.

Pods are the smallest deployable units of computing that you can create and manage in Kubernetes. A pod is a group of one or more containers, with shared storage/network resources, and a specification for how to run the containers. On the other side we have AWS Security groups (SG). A security group acts as a virtual firewall for your instances to control inbound and outbound traffic. In our case, pod is also considered as an instance. Normally, when you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups. …


Image for post
Image for post

General

SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used to add encryption to legacy applications. It can also be used to implement VPNs (Virtual Private Networks) and access intranet services across firewalls.

SSH is a standard for secure remote logins and file transfers over untrusted networks. It also provides a way to secure the data traffic of any given application using port forwarding, basically tunneling any TCP/IP port over SSH. This means that the application data traffic is directed to flow inside an encrypted SSH connection so that it cannot be eavesdropped or intercepted while it is in transit. …


Process and considerations while upgrading EKS control-plane to version 1.18

Image for post
Image for post

Overview

AWS recently released support for Amazon Kubernetes Service 1.18. With this release there are some new features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS.

If you are looking at upgrading EKS from 1.15 to 1.16 then check out my previous story. And for upgrades from 1.16 to 1.17 check out this story.

Kubernetes 1.18 features

  • Topology Manager has reached beta status. This feature allows the CPU and Device Manager to coordinate resource allocation decisions, optimising for low latency with machine learning and analytics workloads. For more information, see Control Topology Management Policies on a node in the Kubernetes documentation. …


Process and considerations while upgrading EKS control-plane to version 1.17

Image for post
Image for post

Overview

AWS recently released support for Amazon Kubernetes Service 1.17. With this release there are some great features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS.

If you are looking at upgrading EKS from 1.15 to 1.16 then check out my previous story.

Kubernetes 1.17 features


Find out how to configure GitLab Runners efficiently and trouble free on Amazon EKS following GitOps strategy.

Image for post
Image for post

Overview

Custom Gitlab Runners in AWS is probably the best feature of Gitlab, especially when you have a managed cloud GitLab server. I don’t believe such functionality is offered by any other known provider such as CircleCI, TravisCI, TeamCity or disgusting Jenkins. GitLab Runner is used to run your jobs and send the results back to GitLab. It is used in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab that coordinates the jobs.

I am using Kubernetes platform to spin up all my Gitlab Runners which is proving to be a very efficient and fast way of spinning them up. Previously, Gitlab Runners were running on AWS EC2, this was proving to be very challenging in terms of configuration and was taking long time to get new runners when needed. …


Generate valid SSL certificates using Certbot cli and renewals

Image for post
Image for post

Basics

SSL Certificates are small data files that digitally bind a cryptographic key to an organisation’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Commonly, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites.

Note: As of August 2020 most browsers will no longer display the green padlock and address bar to indicate Extended Validation.

When a certificate is successfully installed on your server, the application protocol (also known as HTTP) will change to HTTPS, where the ‘S’ stands for ‘secure’. …


Process and considerations while upgrading EKS control-plane to version 1.16

Image for post
Image for post

Overview

AWS recently released support for Amazon Kubernetes Service 1.16. With that release there is a significant amount of changes that require to be checked or updated. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS.

Kubernetes 1.16 features

Naturally, Kubernetes is evolving fast and there are new features and bug fixes. Major new features include:


Configuration of AWS Application Load Balancer Authentication with OKTA OIDC. Templating AWS resources using Terraform.

Image for post
Image for post

Introduction

For a while AWS Application Load Balancers (ALB) had a built-in authentication support. They can securely authenticate users as they access applications, letting developers eliminate the code they have to write to support authentication and offload the responsibility of authentication from the backend.

The following use cases are supported:

  • Authenticate users through an identity provider (IdP) that is OpenID Connect (OIDC) compliant, I use OKTA for that purpose.
  • Authenticate users through well-known social IdPs, such as Amazon, Facebook, or Google, through the user pools supported by Amazon Cognito. …


EKS cluster configured with managed node groups using Terraform

Image for post
Image for post

Overview

In this story I am going to concentrate on the managed worker nodes or managed node groups feature for EKS. It is recently released feature for Amazon’s managed Kubernetes. I am also going to highlight pros and cons of using managed node groups.

Implementation details and terraform snippets can be found in this story in case you decide to make use of them. I am using latest terraform (0.12.19), terraform aws provider (2.45.0).

Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. …

About

Marcin Cuber

Lead Software/Infrastructure/Devops Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store