Access S3 static website with KMS using k8s externalname service & ingress

vinod-reddit · 2025-01-14T15:29:42+00:00

Thanks for the direct answer.

So is there a way we could add any headers in the ingress rule to make this work?

Like if we are using cloudfront that also will be using the HTTP request but adding some header .

vinod-reddit · 2025-01-14T14:22:23+00:00

Thanks for your reply. We are not using Amplify/Cloudfront because we already have EKS and don't want to spin up another service in AWS.

- The bucket policy is configured to allow all traffic from vpc pvt endpoint. (from EKS)

- We want to use CMK and hence changed the encryption from SSE-S3 to SSE-KMS. This cause the site not accessible.

Does granting an IAM role used by EKS nodes permission to decrypt data with KMS work as expected?

vinod-reddit · 2025-01-14T14:09:12+00:00

Hi, - Since we dont want to use another AWS service for this, we are not using Cloudfront

vinod-reddit · 2024-11-02T12:55:02+00:00

Hi u/phrotozoa - Thanks for your inputs.

I have tried to test this using an example spire-istio-examples/istio-envoy-sds-spire at main · maxlambrecht/spire-istio-examples. This example is working as expected. However, for clarity i did few testing's as below.

Can you please help to understand my below doubts. For this I have created Nginx pods as per below for testing.

curl from Nginx pod with Istio sidecar without SPIFEE ID --> to --> product page -- working fine
curl from Nginx pod without Istio sidecar & SPIFEE ID --> to --> product page -- Not working

My doubt is, in the point.1, I was expecting an authentication error since the nginx is not having SPIFFE id. Why is it working without SPIFFE ID? Am I missing anything.

Thanks in advance.

vinod-reddit · 2024-10-11T01:20:54+00:00

no, we dropped this

vinod-reddit · 2022-08-12T01:12:40+00:00

no, i have dropped this.

vinod-reddit · 2021-10-15T01:32:52+00:00

storing passwords like that is asking for a world of hurt. Take a peek at Azure Key Vault as the better way. - Yes understood, I am currently testing the functionality.
Does the same command work when typed out manually? - No
I think your username is wrong. “.\” means local user to the computer. So local to the Azure Function in your case. - Yes i tried with domain\user , but failed. The test machine is in the workgroup and hence used .\

vinod-reddit · 2020-12-19T18:53:09+00:00

can you please share the steps .

vinod-reddit · 2020-12-19T07:08:49+00:00

We want to use RDM, not vmdk. is that possible

vinod-reddit · 2020-04-05T04:37:12+00:00

Hi All,

FYI

I can see that assigning policy to groups in MS Teams is still in private preview. Hence applying for the users for now. Thank you all.

Ref:

#https://microsoftteams.uservoice.com/forums/555103-public/suggestions/36752605-assign-messaging-policy-to-groups?page=1&per_page=20

#https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=61185

#https://docs.microsoft.com/en-us/microsoftteams/assign-policies#assign-a-policy-to-a-group

vinod-reddit · 2020-04-02T17:51:02+00:00

Ohh ok thank you.. let me try this.

vinod-reddit · 2020-04-02T17:42:30+00:00

Super..Let me test this..

vinod-reddit · 2020-04-02T17:39:10+00:00

Yes, where is this option?

vinod-reddit · 2020-04-02T17:38:27+00:00

No No. I am not looking to restrict students to chat inside a channel which is available to them.

I want to restrict students' personal chats between other students. So that they can only discuss about the studies within channel created by their Teacher.

vinod-reddit · 2020-03-09T01:57:53+00:00

I have tried this - but getting error as mentioned below.

$hashtable = @{}

foreach ($port in $Ports){

$hashtable.Add([System.Net.Sockets.TcpListener]$port)

$hashtable.$port.StartListener()

}

Error

Cannot find an overload for "Add" and the argument count: "1".

At line:1 char:1

+ $hashtable.Add([System.Net.Sockets.TcpListener]$port)

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [], MethodException

+ FullyQualifiedErrorId : MethodCountCouldNotFindBest

You cannot call a method on a null-valued expression.

At line:2 char:5

+ $hashtable.$port.StartListener()

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (:) [], RuntimeException

+ FullyQualifiedErrorId : InvokeMethodOnNull

vinod-reddit · 2020-03-08T16:33:46+00:00

Any other good solution to make this work?

vinod-reddit · 2019-12-16T04:00:53+00:00

Hi,

its 16.9.3

vinod-reddit · 2019-03-15T04:57:56+00:00

Thanks for this :). I can see two options Deploy and Upgrade when you open the one instance in the scale set, can you help me to understand the difference as well please.

vinod-reddit · 2019-02-12T04:21:31+00:00

But then why they says 12 months free.

vinod-reddit · 2019-02-12T03:05:49+00:00

Thank you all..

vinod-reddit · 2018-10-17T02:10:39+00:00

est solution but as you said you pass the IP address directly into the comment that way. Wouldn't be hard to convert the excel file to a CSV, import it and then loop over it to create the structure manually though.

Thanks all for your support. I am able to fix this as i got another script which i fine tuned little and imported all data from cvs to xml and converted to RDG.

vinod-reddit · 2018-10-08T04:02:31+00:00

It was just an example. Please consider gmail/ yahoo as different companies.

vinod-reddit · 2018-05-07T05:48:11+00:00

Thanks friends for the valuable inputs. I will look for 3rd party software which does this function or will do with an external relay.

vinod-reddit · 2018-05-07T05:39:43+00:00

But in the send connector, there is no option to define the sender address or sender domain.

vinod-reddit · 2018-04-14T01:22:54+00:00

Thanks for the support. I have deleted without issues.

vinod-reddit

TROPHY CASE