2 min read
While working on Helm charts we might be interested on using a particular element of an array (most likely the first). To achieve this we won't be able to use the regular square brackets approach, instead we will have to use the index function
25/11/2021
Read more...2 min read
On AWS EKS you can associate an IAM role with a Kubernetes service account. The assume role policy is going to look like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::123456789123:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/A3E2AFA46A6F0C9B37B3F4A479A00C20"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.eks.us-west-2.amazonaws.com/id/A3E2AFA46A6F0C9B37B3F4A479A00C20:sub": "system:serviceaccount:demons:demosa"
}
}
}
]
}
Let's take a look on how to create this role using Terraform
24/11/2021
Read more...2 min read
If you use Azure Active Directory to provide SSO login you might be using aws-azure-login to use the normal Azure AD login (including MFA) from the command line to create a federated AWS session, placing the temporary credentials for the AWS CLI and other tools like Terraform to use them
If the tool is failing you might need to use the GUI mode to check what's going on, but if you are using the docker container you will get the following error instead:
$ aws-azure-login --profile prod --mode=gui
Logging in with profile 'prod'...
Using AWS SAML endpoint https://signin.aws.amazon.com/saml
Error: Failed to launch the browser process!
Fontconfig warning: "/etc/fonts/fonts.conf", line 100: unknown element "blank"
[16:16:1122/083057.367058:ERROR:browser_main_loop.cc(1425)] Unable to open X display.
TROUBLESHOOTING: https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md
at onClose (/aws-azure-login/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:194:20)
at ChildProcess.<anonymous> (/aws-azure-login/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:185:79)
at ChildProcess.emit (events.js:387:35)
at ChildProcess.emit (domain.js:470:12)
at Process.ChildProcess._handle.onexit (internal/child_process.js:277:12)
23/11/2021
Read more...1 min read
On the Jenkins configuration files and the credentials.xml we can find some encoded strings, like usernames and passwords. We can use the Jenkins itself to decode them
17/11/2021
Read more...2 min read
Sometimes we might need to add the same content twice on the same Helm chart. A tipical example would be the labels on the Pods that need to match the selectos on the Service. For this when you create a helm chart there are already some default definitions, for example:
{{/*
Common labels
*/}}
{{- define "pet2cattle.labels" -}}
helm.sh/chart: {{ include "pet2cattle.chart" . }}
{{ include "pet2cattle.selectorLabels" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "pet2cattle.selectorLabels" -}}
app.kubernetes.io/name: {{ include "pet2cattle.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
16/11/2021
Read more...