Cert-Manager is a very powerful tool when we talk about managing TLS certificates & issuers and no other tool comes near the Cert-Manager for kubernetes in terms of open source, visibility, documentation, installation option, integration, and many more. Even with the same account or cross-account option, there is a direct integration option provided by cert-manager CRDs. This will lead to ease of setting of certificates and managing those created certificates.
For this session/blog, we are going to use ACME certificates [or Let’s encrypt certificates] using DNS01 challenger.
Before setting up we need to have the clarity of account and their functionality.
ACCOUNT-X — EKS SETUP
ACCOUNT Y — ROUTE 53
NOTE: For the same account, you can use serviceaccount to make a call through OIDC To AWS IAM Role.
There are two basic ways to deploy to Kubernetes: Imperative acts as a command which is active and immediate, whereas declarative is passive, by writing manifest file and using kubectl apply.
The imperative command is the first mode of managing objects, to use CLI for CUD (Create, Update, Delete) objects on Kubernetes cluster without specifying on manifest file ahead of time. They are a blessing for Kubernetes application developers and administrators because they are very easy to remember and handy. According to K8s, it’s like a ‘Swiss Army Knife” of container orchestration and management.
Imperative commands can help in getting tasks done quickly, as well as generating definition file templates easily. It saves a considerable amount of time and prevents human errors.
No matter where organizations are in their cloud journey, cloud cost optimization remains an essential and top-priority concern. As organizations align increasing workloads to the cloud in terms of size there is a high possibility to lose sight of the overall cloud environment and the costs associated with it. Therefore, it’s essential to optimize cloud costs so as to maximise return over investment (ROI). With the same concern we were working towards reducing the cost of provisioned storage for one our clients. This post covers a particularly interesting issue around the same.