After working with the popular and still growing container management platform, I’ve had the opportunity to use several different management tools. Here’s my current favorites. OpenLens A GUI and open source K8s management tool. Works well with a small number of clusters (10 clusters can be added/pinned to the “hotbar”). This tool has the ability […]
My answer for complex aws filters with terraform
Hello again friend. It’s the heat of the summer and I’ve been on a rather long engagement helping a client automate the build of EKS servers. One item I was keen to automate was the target subnet where the cluster gets installed and where to place the node group(s). So I turned to the aws_subnets […]
An easier method to deal with AWS Security Groups via Terraform
As I continue my Terraform journey, I am always trying to find better ways to deal with the complexities of the code and the resulting resources built from the code. Security Groups are no execption. I did some web searching and found some code to parse a CSV and create a security group rule set. […]
What I’ve learn working with EKS and Kubernetes RBAC
RBAC or Role-based Access Control, is a key feature of Kubernetes (a.k.a. k8s) that provides access control by roles and role bindings. A role will be defined with a set of api_groups (“” for default, “apps”, “autoscaling”, “batch”, “extensions”, “networking.k8s.io”, “authentication.k8s.io”,”storage.k8s.io”,”certificates.k8s.io), resources (pods, deployments, namespaces, secrets, persistentvolumes, configmaps, nodes), and vebs (create, get, delete, list, […]
Configmap and the AWS EKS Terraform Module
I’m currently on a cool project where we are automating the deployment of EKS clusters with Terraform. The TFE server is configured with an IAM user, that TF user will automatically be added to the aws-auth section of the configmap. We have EKS module code to add our SSO group’s rolearn to the configmap. The […]
I forgot my password!
If you are like me you have a ton of accounts with username/password required to access the service/site. A couple of years ago I started using a password manager (LastPass) and have reset all my accounts with a crazy random/complex password/passphrase. I now only have a single password to remember, the one for my vault. […]
My takeways from Terraform code and Gateway Load Balancer
My first bit of code for my new employer was help to setup a “security VPC” that hosts a pair of Palo-Alto firewalls to inspect traffic from other AWS accounts (AKA “hub and spoke”). This work was based (loosely) on repos found here and here…these repos build a similar environment but within a single AWS […]
Handy PowerShell client-side code for print server migration
The Challenge A client will be decomissioning a Windows print server but will keep the printers and have Windows clients print directly to print devices. How can we automate the setup of the new printer ports and printers?…and as a bonus we’ll get a simple way to mitigate your environment from Printnightmare. The key there […]
How I removed credentials from my terraform code.
I had been using credential files in my terraform projects. Recently I switch to use AWS SSO and providing the profile name in the code. At runtime (plan, apply, etc.) terraform will use the token from the given profile. If AWS returns expired, the command will stop with authentication errors. Simply authenticate by cli via […]
Don’t add account id to your Terraform code
I discovered a handy trick to get the account id of the given profile/account. The key is to use a new data source object and pass it the provider. See the code below. So no need to ever put account ids in terraform code again? I’m good with that. Happy building, D