After installing the Trivy Operator, an open-source security scanner, into my Kubernetes cluster, I noticed the generated JSON vulnerability reports could get pretty big and would need some tool to parse them.

EKS Fargate schedules only one pod per node. This means you can’t run Daemonsets on the same node and have to opt for a sidecar pattern to deploy the Daemonsets intended functionality.

AWS Single Sign-On (AWS SSO) allows SSO users to sign-in using the awscli via the aws sso login command. As part of the typical login flow, a browser (default browser, unless BROWSER environment variable exists) is launched for the user to perform a number of verification and authorization steps.

TLDR: I wrote an Argo CD plugin that does dynamic placeholder replacement of secrets at deployment time from AWS Secrets Manager. Installation and usage are on GitHub.

cdk8s is a great way to bundle and compose applications to be deployed to Kubernetes.