Container Management Platform (CMP) — Cloud Posse Developer Hub

Forum Community Slack Our GitHub FAQ Support Contact Us
Home Glossary Container Management Platform (CMP)

Design Decisions Record Architecture Decisions Strategy for Infrastructure Integration Testing Announcements AWS Assumed Roles Repo Deprecated New Major Release of Geodesic Terraform Module to Manage IAM for Kops External DNS AWS Infrastructure AWS IAM Assuming Roles AWS IAM Authorization AWS IAM Best Practices AWS Organizations AWS Organizations Best Practices AWS Well-Architected Framework Route53 Route 53 Best Practices Contributors Andriy Knysh Erik Osterman Igor Rodionov DevOps Methodology Roles & Responsibilities Root Cause Analysis (Postmortem) Postmortem Example Postmortem Template Software Lifecycle Backing Services Deployable Applications Infrastructure as Code Language Libraries & Frameworks Development 12 Factor Pattern Code of Conduct Development Best Practices Editor Config GitHub Feature Branches GitHub Best Practices Pull Requests Markdown Markdown Best Practices Password Management Semantic Versioning Workstation Best Practices Documentation Ask a Question Contact Us Getting Started with Cloud Posse Our GitHub FAQs Are there any risks/downsides to deploying Atlantis? Are we able to configure our backend server logs to forward to S3? Can this infrastructure autoscale at the node (VM) level? Can we make the infrastructure simpler with fewer tools to master and points of failure? Can we push Docker images to Amazon ECR for faster pulls? Can we see host machine configuration for kops? Do you have any experience deploying Teleport with OIDC? Do you recommend starting with a fresh root account? How are AWS resources provisioned? How are PR environments cleaned up? How are we deploying Terraform? How can we implement multiple Kubernetes worker pools with kops? How can we swap out machine images? How do we SSH into a kops Kubernetes cluster? How do we achieve Kubernetes upgrades with zero downtime? How do we achieve app updates with zero downtime? How do we audit SSH usage? How do we control SSH access? How do we expect to accomplish service discovery? How do we perform rollbacks? How do we rotate the master SSH keys on a Kubernetes cluster provisioned with kops? How do we ship Kubernetes cluster metrics and logs to Datadog? How does Cloudflare integration work? How does SSM differ from Parameter Store? How is DNS managed for short-lived environments? How should we monitor our applications running under Kubernetes? How will fluentd be rolled out? Is it possible to only use some parts of the Cloud Posse solution? (For example, only leverage automated deployments) Is the NGINX Ingress Controller needed for internal routing? Running terraform apply on iam module errors with: The security token included in the request is invalid status code: 403 Should prod ↔ staging communication be disallowed? Should we operate a separate data environment with special access to production resources? What are the reasons for using Helm over some alternatives? What changes should be made to engineers’ workstation configurations? What is a pre-production environment? What is the DNS resolution time like when using external-dns? What’s the relationship between kube-dns and coredns? Where should we host shared resources? Which of your methods/approaches are not subject to change? What can we change? Why introduce Keybase? Why use kops instead of kubeadm? Geodesic Geodesic Design Geodesic Module Quick start Geodesic Module Usage Using Geodesic with Terraform Using Geodesic with Kops Kops Administration Kops Manifest Resize Kops Clusters SSHing to Cluster Updating Kops Cluster Upgrading Kops Clusters S3 Filesystem Glossary 12-Factor AWS Amazon Certificate Manager (ACM) Amazon Machine Image (AMI) Amazon Systems Manager (SSM) Anti-Pattern Availability Zone (AZ) Bastion Best Practices BeyondCorp Build Harness Business Logic CLI Chamber Change Management Chart Registry Cloud Posse, LLC CloudFront CloudTrail CloudWatch CloudWatch Logs Code Review (CR) CodeBuild CodeDeploy CodePipeline Codefresh Container Management Platform (CMP) Continuous Delivery (CD) Continuous Integration (CI) Continuous Integration / Continuous Delivery (CI/CD) Create, Read, Update, Delete (CRUD) Declarative Declaration Docker Compose Docker Image Docker Registry Dockerfile Don’t Repeat Yourself (DRY) ECS ECS Agent ECS Service ECS Task Elastic Container Registry (ECR) ElasticBeanstalk (EB) End-to-end (e2e) Environment Variable Executable Documentation FUSE Geodesic Geodesic Module Geodesic Shell Git Workflow Goofys HashiCorp Language (HCL) HashiCorp Terraform Helm Helm Chart Helm Tiller Idenity Aware Proxy Identity Access Management (IAM) Imperative Declaration Infrastructure Infrastructure as Code (IaC) Ingress Controller Kanban Key Management Service (KMS) Key Performance Indicator (KPI) Kubernetes Kubernetes Ops (kops) Lambda Layer 7 Monorepo Multi-Factor Authentication (MFA) OSI Model On-call Engineer (OCE) PagerDuty Parameter Store Pingdom Platform-as-a-Service (PaaS) Polyrepo Relational Database Service (RDS) Release Engineering S3 S3 Bucket Sandbox Environment Semantic Version Service Level Agreement Shared Memory Filesystem (/dev/shm) Sidekick Containers Simple Notification Service (SNS) Single Sign-on (SSO) Slack Software Development Lifecycle (SDLC) Software-as-a-Service (SaaS) Stage String Interpolation Subject Matter Expertise (SME) Synthetic Monitoring Technical Debt Topology Unlimited Staging Environments Virtual Private Cloud (VPC) aws-vault init-terraform jq kubectl s3fs yq Helm Charts Helm Quick Start Supported Charts chart-repo Kubernetes Helm Charts Helm Charts Quick Start Kubernetes Pull Secrets Kubernetes Resource Management kubectl Kubernetes Backing Services External DNS External DNS IAM Kube2IAM Ingress Nginx Ingress Controller Log Management Monitoring Kube Prometheus Prometheus Operator TLS Management Kube Lego (Let’s Encrypt) Kubernetes Optimization Scale Kubernetes Cluster Horizontally Scale Kubernetes Cluster Vertically Scale Kubernetes Pods Horizontally Scale Kubernetes Pods Vertically Scale Nginx Ingress Pods Horizontally Scale Nginx Ingress Pods Vertically Tune Nginx Parameters Optimize Database Indexes Kubernetes Platform Services Dashboard Kubernetes UI Dashboard Cluster Portal Chart Registry ChartMuseum ChartMuseum Learn By Example Agenda Root Module Staging Module Kubernetes Cluster Add Platform Backing Services Migrate Application to Kubernetes Add Backing Services Add CI/CD Pipeline Create Charts Dockerize application Load Testing Load Testing Tools Load Testing Scenarios Perform Testing and Analyze Results Optimization and Tuning Procedures Local Dev Environments Docker Compose Dockerfile Dockerfile Best Practices Fancy Shell Prompts Minikube QuickStart Tmate Vagrant Monitoring & Alerting Alert Manager Escalation Grafana Prometheus Project Management GOST Framework Managers vs Makers RACI Matrix Reference Architectures Introduction to Reference Architectures Cold Start Notes on Using Multiple AWS Accounts Release Engineering Build Harness Codefresh Codefresh “Best Practices” Codefresh Cron Triggers Codefresh Kubernetes Integration Codefresh CI/CD Process Step 1: Initialize all Environment Variables Step 2: Generate Semantic Versions Step 3: Build Docker Image Step 4: Build Charts Step 5: Tag & Push Docker Image Step 6: Deploy to Cluster Step 7: Slack Notification Toolchain Secrets Management AWS KMS+S3 File Storage AWS KMS+SSM Development Secrets Secrets Management Anti-patterns Secrets Management Best Practices Terraform Secrets Management Using Secrets with CI/CD Terraform Terraform Best Practices Terraform Tips & Tricks Terraform Modules Terraform Modules Overview Terraform Modules Quick Start Terraform Module Best Practices Developing Terraform Modules Locally Terraform Backup Modules terraform-aws-ec2-ami-backup terraform-aws-ec2-ami-snapshot terraform-aws-efs-backup Terraform CDN Modules terraform-aws-cloudfront-cdn terraform-aws-cloudfront-s3-cdn terraform-aws-s3-website Terraform CI/CD Modules terraform-aws-cicd terraform-aws-codebuild terraform-aws-jenkins Terraform Database Modules terraform-aws-dynamodb terraform-aws-dynamodb-autoscaler terraform-aws-elasticache-memcached terraform-aws-elasticache-redis terraform-aws-rds terraform-aws-rds-cluster Terraform Kubernetes (Kops) Modules terraform-aws-kops-chart-repo terraform-aws-kops-external-dns terraform-aws-kops-metadata terraform-aws-kops-route53 terraform-aws-kops-state-backend terraform-aws-kops-vpc-peering Terraform Logging Modules terraform-aws-cloudwatch-flow-logs terraform-aws-cloudwatch-logs terraform-aws-datadog-integration terraform-aws-s3-log-storage Terraform Monitoring Modules terraform-datadog-aws-integration terraform-datadog-monitor Terraform Networking Modules terraform-aws-dynamic-subnets terraform-aws-efs terraform-aws-multi-az-subnets terraform-aws-named-subnets terraform-aws-route53-alias terraform-aws-route53-cluster-hostname terraform-aws-route53-cluster-zone terraform-aws-vpc terraform-aws-vpc-peering Terraform Platform Modules terraform-aws-ec2-admin-server terraform-aws-ec2-instance terraform-aws-ecr terraform-aws-elastic-beanstalk-application terraform-aws-elastic-beanstalk-environment Terraform Root Modules Codefresh Pipeline for Root Modules Terraform Security Modules terraform-aws-acm-request-certificate terraform-aws-cloudtrail terraform-aws-cloudtrail-s3-bucket terraform-aws-ec2-bastion-server terraform-aws-iam-assumed-roles terraform-aws-iam-system-user terraform-aws-key-pair terraform-aws-organization-access-group terraform-aws-organization-access-role Terraform Supported Modules terraform-aws-tfstate-backend terraform-null-ansible terraform-null-label Terraform User Data Modules terraform-aws-user-data-assets terraform-aws-user-data-cloud terraform-aws-user-data-dns-proxy terraform-aws-user-data-resolv-conf terraform-aws-user-data-s3-backend terraform-template-user-data-dba terraform-template-user-data-github-authorized-keys terraform-template-user-data-nfs Tools 1Password for Teams AWS Cli AWS Vault Chamber Docker Docker Best Practices Docker Tips & Tricks Gomplate Goofys Helm Helmfile Hugo Static Site Generator Kops Makefile Makefile Best Practices Makefile Examples Packages Troubleshooting Calling chamber write triggers Error: InvalidKeyId: ... parameter_store_key is not found. Error: UPGRADE FAILED: failed to create resource: namespaces “…” not found Error: Your connection is not private Kiam: Error Detecting ARN Prefix: AWS Metadata API Not Available Kubernetes Pods Emit Error: not authorized to perform sts:AssumeRole Liveness probe failed: … server gave HTTP response to HTTPS client No nodes are available that match all of the predicates: NoVolumeZoneConflict (4) Running init-terraform fails: Permission denied (publickey) Running kubectl fails: The connection to the server localhost:8080 was refused SignatureDoesNotMatch: Signature expired Terraform error: value of 'count' cannot be computed Terraform fails while applying plan: resource does not have attribute aws-vault outputs 'aws_access_key_id' message and does nothing aws-vault: error: Failed to get credentials … aes.KeyUnwrap(): integrity check failed. aws-vault: error: Failed to start credential server xcrun: error: invalid active developer path
Container Management Platform (CMP) kubernetes ecs mesos cattle See Also Scale Kubernetes Pods Horizontally How do we expect to accomplish service discovery? Kubernetes Pods Emit Error: not authorized to perform `sts:AssumeRole` Ingress Controller Andriy Knysh Codefresh Continuous Delivery (CD) © 2020 Cloud Posse, LLC. Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

This is a companion discussion topic for the original entry at