#kubernetes

Cross account access to S3 using IRSA in EKS with Terraform as IaaC

We have many options to get cross-account access to resources, but when talking about the Kubernetes cluster, things can get a little bit tricky! So, in this blog, I'll share a solution to do it in the safest way using the principle of least privilege. A typical scenario is to have two accounts, Account A, with an EKS cluster and Account B with an S3 bucket (example_bucket) that needs to be accessed by a pod from account A. We have many options for this: We can create a bucke

Why are organizations moving towards containerization?

As a company's operations grow, so does its IT system. Any change can present a challenge because new features are added and scaled. Containerization has evolved over the years and has allowed companies to grow while maintaining an efficient organization. Just as a businessman revolutionized the shipping industry more than 60 years ago by using containers the size of a trailer to transport merchandise; Today's container technology is changing how companies deploy and use appl

Terraform workspaces, direnv, dotenv, and mental sanity

Once you have all your environments working with Direnv, Advanced Direnv for Devops, if you are working with Terraform namespaces there is another improvement you can make to automate further. We use another directive from direnv called watch_file, which reloads the environment each time a particular file is changed. We can point this directive to the .terraform/workspace file, which holds the currently selected workspace in Terraform. The following code in the .envrc file im

Advanced Direnv for Devops

Now you are using Direnv to manage your workspaces (see THIS), but you stumble upon a difficulty, maybe motivated (like me) by Terraform workspaces. You have a single codebase for a project, but this codebase needs to be deployed to different environments. Now, we can no longer have a .envrc file in the project's folder, because the environment should be different depending on where we want to deploy. So, how do we solve this? Direnv to the rescue, again. Using .env's Direnv

Direnv for Devops

For DevOps engineers, working in many different projects and different clouds is a reality of life. We have developed many tools to help us to manage and switch among the different contexts and projects, each one with its ups and downs. Today we explore the one that, IMHO, is the best of them all: direnv. How it works Direnv has a very simple premise: each time you cd into a directory with a .envrc file, a new environment is started for that particular directory using the env

Build Docker containers on Kubernetes with Jenkins and Kaniko

This writeup documents the current best way to build Docker containers within transient Jenkins agents inside a Kubernetes cluster. This setup has unique features and unique caveats you need to consider, and intend to save you, dear reader, the time I invested trying different solutions. Setup These are the components used in this setup. You can replace the K8S provider and the solution and considerations will hold. You can also change the destination registry for your images

Pending Pods: Limits in EKS

It is annoying to finally deploy our application in an EKS cluster to get the eternal “pending” state of our pods. There are several reasons that might get a pod in a pending state; most of them are related to computing resource limits, but some others are related to IP address limits in our worker nodes. However, reaching this kind of limit is an easy problem to solve. You can find the right type of instance for your Kubernetes workloads by checking this handy document provi

INTERNAL WORKSHOP: KUBERNETES

"It would be good to give an internal workshop on all this that Kubernetes has been working on" Me! a junior! To give a workshop, I couldn’t believe it. I have colleagues with a lot of career and experience. Yes, Kubernetes and Fluxcd, GitOps, something basic to explain how it works and how it is composed, package it with Helm, and finally deployment automation using flux. Yes, me. At the age of 27, I have acquired teaching experience by teaching music, since I was 19 more or