Share this page!

Michael Levan πŸ‘¨πŸ»β€πŸ’»β˜•οΈ Profile picture
Twitter logo
Nov 23 β€’ 7 tweets β€’ 2 min read
Role Based Access Control (RBAC) is arguably one of the biggest headaches for engineers in a Kubernetes cluster.

However, there are certain ways to make it far easier.

A thread 🧡
Before jumping into that, let's talk about RBAC.

When you're trying to access a Kubernetes cluster and perform an action, it takes two roles:

- Authentication
- Authorization
Authentication gets you into the cluster. Authorization allows you to perform a certain action in a cluster.
For example, with proper authentication, you can use `kubectl` commands on a Kubernetes cluster, but you may not have permission to actually do anything like list or create Pods. Therefore, you'll need authorization permission.
OpenID Connect (OIDC), which is an authentication standard, is utilized by a ton of different tools to make this process easier.

Azure Active Directory is a great source and can even be used outside of Azure.
It can be used for both the authentication piece and the authorization piece to ensure that production environments have the proper security from a user, group, and service account perspective.
Check out how to get Azure Active Directory up and running with Azure Kubernetes Service at the link below.

dev.to/thenjdevopsguy…

#kubernetes #azure #devops

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Michael Levan πŸ‘¨πŸ»β€πŸ’»β˜•οΈ

Michael Levan πŸ‘¨πŸ»β€πŸ’»β˜•οΈ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @TheNJDevOpsGuy

Michael Levan πŸ‘¨πŸ»β€πŸ’»β˜•οΈ Profile picture
Dec 1
If you have an EKS cluster, that EKS cluster will have an IAM Role associated with it.

Ensure that the Role has all permissions needed.

For example, if you need to create Volumes for k8s, it'll need the following Policy Attachment.

How did I find this out?

#kubernetes #AWS Image
First, I tried to create a PVC and noticed that it was in a Pending state Image
Next, I described the PVC to see what was going on and I saw this.

`kubectl describe pvc name_of_pvc -n namespace_name` Image
Read 7 tweets
Michael Levan πŸ‘¨πŸ»β€πŸ’»β˜•οΈ Profile picture
Dec 1
So... what is Kubernetes?

As Kubernetes continues to gain popularity, engineers have to know how Kubernetes works, and why it might make sense in their environment.

A thread 🧡
Here are a few questions that you should ask yourself

- What benefits does Kubernetes bring to environments?
- What do technologies like containerization do for organizations?
- Does Kubernetes actually help teams?
In this blog post, I’ll provide some basic background on containers and Kubernetes.

Also, some suggestions for how to think about Kubernetes for infrastructure pros.
Read 4 tweets
Michael Levan πŸ‘¨πŸ»β€πŸ’»β˜•οΈ Profile picture
Nov 30
Are you using Ingress Controllers in your Kubernetes environment?

If not, let's break down what they are.

A thread 🧡
At a high level, Ingress Controllers are:
- Specify multiple paths
- Specify multiple services

All in one load balancer.

Let's break it down.
ingress Controllers are just like any other Controller in a Kubernetes environment. They confirm that the current state is the desired state for the deployment.
Read 7 tweets
Michael Levan πŸ‘¨πŸ»β€πŸ’»β˜•οΈ Profile picture
Oct 11
Are you thinking about taking the Certified Kubernetes Administrator (CKA) exam?

A thread 🧡

#kubernetes #devops #docker
If so, ensure that you're comfortable in the following domains:
- Kubernetes storage
- Troubleshooting system components (control planes and worker nodes)
- Pod and other workload scheduling (including high availability)

(cont)
- Cluster architecture (building out clusters using Kubeadm)
- All of the control plane and worker node components (Etcd, Controller, Scheduler, etc.)
- RBAC
- Cluster security
- Kubernetes services and networking
Read 10 tweets
Michael Levan πŸ‘¨πŸ»β€πŸ’»β˜•οΈ Profile picture
Oct 10
Are you using GitOps today in your Kubernetes cluster?

If not, let me show you how to get a GitOps operator up and running in under EIGHT minutes.

a thread 🧡
Using Flux (a popular GitOps operator), you can:
- Install the controller on a Kubernetes cluster
- Connect to a GitHub org
- Point to a source control repo
- Deploy an app
- Have it managed by GitOps
in less time than you probably think.

If you're not familiar with GitOps, here's a quick breakdown.
Read 6 tweets
Michael Levan πŸ‘¨πŸ»β€πŸ’»β˜•οΈ Profile picture
Sep 6
If you want to be successful in the cloud-native world, here's what you need to know:

- Cloud and virtualization
- Operating systems and networking
- CICD
- Coding
- Security
- Application development workflows
- Architecture

A thread 🧡
- Troubleshooting
- Containers and orchestration (Kubernetes or another orchestration system)
- Observability/monitoring
Yeah, it's a long list... let's break it down.
Read 15 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(