AKS PodIdentity – ServicePrincipals for K8s Pods – Part 2 (Implementation)

From Part 1 you should know a bit about what PodIdentity is, and why it's an important addition.  In this Part, we'll set out the basics of adding it, and then using it, with an example. 1. Create your identity This is the identity that you would like your pods to assume.  It's also what … Continue reading AKS PodIdentity – ServicePrincipals for K8s Pods – Part 2 (Implementation)

AKS PodIdentity – ServicePrincipals for K8s Pods – Part 1 (Intro)

I've recently started in the world of Kubernetes (or K8s as you cool kids call it), and for the most part, I've been able to map MOST of the concepts of Instance based deployments in AWS, to Kubernetes configurations in AKS/Azure.  However, we hit an issue when it came to credentials. The Problem When we … Continue reading AKS PodIdentity – ServicePrincipals for K8s Pods – Part 1 (Intro)

From 1000 submissions to 100 slots, the story of the 10%

This year, I've had the enormouse pleasure of working on the agenda committee for the best developer conference in the UK, NDC London.  Obviously I'm slightly biased as I've been going to this conference for the last 4 years, and I love everything about it. Being behind the curtain this year has given me an … Continue reading From 1000 submissions to 100 slots, the story of the 10%

Opinionated Approach to AWS Account Separation

Maintaining multiple accounts in AWS is an utter pain.  If you have effectively separated your accounts for things like Dev/Test, Production that's not too bad, 2 IAM users, with 2FA shouldn't be too difficult.  However, if you throw into that, separating operations infrastructure (build and deployment services, Monitoring, alerting, etc), then think about customer separation, … Continue reading Opinionated Approach to AWS Account Separation

Delegating Subdomain management in Route53

One of the common patterns in AWS setup is to use different "accounts" for different functions in the business.  These account then get "consolidated" when you're charged (the exorbitant) the fees for your services. This presents a problem when you need to have externally accessible services, that live under a single domain. One way around … Continue reading Delegating Subdomain management in Route53