DevOps is not a goal, but a never-ending process of continual improvement. If you automate a mess, you get an automated mess. The most powerful tool we have as developers is automation. My linkedin Ratul
By completing this article we'll learn more about CloudFront, S3, IAM. Another article in Medium
CloudFront is a popular web service by Amazon. It speeds up distribution of static and dynamic content to the users. CloudFront rapidly distributes the contents by routing each user request to the edge location that can best serve your content. Typically, this is a CloudFront edge server that provides the fastest delivery to the viewer. You create a CloudFront distribution to tell CloudFront where you want content to be delivered from, and the details about how to track and manage content delivery. Then CloudFront uses computers — edge servers — that are close to your viewers to deliver that content quickly when someone wants to see it or use it.
AWS S3 is an object level storage built to store and retrieve any amount of data from anywhere on the Internet. It’s a simple storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs.
In this post, we’ll see how we can serve the contents of s3 through CloudFront generating a signed URL. By doing this we can secure object endpoint and also get the contents much faster.
Restrict access to objects in CloudFront edge caches
Restrict access to objects in your Amazon S3 bucket
Create CloudFront Keypair. You need to login to your AWS account using root credentials. You cannot do this via an IAM user at the moment.
Go to My Security Credentials then Cloudfront Key Pairs and create your key pair. Make sure you download the private key after creation and note the key ID (which is also in the filename of the downloaded key). You must download the Public(rsa) and Private(pk) key .pem extension and save the Key ID.
Create S3 bucket “aaaaaaaaaaabbbbbb” and upload some files into it.
In cloudfront distribution security, create Origin Access Identity, which is a special CloudFront user, and associate the origin access identity with your distribution. (For web distributions, you associate the origin access identity with origins, so you can secure all or just some of your Amazon S3 content.) You can also create an origin access identity and add it to your distribution when you create the distribution. only the origin access identity has read permission (or read and download permission). When your users access your Amazon S3 objects through CloudFront, the CloudFront origin access identity gets the objects on behalf of your users. If your users request objects directly by using Amazon S3 URLs, they’re denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don’t.
Create CloudFront Distribution for Web.
Hit Create distribution.
After creating the distribution you can see the bucket policy
Generate a signed URL using python sdk for aws. Create a script “boto3_signed_url.py”.
The script :
Run the script:
python boto3_signed_url.py
This will return a signed URL of that .png file. If you paste the url in your browser, you’ll get the image.
By completing this article we'll learn about Docker orchestration- Kubernetes
Create 2 VMs and set the hostname
kube-master
kube-worker
In Master Node
In Worker Node
Update the hosts file in both nodes
Install Docker in both nodes:
Install Kubernetes in both nodes:
Installing Kubeadm, kubelet and kubectl. You will install these packages on all of your machines:
kubeadm: the command to bootstrap the cluster. kubelet: the component that runs on all of the machines in your cluster and does things like starting pods and containers. kubectl: the command line util to talk to your cluster.
In Master Node
Make sure that the cgroup driver used by kubelet is the same as the one used by Docker. Verify that your Docker cgroup driver matches the kubelet config:
Initialize Cluster
The master is the machine where the control plane components run, including etcd (the cluster database) and the API server (which the kubectl CLI communicates with).
To make kubectl work for your non-root user, you might want to run these commands (which is also a part of the kubeadm init output):
Alternatively, if you are the root user, you could run this:
Now, install a pod network add-on so that your pods can communicate with each other. It is a must…
Install metrics-server
Install heapster
If API Aggregator no enabled then follow this
https://kubernetes.io/docs/tasks/access-kubernetes-api/configure-aggregation-layer/
In Minion Node
Joining Worker
–token: kube-master generated token and –discovery-token-ca-cert-hash: also generated by kube-master, output of (kubeadm init)
If you want to remove all configuration from any node: