Setting up access to a private repository in ArgoCD with SSM Parameter Store and External Secrets Operator Nov 26 2022

ArgoCD’s documentation is quite good. I just feel there is one key question that is often left unanswered. How do I get my private SSH key into ArgoCD in a declarative way that doesn’t require hard coding the key into a secret YAML file?

In this post, we are going to use the External Secrets Operator (ESO) to get the private SSH key from AWS SSM Parameter Store and inject it into ArgoCD using a Kubernetes Secret.

Using IAM Roles for Kubernetes service accounts in AWS EKS using Terraform Nov 19 2022

Part of the design principles of the security pillar in the AWS Well architected framework is “Implement a strong identity foundation”, that is:

“Implement the principle of least privilege and enforce separation of duties with appropriate authorization for each interaction with your AWS resources. Centralize identity management, and aim to eliminate reliance on long-term static credentials.”

Well Architected Framework - Security Pillar - Design principles

When we start using Kubernetes in AWS EKS, we might take some shortcuts during the learning phase and add all the policies to a role that we directly assign to our nodes. The issue is that we give much more privileges than we require just for practicality. And it can also become a habit. The way we learn something sometimes becomes our default pattern. So let’s break that habit and explore how to set IAM Roles to Kubernetes service accounts in AWS EKS.

Setting up an EKS Kubernetes cluster for learning Nov 12 2022

The fastest way to learn something is through practice. Most of my work is on AWS, so running a local Kubernetes cluster is not the best option. I want to test Kubernetes integration with other AWS services. To run experiments, I create a cluster using eksctl, run my tests and then destroy it.

In this post, I will assume that you already have an AWS account and have installed the aws cli, eksctl and kubectl on your machine.

Newsletter #35 - A better way of setting up and managing user ssh keys in AWS EC2 instances Nov 5 2022

Hello, and welcome to issue #35!

Have you been paying attention to all the AI craziness going on out there? It surprised me how fast the Stable Diffusion project is progressing. If you have not been following the craze, let me summarise. Stable diffusion is an AI model, open source that converts text to image. You give it a text prompt, and it generates an image. It is crazy. Play with it when you get a chance, or at least read the Stable Diffusion Public Release.

Setting up a Kubernetes Cluster in Amazon EKS using Terraform Nov 5 2022

If you check the AWS documentation, they use eksctl to create the EKS cluster. eksctl uses CloudFormation, and even if in the end, I could fetch the template, it feels like eksctl is an imperative way of creating an EKS Cluster. I prefer to keep track of all of my infrastructure as code, and using eksctl leaves an essential part of the infrastructure out of the codebase, the cluster itself.

I’ll describe how to create a Kubernetes cluster in Amazon EKS using Terraform in this article.

A better way of setting up and managing user ssh keys in AWS EC2 instances Oct 29 2022

I’ve been using AWS EC2 instances for a while now, and I’ve always struggled to find a clean way to manage the users and ssh keys for the instances. I’ve tried a few different approaches and settled on one that I think is the best so far.

In this article, I’ll create a regular EC2 instance as an example. But you can use the same approach to set up users and ssh keys or run other commands on any other type of EC2 instance (e.g. Bastion hosts, EKS nodes, ECS nodes, etcetera). The key is using cloud-init.

How to set up a new Terraform project using S3 backend and DynamoDB locking Oct 8 2022

Sometimes it feels easier to work on complex and challenging tasks with our tools. We forget how to do the simple initial steps for a project. The reason for this is that we lack practice starting projects. If you work for a company, you’ll probably set up your Infrastructure as Code (IaC) once and then iterate for it. Unless you work on a consultancy or start projects just for fun, you might forget the initial steps to set up a project.

Newsletter #34 - Subnets Jun 28 2021

Hello, and welcome to issue #34!

I haven’t been able to write much lately, but I’m still around. I’ve continued learning and exploring different technologies. In the last few months, I’ve spent some time doing DevOps work in AWS, helping write some Python Azure functions and even some Apex development. As you can tell, all over the place. But most of all, surviving the rainy season in Central America.

As part of my work, I had to design a client’s network. And because I love doing networking stuff, and I wanted to refresh my knowledge of subnetting. I ended up creating a subnetting Calculator. You can find it here:

How to manage multiple AWS accounts for the AWS CLI on the same computer Mar 6 2021

Lately, I’ve had to work with multiple AWS accounts, and some of them are ephemeral. I don’t want to have them bloating my ~/.aws/credentials file. In this short post, I’ll show you how to manage multiple AWS accounts using the tool direnv.

Before getting to using direnv, let’s cover some basic concepts, so we all start from the same base.

AWS CLI tool

In normal circumstances, we use the following command to configure our AWS CLI:

Notes on how to upgrade a legacy Ruby application Feb 21 2021

Upgrading any legacy application is a headache. You are trying to pay a technical debt of years in a couple of weeks or months. It isn’t easy, but it is also the best time to get things right for the next time you need to do an upgrade. In this short post, you’ll find some of my notes on upgrading a legacy Ruby application.

Let’s start with a step that sometimes we ignore, but it’s the most important, taking good notes.