This article gives a good explanation of installing cert-manager+LetsEncrypt(LE). However it used HTTP verification and I prefer DNS verification because :
So this article is meant to supplement and not duplicate the original article
If you use Rancher you will probably be using RKEv2 on your clusters for your kubernetes distribution.
kube2iam adds AWS IAM integration to your kubernetes.
You can already add IAM permissions via an EC2 Instance Profile (and its attached IAM Role) to you kubernetes roles, but it is open any pod using those permissions.
The Goal is to use Route53 for DNS resolution in an multi-account setup and also with an on-premise infrastructure.
AWS have a good article Simplify DNS management in a multi-account environment with Route 53 Resolver that I have implemented using Terraform in my Lab environment.
The main files in this Lab are :
Dealing securely with secrets in your infrastructure is a difficult task. It is very easy to simply push the problem "further down the road". Hopefully this Gist can provide some insight.
One possible solution is using AWS Secrets Manager (ASM) and Terraform.
We can securely store our secrets in an encrypted file which can then be committed to our source repository. This encryption will use an AWS KMS Key.
Whilst one can use the AWS CLI to encrypt the file, this include the risk of the unencrypted file lingering on the terraform workspace local filesystem. Using the Mozilla Sops tool we can prevent this since it combines the decryption+editing+encryption workflow.
NOTE: This gist is accompanied by my git repository example-of-packer-and-ansible-with-virtualbox. It contains an example of using Packer and Ansible to create a CentOS 7 VirtualBox machine image.
There did not seem to be much information out there on the internet for this so it seemed worthwhile to pass on this knowledge.
Packer from Hashicorp is a tool for creating machine images. It can be used with plugins, called Provisioners, to extend it.
I use the Ansible Provisioner to execute an Ansible playbook to configure the internals of the virtual machine.