First, navigate to the IAM console on your browser, and click “Add provider”, and fill in the form like so:
https://token.actions.githubusercontent.com
sts.amazonaws.com
You now need to create an IAM role for your GitHub pipeline. Create an IAM policy allowing your pipeline to perform the required actions. Ideally, follow the principle of least privilege. Then create an IAM role. AWS makes it easy for you to configure that role to be used by GitHub:
sts.amazonaws.com
Attach the policy you previously created and give the role a good, descriptive name. Note down the role ARN.
Finally, you can configure your GitHub pipeline to use this IAM role. Here is an example of what such a pipeline would look like:
Both GitHub and AWS make it very easy to use this method, so make sure you stop copy/pasting those AWS keys moving forward!
]]>First of all, your Terraform configuration should contain the
following (typically in a file named providers.tf
):
Next, you will need to create a GitLab personal access token with all the scopes included. Save the token because GitLab will only show it to you once.
Now you can run the following steps:
Now running terraform plan
, terraform apply
and terraform state
will be done against the Terraform plan saved in GitLab.
finalizers
, which must be removed
manually to get the PVC to fully terminate.
Here is how to do it. First delete the PVC as usual:
The kubectl
command will say that the PVC has been deleted then it
will hang. Press ctrl-C to terminate the command. If you list the
PVCs, you will see that its status is Terminating
.
Now you need to set the finalizers
to null
. You can kubectl edit
the PVC, or patch it like so:
Finally, do something similar to the PV if you want to get rid of it too.
]]>Here you go:
]]>systemd-resolved
. To do this, here are the steps:
About (1), edit your resolv.conf file and set the DNS servers you want, for example:
The final step (2) is to prevent NetworkManager from overwriting your
resolv.conf file. In order to do that, add the following under the
[main]
section:
Reboot the computer and that should be it (and permanent).
]]>In one terminal, run kubectl proxy
. In another terminal, run the
following:
Edit the JSON file. You should see something like that:
Remove everything in the “finalizers” list. Then run this command:
The namespace should be terminated now.
]]>The root CA certificate is available at pki/ca.crt
. The private key
for myservice
is available at pki/private/myservice.key
. The
certificate for myservice
is available at
pki/issued/myservice.crt
.
Both values should match. If they don’t, that means that the certificate has been generated for another private key and SSL can’t work.
]]>