Skip to main content

All Questions

Filter by
Sorted by
Tagged with
0 votes
0 answers
10 views

Public IP should not be changed when aws eks cluster and managed nodegroup is upgraded

We have used the eks cluster(current version 1.20) and managed nodegroup and used the public IPs of the nodes for our purpose so now when we upgrade the eks cluster and nodegroup with version 1.21 all ...
basava022's user avatar
2 votes
2 answers
70 views

How to obtain authorization to access EKS cluster

Followed this document Cert Signing to get the certificate issued. I created cluster role and role binding to test it. $ kubectl auth can-i create pods --as=myserver yes $ kubectl auth can-i list pods ...
Alexy Pulivelil's user avatar
0 votes
0 answers
75 views

Assign static IP address (outbound traffic) for every pod in EKS cluster

I have my software running in EKS cluster, where every node can fit up to 5 pods. The software uses multiple accounts on 3rd-party service which requires IP whitelisting. I have separate manifest ...
Dmitry Belaventsev's user avatar
0 votes
0 answers
120 views

AWS application load balancer not registering targets for Kubernetes EKS node target group

I have an EKS cluster with public/private access on a VPC with public and private subnets. I've setup my ALB in the public subnets on port 80, internet-facing and ip and installed the AWS controller ...
Alex Radwan's user avatar
0 votes
0 answers
45 views

Static files not being detected by the ALB

So, I have deployed an application in a Kubernetes environment (AWS EKS). It is a collection of various micro-applications exposed as services, each micro-service having three replica sets. All the ...
samichau's user avatar
0 votes
0 answers
24 views

Does EKS bill include the costs for control-plane (master) nodes?

EKS costs $0.10 / hr + you pay for the worker nodes (EC2 + storage + data transfer). But EKS itself runs master nodes. So the question is: does $0.10 covers the costs of master nodes? If not, then how ...
Dmitry Belaventsev's user avatar
0 votes
1 answer
286 views

AWS VPC CNI PLUGIN - Error: container runtime network not ready due to NetworkPluginNotReady - How to Resolve

I am facing difficulty in this, maybe the answer is simple so if someone knows the answer, please comment here. I have created an EKS cluster using the following manifest. apiVersion: eksctl.io/...
Arun Lal's user avatar
0 votes
0 answers
139 views

Why can't I schedule more pods even with Ipv4Prefix enabled in my EKS cluster

I am using cilium as my CNI. I have successfully run the cilium connectivity test and all tests pass. My nodegroup schedules a t3.small nodes (3 of them), which allows me to run 11 pods without ...
eagercoder's user avatar
0 votes
1 answer
400 views

How can i get cilium to pass the failing connectivity test

I am trying to deploy cilium to my eks cluster, for context, this cluster is a private cluster running behind a private subnet, and routed to the internet through a NAT gateway and then an internet ...
eagercoder's user avatar
0 votes
0 answers
41 views

Stop EKS/Traefik overwriting Inbound Security Group rules every 2 weeks

I have a kubernetes cluster (EKS AWS Managed) with Traefik Ingress service installed. Now, my understanding is the ingress service creates and manages the load balancer in AWS, and also the security ...
Trent's user avatar
  • 101
0 votes
0 answers
83 views

EKS provisions nodes more than maxnodes using Karpenter

Currently I am using EKS with karpenter and I provision EKS cluster with values minNodes: 1 maxNodes: 2 DesiredNodes: 1 Then I setup the karpenter using this link. After Setting it up as referred by ...
Suyog Dahal's user avatar
0 votes
0 answers
180 views

AWS ALB gives 504 timeout when vpc cni network policies applied

I've got argocd deployed on EKS, with ingress running on top of AWS Load Balancer Controller. Alb controller is deployed in kube-system. Argo is deployed in argocd namespace with internal alb created ...
kkarczewski's user avatar
0 votes
0 answers
13 views

Removing kubernetes.io/aws-ebs in-tree StorageClass

After installation of aws-ebs-csi-driver I've realized that there is default in-tree implementation kubernetes.io/aws-ebs which is deprecated according to official doc: $ kubectl get StorageClass NAME ...
ipeacocks's user avatar
  • 321
0 votes
1 answer
536 views

CoreDNS pods in AWS EKS Fargate unable to pull image

I created a PRIVATE EKS Cluster using AWS Console. Then, followed the documentation to configure Fargate. After I finished, I can see my Fargate nodes under Compute tab in my cluster in AWS Console, ...
432i's user avatar
  • 1
0 votes
0 answers
155 views

On AWS EKS, how can I update an addon multiple minor versions at once?

Some enabled add-on lags far behind the latest version. The add-on is NOT self-managed (checked using the doc with aws eks describe-addon) That specific addon has no compatibility issues between the ...
John Doe's user avatar
1 vote
2 answers
405 views

IPv4 to IPv6 NAT on AWS

AWS supports connecting to external IPv4-only services from an IPv6-only node using NAT64. Is there an equivalent for the reverse? For context, I have an EKS cluster, which is currently IPv4-only, all ...
Ralf's user avatar
  • 179
0 votes
0 answers
32 views

Unable to enable Singlestore studio in Singlestore kubernetes operator

I deployed a singlestore test cluster using the documentation from https://docs.singlestore.com/db/v7.3/deploy/kubernetes/ on AWS. The deployment was successful, and I managed to get the cluster up ...
sethu2912's user avatar
0 votes
1 answer
401 views

EKS service SSL endpoint

When creating a service using EKS, it is exposed using http through a AWS load balancer. kubectl apply -f service.yaml - Will create a load balancer that's managed by EKS, and can not be modified. any ...
Aviran's user avatar
  • 101
0 votes
1 answer
2k views

AWS EKS Cluster : InvalidParameterException: Unsupported Kubernetes minor version update ,Terraform Gitlab CI

The following errors occur every time I run the pipeline │ Error: error updating EKS Cluster (business-staging) version: InvalidParameterException: Unsupported Kubernetes minor version update from 1....
sam23's user avatar
  • 59
0 votes
0 answers
2k views

How to create EKS cluster with VPC CNI addon via CloudFormation?

I create a EKS cluster (1.24) via cloudformation, it works fine without a CNI plugin but fails when I add vpc-cni addon: AddonCNI: Type: 'AWS::EKS::Addon' Properties: AddonName: vpc-...
chingis's user avatar
  • 243
1 vote
1 answer
710 views

Keycloak w/ EKS + ALB (401 after auth)

I’m currently trying to get Keycloak to run in EKS behind ALB and for the life of me, I can’t get it to work. I get the redirect to a login screen and after I log in - I instantly get presented with ...
iotanum's user avatar
  • 21
0 votes
0 answers
1k views

Configure EKS to use Nexus Private Docker Registry (HTTP/HTTPS)

I've created an EKS cluster on AWS along with Nexus Repository on DigitalOcean using Terraform & Ansible. Also I've not created any SSL for the Nexus Repository, so it is "http." ...
serhatbalik's user avatar
1 vote
1 answer
439 views

AWS Site-to-Site VPN ping working, TCP not

I want to establish a site-to-site IPsec VPN connection between an AWS EKS-Kubernetes-Cluster and a server from a different provider using AWS Site-to-Site VPN. Pings get through the VPN, but TCP ...
Talinx's user avatar
  • 11
0 votes
1 answer
348 views

Direct Traffic from a Pulbic ALB to an Internal ALB for EKS

So I have an EKS cluster sitting in a dedicated VPC (EKS-VPC) In my Main VPC I have a public-facing ALB that I want it to somehow direct traffic to services running in EKS. More specifically I want ...
argyrodagdileli's user avatar
0 votes
1 answer
1k views

Is it possible to mix instance types in an AWS cluster?

I'd like to know if it is possible to mix node instance types in an AWS (EKS) cluster. I'd like to host something which requires more resources and add it to the cluster.
Dark Star1's user avatar
  • 1,445
0 votes
1 answer
850 views

Using the AWS VPC CNI add on for EKS can I access a pod directly via it's vpc ip address over a vpn?

My general question is in the title. I feel like I've misunderstood the way pods are connected to the VPC. I was assuming this would make pods routable on the vpc but it seems like this is not the ...
ClintM's user avatar
  • 103
0 votes
0 answers
1k views

AWS ELB(classic load balancer) response is too slow and sometimes response is not coming it is showing timed out

I have EKS cluster setup in private subnet in which i'm having my microservices and for each microservice i have classic load balancer to access API. But response is having high latency and sometimes ...
uni's user avatar
  • 21
0 votes
1 answer
872 views

Unable to grant additional AWS roles the ability to interact with my cluster

I am trying to learn AWS EKS and following Getting started with Amazon EKS – AWS Management Console and AWS CLI guide step by step except for the region which I have changed to us-east-1. I am able to ...
kusur's user avatar
  • 101
0 votes
2 answers
16k views

AWS EKS add-on coredns status as degraded and node group creation failed( is unable to join Cluster)

I'm trying to create node group on EKS Cluster(region = ap-south-1) but it is failing to join cluster. Health issues : NodeCreationFailure Instances failed to join the kubernetes cluster I found that ...
uni's user avatar
  • 21
1 vote
1 answer
2k views

do I need kube-proxy and vpc-cni addons when running fargate only eks cluster?

they both seem like good add-ons when you're running node groups; I'm assuming given Fargate mandates ALB's would register IP only for services, and other similar fargate requirements, do we still ...
Anadi Misra's user avatar
0 votes
2 answers
1k views

AWS EKS Ingress Timeout On Any Non-Root Path

We have configured an Ingress resource on our EKS cluster with rewrites from /.* on the load balancer to the matching URI upstream. If we visit staging.my-domain.com/, we see a successful health-check ...
DragonBobZ's user avatar
3 votes
0 answers
1k views

EKS - Use IAM roles for service accounts on multiple clusters

I am trying to use IAM roles for service accounts in EKS. https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html When it comes to create the IAM role to be assigned to a ...
signaleleven's user avatar
5 votes
1 answer
5k views

EKS ARM Node stuck in NotReady status - runtime network not ready cni config uninitialized

I have an EKS Cluster (AWS) named cluster-main running on Kubernetes version: 1.16 Platform version: eks.4 CNI version v1.6.1 There are two node groups in the cluster Cluster Name Instance Type AMI ...
argyrodagdileli's user avatar
0 votes
0 answers
506 views

Can i access an EKS cluster , if i don't have access to iam user that created it?

An AWS admin , created an IAM user , and that user created an EKS cluster. Now , we don't have access to that IAM user. If , we try to execute , kubectl , commands on that EKS cluster from a new IAM ...
Dawood Abbas 's user avatar
0 votes
2 answers
2k views

Postfix behind AWS NLB with Proxy Protocol does not send banner until CRLF is sent

I've redeployed my mail stack as a Kubernetes pod. This pod is on an EKS cluster in the private subnet, behind an NLB. Postfix and the NLB are configured to speak proxy protocol v2. Originally I had ...
Routhinator's user avatar
0 votes
1 answer
387 views

Can't configure RBAC to users in EKS

I have deployed EKS using eksctl following this docs. As the user who created the cluster I have full access control. Trying to grant system:masters permissions to a specific user doesn't work this ...
itaied's user avatar
  • 123
1 vote
2 answers
550 views

Is AWS Fargate EKS Container to Container communication encrypted at the network level?

I see that ephemeral drives are now encrypted but is network communications between containers encrypted, say for HIPAA compliance. Looking specifically at Serverless Fargate with Kubernetes pods. A ...
xenoterracide's user avatar
2 votes
1 answer
243 views

Why would you want worker node traffic to leave a VPC? (AWS EKS)

When setting up AWS EKS, I came across a configuration option I don't understand. What is the use case for the "public" option as shown in this screenshot? This is the only option that makes ...
Savvly's user avatar
  • 23
0 votes
1 answer
501 views

HTTPS for EKS LoadBalancer

I have LoadBalancer setup for a Deployment on EKS. I can access the app behind the classic load balancer AWS setup with the DNS name <elb id>.<aws region>.elb.amazonaws.com. I would like ...
bovus's user avatar
  • 3
8 votes
1 answer
8k views

Worker Group VS Node Group EKS

I am trying to use https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/12.2.0(Terraform AWS EKS provider) What is the difference between worker nodes and node group?
Alex Kok's user avatar
1 vote
0 answers
714 views

How to access a S3 bucket accessible only through a EKS Pod

We've got a S3 bucket we use to store files used by an application deployed on EKS, to access the bucket we have a secret web identity token. The application maintenance guys sometime need to browse ...
molok's user avatar
  • 111
0 votes
1 answer
6k views

How to change the security group of Amazon EKS worker nodes?

I want to add a security group to the worker nodes of Amazon EKS. It seems that I can change "Additional security group" to add the security group to the worker nodes. But I cannot find any ...
Brian's user avatar
  • 111
1 vote
0 answers
3k views

How do I allow an additional AWS user to gain access to EKS?

I'm trying to do: [ec2-user@xxxxxxxxx x]$ aws eks update-kubeconfig --name prod-eks-v2 --role-arn arn:aws:iam::9xxxxxxxxxxeks-v2-cluster-ServiceRole-xxxxxxxxxx An error occurred (...
Chris Stryczynski's user avatar
0 votes
1 answer
289 views

Monitoring EKS Kubernetes LoadBalancer service Type

I have created few services in Kubernetes with type: LoadBalancer. Platform: EKS. Is there a way to get number of 4xx or 5xx errors from this LoadBalancer? I have tried the following: Prometheus -...
ajmal hamza's user avatar
2 votes
2 answers
6k views

Kubernetes: run aws s3 sync/rsync against persistent volume on demand

Is there a way in Kubernetes to trigger a job to run on my containers on demand? The use case is to be able to have the containers sync from S3 to a persistent volume on demand. In the application's ...
yossarian2004's user avatar
1 vote
1 answer
1k views

Not able to join worker nodes using kubectl with updated aws-auth configmap

I'm setting up AWS EKS cluster using terraform from an EC2 instance. Basically the setup includes EC2 launch configuration and autoscaling for worker nodes. After creating the cluster, I am able to ...
Magesh's user avatar
  • 121
2 votes
1 answer
6k views

EKS suddenly failing with disk pressure

We have an EKS cluster with two t3.small nodes with 20Gi of ephemeral storage. The cluster runs only two small Nodejs (node:12-alpine) applications for now. This worked perfectly for a few weeks, and ...
chrisvdb's user avatar
  • 1,329
3 votes
1 answer
3k views

HTTP/2 for ALB with EKS on AWS

I'm experimenting with AWS EKS and have created the following setup: EKS cluster with a single service/pod/node AWS ALB ingress controller ALB I try to configure the ALB to: create access logs ...
chrisvdb's user avatar
  • 1,329