AWS EKS OIDC with Google Workspace

In order to achieve user traceability of admin actions in you Kubernetes cluster, it is a good idea to set up personalized accounts. In the IAM User Traceability in AWS EKS post I was showing the specifics of aws-auth ConfigMap user and role mapping. This post dives into OIDC integration for AWS EKS user management.

Alternatively to aws-auth it is possible to use an OpenID Connect Identity provider with AWS EKS. The diagram below illustrates this approach.

AWS EKS OpenID Connect

Usage of the identity provider offers huge benefits (if the users are configured to have personalised identities):

  • User Traceability
  • Single Sign On

IAM User Traceability in AWS EKS

Today I would like to show how to trace IAM user actions in AWS EKS Clusters, what needs to be configured and what limitations exist. It is a good practice to have Audit log on your admin activities to make sure that no suspicious activities are happening. Audit log helps to investigate issues and write postmortems, and you will most probably need it for certifications like ISO 27001.

AWS IAM to EKS Trace

This post does not cover specific strategies for tracing and monitoring user activity, but rather adresses the setup required to log user actions in a traceable manner.


Setting up GitLab Auto DevOps Lab

GitLab Auto DevOps is a great tool for managing code building and delivery to Kubernetes clusters. It introduces an opinionated way to handle Kubernetes deployments and Environment management. It is used extensively by small and big projects, and the whole concept is designed to be scalable and extensible.

In this tutorial I would like to dive into setting up a working Auto DevOps lab to provide a quick way to get a feeling of the Gitlab Kubernetes CI CD approach.


Infrastructure As A Platform

Sometimes I hear the words “DevOps is the new IT”. I must say that I can relate to this a lot.

In the early days, IT used to be a generic pool of people managing anything about computers, as well as any other electronic stuff. In the modern world a similar generic placeholder exists, and it has the same mission: close any existing gaps in team composition and staffing. The name of this placeholder varies, people call it DevOps, Ops, Infrastructure, Admin and some other.


Essential Components of a CI/CD Pipeline

Today I would like to talk about the topic of Continuous Integration and Continuous Delivery Pipelines. These have become a standard even for one-man teams for many reasons. Lets take a look at their anatomy, the truth is, you already have a pipeline if you develop software, even though it may be completely manual. As soon as we define CI/CD components, one can start to see them in their own processes, and also start to automate parts of it.