The answer was taken from gitmemory In order to encrypt an already created EBS Volume, you need to take a snapshot of it. Then, from the created snapshot, create a disk in the same region as the original one, and also specify the KMS key for encryption. Then we save the manifest of the current …
Continue reading " EKS – Encrypt current PV (EBS Volume)"
At the time of writing, EKS Fargate does not support a driver log for recording to CloudWatch. The only option is to use Sidecar Let’s create a ConfigMap, in which we indicate the name of the EKS cluster, region and namespace: Next, let’s create a service account and a ConfigMap with a configuration file …
Continue reading "AWS – EKS Fargate – Fluentd CloudWatch"
Goal: There are 2 namespaces, they are "kube-system" and "default". It is necessary to run a cron task in the "kube-system" namespace, which will clear the executed jobs and pods in the "default" space. To do this, create a service account in the "kube-system" namespace, a role with the necessary rights in the …
Continue reading "Kubernetes – One role for multiple namespaces"
An example of how you can create entities in Kubernetes using AWS Lambda. The function will be in Python3, so we will use Kubernetes Python Client More usage examples can be found here. Since AWS Lambda does not support this package, we will pack the "kubernetes" and "boto3" modules in our function. "boto3" is needed …
Continue reading "AWS – Lambda: kubectl"
To store and switch between Kubernetes configurations, you can use the Kubernetes CLI plugin, to work with it, "kubectl" must be installed in the system Install the plugin Go to "Manage Jenkins" Section "Manage Plugins" Go to the "Available" tab and in the search indicate "Kubernetes CLI" Install it. Add Kubernetes …
Continue reading "Jenkins – Kubeconfig"
An example of a pipeline for working with the plugin for kubernetis. We build the maven project, create a docker image with the received artifact and push it into the docker image storage. Pipeline: Dockerfile – already created in the pipeline itself. envVar – taken from the secret of kubernetes
To save all manifests, create a BASH script: With the following contents: Add the execution bit and run it: After executing in the current directory in the folder "k8s-manifests" will be saved all manifests ordered by namespaces and types.
GCP will be the DNS provider. YOUR_GCP_PROJECT – Replace with the name of your GCP project Create an account: We give him access to the DNS service: We generate the key: Create a secret based on the generated key: Create 2 YAML files for ClusterIssuer. letsencrypt-staging.yml …
Continue reading "GKE – Issuer DNS01"
Installation instructions can be found here. Run: If there is no namespace, then create it. Add the HELM repository and update: Install Cert Manager using HELM:
Installation instructions can be found here. Install HELM locally: Installing Tiller with RBAC enabled Начиная с Kubernetes v1.8+, RBAC включен по умолчанию. Checking: Create Nginx Ingress Controller: If the following error occurs: Error: release nginx-ingress failed: namespaces "default" is forbidden: User "system:serviceaccount:kube-system:default" cannot get resource "namespaces" in API …
Continue reading "GKE – Nginx Ingress Installation Using HELM"