Cloud Devops Automation

 AWS has moved away from the traditional config-based authentication for EKS clusters, advocating for API-based authentication instead. This article explains the underlying mechanism and benefits of this modern approach. How API Authentication Works The authentication flow involves multiple AWS services working in concert: Initial Request (Steps 1-2) kubectl initiates authentication using AWS credentials from standard locations (environment variables, AWS credentials file, or IAM roles) AWS STS verifies the identity and returns temporary credentials Permission Verification (Steps 3-4) IAM validates the user/role permissions for EKS access This ensures proper RBAC and security policies are enforced URL Generation (Steps 5-8) kubectl requests a presigned URL from EKS API server The URL is signed using AWS Signature Version 4 EKS validates the IAM principal and permissions A time-limited presigned URL is returned Kubernetes Access (Steps 9-10) kubectl uses th...

Let me explain how Colima works under the hood, taking you through its architecture and core components to build a complete understanding of this technology. At its foundation, Colima (Container runtimes on Lima) is built on top of Lima, which creates and manages Linux virtual machines on macOS. This architecture is necessary because Docker containers require Linux kernel features that aren't natively available on macOS. Let's break down how this works layer by layer: The Base Layer:  Lima Virtual Machine When you start Colima, it first creates a Lima VM running Linux. Lima uses QEMU (Quick Emulator) as its virtualization backend, which provides hardware virtualization capabilities. The VM includes a minimal Linux distribution specifically optimized for running containers. This setup is more lightweight than traditional virtual machines because it's purpose-built for container workloads. The Container Runtime Layer  Inside the Lima VM, Colima sets up containerd, which is...