From 75d12aeceb77061576e9e1449077098ecafadffc Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Thu, 16 May 2024 00:27:36 +0200
Subject: [PATCH] chore(kb): add sources from my last projects

---
 knowledge base/cloud computing/aws/README.md | 23 ++++++++++++++++++--
 knowledge base/cloud computing/aws/ec2.md    |  9 +++++---
 knowledge base/cloud computing/aws/ecs.md    | 11 ++++++----
 knowledge base/cloud computing/aws/eks.md    |  7 +++++-
 knowledge base/docker.md                     |  5 ++++-
 knowledge base/gitlab.md                     |  2 ++
 knowledge base/kubernetes/README.md          |  5 ++++-
 7 files changed, 50 insertions(+), 12 deletions(-)

diff --git a/knowledge base/cloud computing/aws/README.md b/knowledge base/cloud computing/aws/README.md
index 41c8115..d397597 100644
--- a/knowledge base/cloud computing/aws/README.md	
+++ b/knowledge base/cloud computing/aws/README.md	
@@ -282,9 +282,19 @@ Examples:
 - [IAM JSON policy elements: Sid]
 - [Elastic IP addresses]
 - [Using IAM policy conditions for fine-grained access control to manage resource record sets]
+- [Not authorized to perform: sts:AssumeRole]
+- [Test Your Roles' Access Policies Using the AWS Identity and Access Management Policy Simulator]
+- [Troubleshooting IAM roles]
+- [How can I monitor the account activity of specific IAM users, roles, and AWS access keys?]
+- [Using IAM roles]
+- [AssumeRole api reference]
+- [You might be clueless as to why AWS assume role isn't working, despite being correctly set up]
+- [Use an IAM role in the AWS CLI]
+- [Creating a role to delegate permissions to an IAM user]
 
 <!--
-  References
+  Reference
+  ═╬═Time══
   -->
 
 <!-- In-article sections -->
@@ -308,16 +318,23 @@ Examples:
 
 <!-- Upstream -->
 [access aws services through aws privatelink]: https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-aws-services.html
+[assumerole api reference]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
 [aws json policy elements: principal]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
 [best practices for tagging aws resources]: https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/tagging-best-practices.html
 [connect to the internet using an internet gateway]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
 [constraints  tag]: https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html
+[creating a role to delegate permissions to an iam user]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html
 [elastic ip addresses]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
+[how can i monitor the account activity of specific iam users, roles, and aws access keys?]: https://repost.aws/knowledge-center/view-iam-history
 [iam json policy elements: sid]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html
 [nat gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
 [services that publish cloudwatch metrics]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html
 [subnets for your vpc]: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html
+[test your roles' access policies using the aws identity and access management policy simulator]: https://aws.amazon.com/blogs/security/test-your-roles-access-policies-using-the-aws-identity-and-access-management-policy-simulator/
+[troubleshooting iam roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_roles.html
+[use an iam role in the aws cli]: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html
 [using iam policy conditions for fine-grained access control to manage resource record sets]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/specifying-rrset-conditions.html
+[using iam roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
 [using service-linked roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
 [what is amazon vpc?]: https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
 [what is aws config?]: https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html
@@ -327,6 +344,8 @@ Examples:
 <!-- Others -->
 [automating dns-challenge based letsencrypt certificates with aws route 53]: https://johnrix.medium.com/automating-dns-challenge-based-letsencrypt-certificates-with-aws-route-53-8ba799dd207b
 [aws config tutorial by stephane maarek]: https://www.youtube.com/watch?v=qHdFoYSrUvk
-[date & time policy conditions at aws - 1-minute iam lesson]: https://www.youtube.com/watch?v=4wpKP1HLEXg
 [aws icons]: https://aws-icons.com/
+[date & time policy conditions at aws - 1-minute iam lesson]: https://www.youtube.com/watch?v=4wpKP1HLEXg
 [introduction to aws iam assumerole]: https://aws.plainenglish.io/introduction-to-aws-iam-assumerole-fbef3ce8e90b
+[not authorized to perform: sts:assumerole]: https://repost.aws/questions/QUOY5XngCtRyOX4Desaygz8Q/not-authorized-to-perform-sts-assumerole
+[you might be clueless as to why aws assume role isn't working, despite being correctly set up]: https://medium.com/@kamal.maiti/you-might-be-clueless-as-to-why-aws-assume-role-isnt-working-despite-being-correctly-set-up-1b3138519c07
diff --git a/knowledge base/cloud computing/aws/ec2.md b/knowledge base/cloud computing/aws/ec2.md
index ca067e3..d66ba52 100644
--- a/knowledge base/cloud computing/aws/ec2.md	
+++ b/knowledge base/cloud computing/aws/ec2.md	
@@ -66,23 +66,26 @@ See [EBS].
 - [Using instance profiles]
 - [DescribeImages] API
 - [`describe-images`][describe-images] CLI subcommand
+- [Best practices for handling EC2 Spot Instance interruptions]
+- [IAM roles for Amazon EC2]
 
 <!--
-  References
+  Reference
+  ═╬═Time══
   -->
 
-<!-- In-article sections -->
 <!-- Knowledge base -->
 [amazon web services]: README.md
 [cli]: cli.md
 [ebs]: ebs.md
 [ssm]: ssm.md
 
-<!-- Files -->
 <!-- Upstream -->
+[best practices for handling ec2 spot instance interruptions]: https://aws.amazon.com/blogs/compute/best-practices-for-handling-ec2-spot-instance-interruptions/
 [connect to your instances without requiring a public ipv4 address using ec2 instance connect endpoint]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-with-ec2-instance-connect-endpoint.html
 [describe-images]: https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html
 [describeimages]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html
+[iam roles for amazon ec2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
 [using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
 
 <!-- Others -->
diff --git a/knowledge base/cloud computing/aws/ecs.md b/knowledge base/cloud computing/aws/ecs.md
index b235407..830e986 100644
--- a/knowledge base/cloud computing/aws/ecs.md	
+++ b/knowledge base/cloud computing/aws/ecs.md	
@@ -96,19 +96,22 @@ while [[ $(aws ecs list-tasks --query 'taskArns' --output 'text' --cluster 'test
 
 ### Sources
 
+- [Identity and Access Management for Amazon Elastic Container Service]
+- [Amazon ECS task role]
+- [How Amazon Elastic Container Service works with IAM]
+
 <!--
   Reference
   ═╬═Time══
   -->
 
-<!-- In-article sections -->
 <!-- Knowledge base -->
 [amazon web services]: README.md
 [cli]: cli.md
 
-<!-- Files -->
 <!-- Upstream -->
 [amazon ecs task lifecycle]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-lifecycle-explanation.html
+[amazon ecs task role]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html
+[how amazon elastic container service works with iam]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security_iam_service-with-iam.html
+[identity and access management for amazon elastic container service]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-iam.html
 [troubleshoot amazon ecs deployment issues]: https://docs.aws.amazon.com/codedeploy/latest/userguide/troubleshooting-ecs.html
-
-<!-- Others -->
diff --git a/knowledge base/cloud computing/aws/eks.md b/knowledge base/cloud computing/aws/eks.md
index 37e7a2d..0e87b59 100644
--- a/knowledge base/cloud computing/aws/eks.md	
+++ b/knowledge base/cloud computing/aws/eks.md	
@@ -710,9 +710,12 @@ Debug: see [Identify common issues].
 - [Private cluster requirements]
 - [De-mystifying cluster networking for Amazon EKS worker nodes]
 - [Simplified Amazon EKS Access - NEW Cluster Access Management Controls]
+- [Visualizing AWS EKS Kubernetes Clusters with Relationship Graphs]
+- [How to Add IAM User and IAM Role to AWS EKS Cluster?]
 
 <!--
-  References
+  Reference
+  ═╬═Time══
   -->
 
 <!-- In-article sections -->
@@ -766,3 +769,5 @@ Debug: see [Identify common issues].
 [using service-linked roles for amazon eks]: https://docs.aws.amazon.com/eks/latest/userguide/using-service-linked-roles.html
 
 <!-- Others -->
+[how to add iam user and iam role to aws eks cluster?]: https://antonputra.com/kubernetes/add-iam-user-and-iam-role-to-eks/
+[visualizing aws eks kubernetes clusters with relationship graphs]: https://dev.to/aws-builders/visualizing-aws-eks-kubernetes-clusters-with-relationship-graphs-46a4
diff --git a/knowledge base/docker.md b/knowledge base/docker.md
index 3716825..58daeca 100644
--- a/knowledge base/docker.md	
+++ b/knowledge base/docker.md	
@@ -370,9 +370,11 @@ docker load …
 - [OpenContainers Image Spec]
 - [Docker ARG, ENV and .env - a Complete Guide]
 - [Configuring HealthCheck in docker-compose]
+- [Docker Buildx Bake + Gitlab CI Matrix]
 
 <!--
-  References
+  Reference
+  ═╬═Time══
   -->
 
 <!-- Knowledge base -->
@@ -392,5 +394,6 @@ docker load …
 [configuring dns]: https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
 [configuring healthcheck in docker-compose]: https://medium.com/@saklani1408/configuring-healthcheck-in-docker-compose-3fa6439ee280
 [docker arg, env and .env - a complete guide]: https://vsupalov.com/docker-arg-env-variable-guide/
+[docker buildx bake + gitlab ci matrix]: https://teymorian.medium.com/docker-buildx-bake-gitlab-ci-matrix-77edb6b9863f
 [getting around docker's host network limitation on mac]: https://medium.com/@lailadahi/getting-around-dockers-host-network-limitation-on-mac-9e4e6bfee44b
 [opencontainers image spec]: https://specs.opencontainers.org/image-spec/
diff --git a/knowledge base/gitlab.md b/knowledge base/gitlab.md
index bc696db..87efa3c 100644
--- a/knowledge base/gitlab.md	
+++ b/knowledge base/gitlab.md	
@@ -703,6 +703,7 @@ Solution: set the correct ownership with
 - [How to disable the Two-factor authentication in GitLab?]
 - [How to Upgrade Your Omnibus GitLab]
 - [The docker images for gitlab-ce and gitlab-ee start workhorse with incorrect socket ownership]
+- [GitLab HA Scaling Runner Vending Machine for AWS EC2 ASG]
 
 <!--
   Reference
@@ -733,6 +734,7 @@ Solution: set the correct ownership with
 [docker machine's aws driver's options]: https://gitlab.com/gitlab-org/ci-cd/docker-machine/-/blob/main/docs/drivers/aws.md#options
 [docker machine's supported cloud providers]: https://docs.gitlab.com/runner/configuration/autoscale.html#supported-cloud-providers
 [environment variables]: https://docs.gitlab.com/ee/administration/environment_variables.html
+[gitlab ha scaling runner vending machine for aws ec2 asg]: https://gitlab.com/guided-explorations/aws/gitlab-runner-autoscaling-aws-asg#gitlab-runners-on-aws-spot-best-practices
 [global settings]: https://docs.gitlab.com/charts/charts/globals.html
 [how to restart gitlab]: https://docs.gitlab.com/ee/administration/restart_gitlab.html
 [install gitlab with the linux package]: https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/master/doc/installation/index.md
diff --git a/knowledge base/kubernetes/README.md b/knowledge base/kubernetes/README.md
index c37381a..7c18452 100644
--- a/knowledge base/kubernetes/README.md	
+++ b/knowledge base/kubernetes/README.md	
@@ -622,9 +622,11 @@ Others:
 - [Kubernetes cluster autoscaler]
 - [Common labels]
 - [What is Kubernetes?]
+- [Using RBAC Authorization]
 
 <!--
-  References
+  Reference
+  ═╬═Time══
   -->
 
 <!-- In-article sections -->
@@ -680,6 +682,7 @@ Others:
 [security context design proposal]: https://github.com/kubernetes/design-proposals-archive/blob/main/auth/security_context.md
 [security design proposal]: https://github.com/kubernetes/design-proposals-archive/blob/main/auth/security.md
 [set capabilities for a container]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container
+[using rbac authorization]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
 [using sysctls in a kubernetes cluster]: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
 [version skew policy]: https://kubernetes.io/releases/version-skew-policy/