In order to achieve user traceability of admin actions in you Kubernetes cluster, it is a good idea to set up personalized accounts.
In the IAM User Traceability in AWS EKS post I was showing the specifics of aws-auth ConfigMap user and role mapping.
This post dives into OIDC integration for AWS EKS user management.
Alternatively to aws-auth it is possible to use an OpenID Connect Identity provider with AWS EKS. The diagram below illustrates this approach.
Usage of the identity provider offers huge benefits (if the users are configured to have personalised identities):
- User Traceability
- Single Sign On
Today I would like to show how to trace IAM user actions in AWS EKS Clusters, what needs to be
configured and what limitations exist. It is a good practice to have Audit log on your admin
activities to make sure that no suspicious activities are happening. Audit log helps to investigate
issues and write postmortems, and you will most probably need it for certifications like ISO 27001.
This post does not cover specific strategies for tracing and monitoring user activity, but rather
adresses the setup required to log user actions in a traceable manner.
GitLab Auto DevOps is a great tool for managing code building and delivery to Kubernetes clusters.
It introduces an opinionated way to handle Kubernetes deployments and Environment management. It is
used extensively by small and big projects, and the whole concept is designed to be scalable and
In this tutorial I would like to dive into setting up a working Auto DevOps lab to provide a quick
way to get a feeling of the Gitlab Kubernetes CI CD approach.
Sometimes I hear the words “DevOps is the new IT”. I must say that I can relate to this a lot.
In the early days, IT used to be a generic pool of people managing anything about computers, as well
as any other electronic stuff. In the modern world a similar generic placeholder exists, and it has
the same mission: close any existing gaps in team composition and staffing. The name of this
placeholder varies, people call it DevOps, Ops, Infrastructure, Admin and some other.
Today I would like to talk about the topic of Continuous Integration and Continuous Delivery
Pipelines. These have become a standard even for one-man teams for many reasons. Lets take a look
at their anatomy, the truth is, you already have a pipeline if you develop software, even though it
may be completely manual. As soon as we define CI/CD components, one can start to see them in their
own processes, and also start to automate parts of it.