Sometimes its useful to be able to run some ephemeral containers on kubernetes cluster in order to perform some debugging (i.e. dns resolution, pinging nodes, etc).

Sadly, most of the times, it can be tricky to remember all overrides so here is a small list

Run an ephemeral shell on a random node

1kubectl run -ti...

IRSA (IAM role for service account) is a very useful tool which permits us to provide AWS permissions to the containers in any pod that uses that service account. This enables us to give a very granular permission setting for specific service accounts and remove most of the headache related to authentication and persisting of secrets.

Below a quick snippet of how to create such mechanism.