All Questions
Tagged with amazon-eks amazon-web-services
48
questions
0
votes
0
answers
10
views
Public IP should not be changed when aws eks cluster and managed nodegroup is upgraded
We have used the eks cluster(current version 1.20) and managed nodegroup and used the public IPs of the nodes for our purpose so now when we upgrade the eks cluster and nodegroup with version 1.21 all ...
2
votes
2
answers
70
views
How to obtain authorization to access EKS cluster
Followed this document Cert Signing to get the certificate issued.
I created cluster role and role binding to test it.
$ kubectl auth can-i create pods --as=myserver
yes
$ kubectl auth can-i list pods ...
0
votes
0
answers
75
views
Assign static IP address (outbound traffic) for every pod in EKS cluster
I have my software running in EKS cluster, where every node can fit up to 5 pods. The software uses multiple accounts on 3rd-party service which requires IP whitelisting. I have separate manifest ...
0
votes
0
answers
120
views
AWS application load balancer not registering targets for Kubernetes EKS node target group
I have an EKS cluster with public/private access on a VPC with public and private subnets. I've setup my ALB in the public subnets on port 80, internet-facing and ip and installed the AWS controller ...
0
votes
0
answers
45
views
Static files not being detected by the ALB
So, I have deployed an application in a Kubernetes environment (AWS EKS). It is a collection of various micro-applications exposed as services, each micro-service having three replica sets.
All the ...
- 1
0
votes
0
answers
24
views
Does EKS bill include the costs for control-plane (master) nodes?
EKS costs $0.10 / hr + you pay for the worker nodes (EC2 + storage + data transfer). But EKS itself runs master nodes. So the question is: does $0.10 covers the costs of master nodes? If not, then how ...
0
votes
1
answer
286
views
AWS VPC CNI PLUGIN - Error: container runtime network not ready due to NetworkPluginNotReady - How to Resolve
I am facing difficulty in this, maybe the answer is simple so if someone knows the answer, please comment here.
I have created an EKS cluster using the following manifest.
apiVersion: eksctl.io/...
- 1
0
votes
0
answers
139
views
Why can't I schedule more pods even with Ipv4Prefix enabled in my EKS cluster
I am using cilium as my CNI. I have successfully run the cilium connectivity test and all tests pass. My nodegroup schedules a t3.small nodes (3 of them), which allows me to run 11 pods without ...
- 123
0
votes
1
answer
400
views
How can i get cilium to pass the failing connectivity test
I am trying to deploy cilium to my eks cluster, for context, this cluster is a private cluster running behind a private subnet, and routed to the internet through a NAT gateway and then an internet ...
- 123
0
votes
0
answers
41
views
Stop EKS/Traefik overwriting Inbound Security Group rules every 2 weeks
I have a kubernetes cluster (EKS AWS Managed) with Traefik Ingress service installed. Now, my understanding is the ingress service creates and manages the load balancer in AWS, and also the security ...
- 101
0
votes
0
answers
83
views
EKS provisions nodes more than maxnodes using Karpenter
Currently I am using EKS with karpenter and I provision EKS cluster with values
minNodes: 1
maxNodes: 2
DesiredNodes: 1
Then I setup the karpenter using this link. After Setting it up as referred by ...
0
votes
0
answers
180
views
AWS ALB gives 504 timeout when vpc cni network policies applied
I've got argocd deployed on EKS, with ingress running on top of AWS Load Balancer Controller.
Alb controller is deployed in kube-system. Argo is deployed in argocd namespace with internal alb created ...
- 101
0
votes
0
answers
13
views
Removing kubernetes.io/aws-ebs in-tree StorageClass
After installation of aws-ebs-csi-driver I've realized that there is default in-tree implementation kubernetes.io/aws-ebs which is deprecated according to official doc:
$ kubectl get StorageClass
NAME ...
- 321
0
votes
1
answer
536
views
CoreDNS pods in AWS EKS Fargate unable to pull image
I created a PRIVATE EKS Cluster using AWS Console. Then, followed the documentation to configure Fargate. After I finished, I can see my Fargate nodes under Compute tab in my cluster in AWS Console, ...
- 1
0
votes
0
answers
155
views
On AWS EKS, how can I update an addon multiple minor versions at once?
Some enabled add-on lags far behind the latest version. The add-on is NOT self-managed (checked using the doc with aws eks describe-addon)
That specific addon has no compatibility issues between the ...
- 1
1
vote
2
answers
405
views
IPv4 to IPv6 NAT on AWS
AWS supports connecting to external IPv4-only services from an IPv6-only node using NAT64. Is there an equivalent for the reverse?
For context, I have an EKS cluster, which is currently IPv4-only, all ...
- 179
0
votes
0
answers
32
views
Unable to enable Singlestore studio in Singlestore kubernetes operator
I deployed a singlestore test cluster using the documentation from https://docs.singlestore.com/db/v7.3/deploy/kubernetes/ on AWS.
The deployment was successful, and I managed to get the cluster up ...
0
votes
1
answer
401
views
EKS service SSL endpoint
When creating a service using EKS, it is exposed using http through a AWS load balancer.
kubectl apply -f service.yaml - Will create a load balancer that's managed by EKS, and can not be modified. any ...
- 101
0
votes
1
answer
2k
views
AWS EKS Cluster : InvalidParameterException: Unsupported Kubernetes minor version update ,Terraform Gitlab CI
The following errors occur every time I run the pipeline
│ Error: error updating EKS Cluster (business-staging) version: InvalidParameterException: Unsupported Kubernetes minor version update from 1....
- 59
0
votes
0
answers
2k
views
How to create EKS cluster with VPC CNI addon via CloudFormation?
I create a EKS cluster (1.24) via cloudformation, it works fine without a CNI plugin but fails when I add vpc-cni addon:
AddonCNI:
Type: 'AWS::EKS::Addon'
Properties:
AddonName: vpc-...
- 243
1
vote
1
answer
710
views
Keycloak w/ EKS + ALB (401 after auth)
I’m currently trying to get Keycloak to run in EKS behind ALB and for the life of me, I can’t get it to work. I get the redirect to a login screen and after I log in - I instantly get presented with ...
- 21
0
votes
0
answers
1k
views
Configure EKS to use Nexus Private Docker Registry (HTTP/HTTPS)
I've created an EKS cluster on AWS along with Nexus Repository on DigitalOcean using Terraform & Ansible.
Also I've not created any SSL for the Nexus Repository, so it is "http."
...
1
vote
1
answer
439
views
AWS Site-to-Site VPN ping working, TCP not
I want to establish a site-to-site IPsec VPN connection between an AWS EKS-Kubernetes-Cluster and a server from a different provider using AWS Site-to-Site VPN.
Pings get through the VPN, but TCP ...
- 11
0
votes
1
answer
348
views
Direct Traffic from a Pulbic ALB to an Internal ALB for EKS
So I have an EKS cluster sitting in a dedicated VPC (EKS-VPC)
In my Main VPC I have a public-facing ALB that I want it to somehow direct traffic to services running in EKS.
More specifically I want ...
- 121
0
votes
1
answer
1k
views
Is it possible to mix instance types in an AWS cluster?
I'd like to know if it is possible to mix node instance types in an AWS (EKS) cluster.
I'd like to host something which requires more resources and add it to the cluster.
- 1,445
0
votes
1
answer
850
views
Using the AWS VPC CNI add on for EKS can I access a pod directly via it's vpc ip address over a vpn?
My general question is in the title. I feel like I've misunderstood the way pods are connected to the VPC. I was assuming this would make pods routable on the vpc but it seems like this is not the ...
- 103
0
votes
0
answers
1k
views
AWS ELB(classic load balancer) response is too slow and sometimes response is not coming it is showing timed out
I have EKS cluster setup in private subnet in which i'm having my microservices and for each microservice i have classic load balancer to access API. But response is having high latency and sometimes ...
- 21
0
votes
1
answer
872
views
Unable to grant additional AWS roles the ability to interact with my cluster
I am trying to learn AWS EKS and following Getting started with Amazon EKS – AWS Management Console and AWS CLI guide step by step except for the region which I have changed to us-east-1.
I am able to ...
- 101
0
votes
2
answers
16k
views
AWS EKS add-on coredns status as degraded and node group creation failed( is unable to join Cluster)
I'm trying to create node group on EKS Cluster(region = ap-south-1) but it is failing to join cluster. Health issues : NodeCreationFailure Instances failed to join the kubernetes cluster
I found that ...
- 21
1
vote
1
answer
2k
views
do I need kube-proxy and vpc-cni addons when running fargate only eks cluster?
they both seem like good add-ons when you're running node groups; I'm assuming given Fargate mandates ALB's would register IP only for services, and other similar fargate requirements, do we still ...
- 537
0
votes
2
answers
1k
views
AWS EKS Ingress Timeout On Any Non-Root Path
We have configured an Ingress resource on our EKS cluster with rewrites from /.* on the load balancer to the matching URI upstream. If we visit staging.my-domain.com/, we see a successful health-check ...
- 181
3
votes
0
answers
1k
views
EKS - Use IAM roles for service accounts on multiple clusters
I am trying to use IAM roles for service accounts in EKS.
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
When it comes to create the IAM role to be assigned to a ...
- 31
5
votes
1
answer
5k
views
EKS ARM Node stuck in NotReady status - runtime network not ready cni config uninitialized
I have an EKS Cluster (AWS) named cluster-main running on
Kubernetes version: 1.16
Platform version: eks.4
CNI version v1.6.1
There are two node groups in the cluster
Cluster Name
Instance Type
AMI ...
- 121
0
votes
0
answers
506
views
Can i access an EKS cluster , if i don't have access to iam user that created it?
An AWS admin , created an IAM user , and that user created an EKS cluster. Now , we don't have access to that IAM user.
If , we try to execute , kubectl , commands on that EKS cluster from a new IAM ...
0
votes
2
answers
2k
views
Postfix behind AWS NLB with Proxy Protocol does not send banner until CRLF is sent
I've redeployed my mail stack as a Kubernetes pod. This pod is on an EKS cluster in the private subnet, behind an NLB. Postfix and the NLB are configured to speak proxy protocol v2.
Originally I had ...
- 23
0
votes
1
answer
387
views
Can't configure RBAC to users in EKS
I have deployed EKS using eksctl following this docs.
As the user who created the cluster I have full access control.
Trying to grant system:masters permissions to a specific user doesn't work this ...
- 123
1
vote
2
answers
550
views
Is AWS Fargate EKS Container to Container communication encrypted at the network level?
I see that ephemeral drives are now encrypted but is network communications between containers encrypted, say for HIPAA compliance. Looking specifically at Serverless Fargate with Kubernetes pods. A ...
- 1,566
2
votes
1
answer
243
views
Why would you want worker node traffic to leave a VPC? (AWS EKS)
When setting up AWS EKS, I came across a configuration option I don't understand.
What is the use case for the "public" option as shown in this screenshot?
This is the only option that makes ...
- 23
0
votes
1
answer
501
views
HTTPS for EKS LoadBalancer
I have LoadBalancer setup for a Deployment on EKS. I can access the app behind the classic load balancer AWS setup with the DNS name <elb id>.<aws region>.elb.amazonaws.com. I would like ...
- 3
8
votes
1
answer
8k
views
Worker Group VS Node Group EKS
I am trying to use https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/12.2.0(Terraform AWS EKS provider)
What is the difference between worker nodes and node group?
- 83
1
vote
0
answers
714
views
How to access a S3 bucket accessible only through a EKS Pod
We've got a S3 bucket we use to store files used by an application deployed on EKS, to access the bucket we have a secret web identity token.
The application maintenance guys sometime need to browse ...
- 111
0
votes
1
answer
6k
views
How to change the security group of Amazon EKS worker nodes?
I want to add a security group to the worker nodes of Amazon EKS.
It seems that I can change "Additional security group" to add the security group to the worker nodes.
But I cannot find any ...
- 111
1
vote
0
answers
3k
views
How do I allow an additional AWS user to gain access to EKS?
I'm trying to do:
[ec2-user@xxxxxxxxx x]$ aws eks update-kubeconfig --name prod-eks-v2 --role-arn arn:aws:iam::9xxxxxxxxxxeks-v2-cluster-ServiceRole-xxxxxxxxxx
An error occurred (...
- 1,908
0
votes
1
answer
289
views
Monitoring EKS Kubernetes LoadBalancer service Type
I have created few services in Kubernetes with type: LoadBalancer.
Platform: EKS.
Is there a way to get number of 4xx or 5xx errors from this LoadBalancer? I have tried the following:
Prometheus -...
2
votes
2
answers
6k
views
Kubernetes: run aws s3 sync/rsync against persistent volume on demand
Is there a way in Kubernetes to trigger a job to run on my containers on demand?
The use case is to be able to have the containers sync from S3 to a persistent volume on demand. In the application's ...
- 143
1
vote
1
answer
1k
views
Not able to join worker nodes using kubectl with updated aws-auth configmap
I'm setting up AWS EKS cluster using terraform from an EC2 instance. Basically the setup includes EC2 launch configuration and autoscaling for worker nodes. After creating the cluster, I am able to ...
- 121
2
votes
1
answer
6k
views
EKS suddenly failing with disk pressure
We have an EKS cluster with two t3.small nodes with 20Gi of ephemeral storage. The cluster runs only two small Nodejs (node:12-alpine) applications for now.
This worked perfectly for a few weeks, and ...
- 1,329
3
votes
1
answer
3k
views
HTTP/2 for ALB with EKS on AWS
I'm experimenting with AWS EKS and have created the following setup:
EKS cluster with a single service/pod/node
AWS ALB ingress controller
ALB
I try to configure the ALB to:
create access logs
...
- 1,329