aws-secret-sidecar-injector
eksctl
aws-secret-sidecar-injector | eksctl | |
---|---|---|
2 | 59 | |
132 | 4,821 | |
- | 0.8% | |
3.1 | 9.5 | |
almost 2 years ago | 2 days ago | |
Go | Go | |
MIT No Attribution | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
aws-secret-sidecar-injector
- How can you add secrets to a dockerfile/image from AWS (Secret Manager)
-
EKS pods using IRSA (IAM auth per pod) to access AWS Secrets WITHOUT creating K8s secret?
There is a PoC of an AWS sidecar injector that imports a secret into a ramdisk as an init step and injects the secrets into the pod when launched, but it's clearly a PoC, and only supports a single secret, not to mention not being enterprise ready.
eksctl
-
Auto-scaling DynamoDB Streams applications on Kubernetes
There are a variety of ways in which you can create an Amazon EKS cluster. I prefer using eksctl CLI because of the convenience it offers. Creating an an EKS cluster using eksctl, can be as easy as this:
-
How to migrate Apache Solr from the existing cluster to Amazon EKS
There are many ways to create a cluster such as using eksctl. In my case, I will use terraform module cause itβs easy to reuse and comprehend.
-
Ultimate EKS Baseline Cluster: Part 1 - Provision EKS
eksctl [eksctl] is the tool that can provision EKS cluster as well as supporting VPC network infrastructure.
-
[AWS] EKS vs Self managed HA k3s running on 1x2 ec2 machines, for medium production workload
For this and many other reasons I recommend doing everything in Terraform EXCEPT EKS and its node groups. For that, I use https://eksctl.io/ because it much better manages the lifecycle of EKS and your node groups. I have an blog article better explaining why I recommend it, and another blog article explaining how to do zero-downtime upgrades with EKSCTL.
-
Automating Kong API Gateway deployment with Flux
eksctl
- Export a docker container to a VPC in AWS and exposing it publicly through a loadbalancer
-
Anybody using spot instances for worker nodes?
Second, make sure you create a spot instance group that attempts to launch MULTIPLE different instance types. This way if one instance type gets flushed, your autoscaler will kick in and launch a different type. Without this, you WILL HAVE DOWNTIME if a sudden price hike and flush occurs. If you're using eksctl I have example configurations that use multi-instance types on Github here.
-
Use AWS Controllers for Kubernetes to deploy a Serverless data processing solution with SQS, Lambda and DynamoDB
There are a variety of ways in which you can create an Amazon EKS cluster. I prefer using eksctl CLI because of the convenience it offers. Creating an an EKS cluster using eksctl, can be as easy as this:
-
strategy to upgrade eks cluster
I've written an article on this, with my recommended tool for managing eks EKSCTL.
-
Bootstrapping Kubernetes Cluster with CloudFormation
--- AWSTemplateFormatVersion: '2010-09-09' Parameters: VpcId: Type: AWS::EC2::VPC::Id Description: ID of the VPC in which to create the Kubernetes cluster SubnetIds: Type: List Description: List of Subnet IDs in which to create the Kubernetes cluster KeyPairName: Type: AWS::EC2::KeyPair::KeyName Description: Name of the EC2 Key Pair to use for SSH access to worker nodes ClusterName: Type: String Description: Name of the Kubernetes cluster to create Resources: ControlPlaneSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref VpcId GroupDescription: Allow inbound traffic to the Kubernetes control plane SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 WorkerNodeSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref VpcId GroupDescription: Allow inbound traffic to Kubernetes worker nodes SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 ControlPlaneInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Roles: - !Ref ControlPlaneRole ControlPlaneRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonEKSClusterPolicy - arn:aws:iam::aws:policy/AmazonEKSServicePolicy ControlPlaneInstance: Type: AWS::EC2::Instance Properties: ImageId: ami-0b69ea66ff7391e80 InstanceType: t2.micro KeyName: !Ref KeyPairName NetworkInterfaces: - DeviceIndex: 0 AssociatePublicIpAddress: true GroupSet: - !Ref ControlPlaneSecurityGroup SubnetId: !Select [0, !Ref SubnetIds] IamInstanceProfile: !Ref ControlPlaneInstanceProfile UserData: Fn::Base64: !Sub | #!/bin/bash echo 'net.bridge.bridge-nf-call-iptables=1' | tee -a /etc/sysctl.conf sysctl -p yum update -y amazon-linux-extras install docker -y service docker start usermod -a -G docker ec2-user curl -o /usr/local/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/linux/amd64/kubectl chmod +x /usr/local/bin/kubectl echo 'export PATH=$PATH:/usr/local/bin' >> /etc/bashrc curl --silent --location "https://github.com/weaveworks/eksctl/releases
What are some alternatives?
chamber - CLI for managing secrets
terraform-aws-eks - Terraform module to create AWS Elastic Kubernetes (EKS) resources πΊπ¦
kops - Kubernetes Operations (kOps) - Production Grade k8s Installation, Upgrades and Management
argo-cd - Declarative Continuous Deployment for Kubernetes
terraform-aws-eks-blueprints - Configure and deploy complete EKS clusters.
cluster-api - Home for Cluster API, a subproject of sig-cluster-lifecycle
eks-anywhere - Run Amazon EKS on your own infrastructure π
Universal-Kubernetes-Helm-Charts - Some universal helm charts used for deploying services onto Kubernetes. All-in-one best-practices
HomeBrew - πΊ The missing package manager for macOS (or Linux)
bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
lazygit - simple terminal UI for git commands