Nahuel Hernandez

Nahuel Hernandez

Another personal blog about IT, Automation, Cloud, DevOps and Stuff.

Ingress Controller and External DNS with Route53 on EKS

One great way to expose Kubernetes Applications to the world is using Ingress resources. On EKS we can avoid creating one Load Balancer each time we expose an Application. Moreover, K8S Ingress offers a single entry point to the cluster. So we can save money, manage and monitor one Load Balancer and reduce the attack surface of the Cluster. This is great, however, every time we need to expose an application we will need to create and manage DNS records manually. We can set externalDNS by adding a simple annotation to our ingress resources pointing to the DNS record and then it will be created automatically on Route53. In conclusion, using Ingress resources and ExternalDNS allows us to save time, money and improve security.

9-Minute Read

Ingress

Normally when we expose an application on EKS we use a LoadBalancer service to expose the application, the problem with this is every time we create a new LoadBalancer service, AWS will create a new ELB. Ingress controllers on EKS allow us to use one ELB and configure the application access using Kubernetes resources.

Creating a K8S Cluster The AWS Way

I created a lot of Kubernetes clusters using Terraform and Rancher. However, I prefer to use EKSCTL to create and manage K8S Clusters on AWS. EKSCTL is the official CLI for Amazon EKS and simplifies many things. On the other hand, it is pretty easy to upgrade the clusters, integrate with others features as ClusterAutoescaler, or configure secrets with KMS.

9-Minute Read

EKSCTL

EKSCTL it is written in Go and makes use of CloudFormation under the hood. Also, it allows us to specify a manifest to replicate if we want to, and we can add it to our codebase just as almost any other IAC does.

CKS Kubernetes Specialist Security Certification

The Certified Kubernetes Security or CKS is a challenging exam. Performance-based test that requires solving multiple issues from a command line. I studied and passed the 3 Kubernetes Certifications (CKA/CKAD/CKS), and I want to share valuable information to prepare and pass this exam.

41-Minute Read

cks

The Certified Kubernetes Security Specialist or CKs is a hands-on test and consists of a set of performance-based items (15 problems) to be solved using a command line and is expected to take approximately two (2) hours to complete.

Categories

Recent Posts

About

Over 15-year experience in the IT industry. Working in SysOps, DevOps and Architecture roles with mission-critical systems across a wide range of industries. Wide experience with AWS, Terraform, Kubernetes, Containers, CI/CD pipelines, and Linux. Always keeping up with the latest technologies. Passionate about automating the run of the mill. Big focus on problem-solving.