EKS Node Debug Nightmare, How to SSH into EKS Node
Ever been in that situation where the nodes are going into a NotReady state?
Ever been in that situation where the nodes are going into a NotReady state?
In the past, I have leveraged using cosign, rekor for container signing and verification, and since the project is private, there is no way I am using the sigstore publicly hosted record verification store.
I must say you shouldn't bet against open-source software, even when Terraform was still open-source, the ability to have state encryption was not available but was available on their Terraform cloud.
best bet, you are not rotating your password and tokens across your infrastructure and deployment but if the software you use has the passwordless authentication option and it's stable why not go for it?
We try, next year we go again. 鉁岎煆解湆馃徑 E go be.
You have your app deployed on an EC2 instance via nodes on EKS and this app needs to access/interact with files stored in an Amazon S3 bucket.
You've probably gotten to a point where you need to manage multiple clusters using GitOps, knowing that managing the argocd instance itself can be considered tedious or painful, haha, meaning you sure do not want to install new argocd instances on other new Kubernetes clusters.
So you've deployed a few resources on AWS, EC2, and Redis instance, exposed port 6379, and made sure other resources in the VPC have access to the Redis instance and all.
You've tried hardening by default for your resources, that's good, but by mistake, your Redis instance was deployed into the public subnets, which makes the service accessible by any internet user.
Been following the tech communities in Ekiti from 100 Level, passionate about every bit of it, the way I swiftly leave classes to the Tech Hub even made my colleagues nickname me "Techub".
But then there was no clear path, no focus, looking around there were no cyber security communities, so what was I doing? I joined the dev communities, going to every event just to take the swag and yes learning too.
In my past article about signing container images, got some comments which led me to dig into the keyless signing of container images.