Microsoft Azure/Entra SSO + AWS EKS + Oauth2-Proxy with Kubernetes-Dashboard

Microsoft Azure/Entra SSO + AWS EKS + Oauth2-Proxy with Kubernetes-Dashboard My goal was to deploy the Kubernetes Dashboard in a managed Kubernetes cluster with AWS EKS. The dashboard is secured via single sign-on via Microsoft Entra in combination with the OAuth2 Proxy and NGINX Ingress controller. In the following I will show the those steps: Microsoft Entra OAuth2 Application with terraform OAuth2 Proxy setup with Microsoft Entra Kubernetes Dashboard configured with authorization header for authenticating users AWS EKS with Entra as OIDC provider because the Kubernetes Dashboard uses the Kubernetes API for authorization Troubleshooting Microsoft Entra OAuth 2....

March 24, 2024

Monitoring: Alertmanager Deadmanswatch

This post describes the setup of a dead man’s switch for Prometheus / Alertmanager in a kubernetes cluster. A primary goal of the monitoring and alerting system is to generate alerts as soon as possible when problems occur, so administrators can react promptly and the impact on users can be limited. But what happens, if the monitoring system itself is impaired? In case of an outage of the kubernetes cluster where Prometheus is installed, it is highly probable that no alerts are generated....

January 10, 2023

EKS - Load Balancer Health Checks

Loadbalancer health checks in EKS Todays post is about setting up load balancer health checks for a Kubernetes Cluster (EKS) within AWS. The setup consists of an Application Load Balancer, an Auto Scaling group and a target group which contains the Kubernetes worker nodes. The diagram shows a overview of the setup we aim for: flowchart TB ALB[Load Balancer]--Redirects traffic to-->ide1 asg[Autoscaling]--Considers ALB Health-Checks-->ALB subgraph ide1 [Target-Group] hs[Health-Check]--Port-30003-->n1 hs[Health-Check]--Port-30003-->n2 n1[EKS-Node-1]-->POD-echo-server-1 n2[EKS-Node-2]-->POD-echo-server-2 end The health checks configured in the target group did not work with the default configuration and reported unhealthy....

December 13, 2022

Alertmanager routing with AlertmanagerConfig

Prometheus - Alertmanager routing with AlertmanagerConfig This post will describe the routing for Alertmanager with the declarative AlertmanagerConfig resource provided by the Prometheus-Operator in Kubernetes. Scenario Our alerts in the Kubernetes cluster are forwarded to Mattermost via the Alertmanager. This is the scenario i will cover in the post: All alerts go to a main Mattermost channel (aws-alerts) Each customer deployment is in a separate Kubernetes namespace Each customer can have multiple modules represented by a Kubernetes deployment for each module....

November 15, 2022