So you’ve followed best practices and configured your container to use a user other than root for its requirements. Nice job. The security experts are convinced this will keep your container, pod, and cluster all more secure. However, sometime in the near future, a completely unforeseen and impossible issue pops
Year: 2023
This worked better than I expected. Converting the DB data to JSON is a one-way action. Well, at least I do not know of a way to convert it back. I did not want to install mongo-tools on the server. So after creating the dump I zipped the files up
Once you have a working ingress in place, you may want to restrict access to it by IP. Fortunately, K8s makes this pretty easy with a simple annotation. Edit the ingress Near the top should be the annotations metadata.annotations Add the following annotation and update it with the desired IPs
I needed this for a scenario where the client could not authenticate to S3 but still needed to be able to download files from the S3. So I created this policy which allows all files to be downloaded but restricts access to the download action (s3:GetObject) by source IP. Since
We have hundreds of clients where I work, and now some of us, finally, get to use Macs. We use mRemoteNG for managing ssh connections on Windows, but we needed a solution for Macs. We needed an easy-to-use solution that allowed us to control who had access where. One of
Create IAM Role (Service Account) and attach the policy Run the following command– Update <clustername> with the correct cluster name– Update <role-name> with the role name (example: app-ebs-csi-role)– Update or remove the <awscli-profile> depending on your configuration Install CSI Driver Add the AWS CSI Driver Repo Update Repos Install
After you’ve installed the AWS CSI Driver into your cluster, you must create a storage class to use the driver. Create a file called ebs-sc.yaml and paste in the following contents. Apply with the following