Questions tagged [amazon-eks]
The amazon-eks tag has no usage guidance.
122
questions
0
votes
0
answers
10
views
Public IP should not be changed when aws eks cluster and managed nodegroup is upgraded
We have used the eks cluster(current version 1.20) and managed nodegroup and used the public IPs of the nodes for our purpose so now when we upgrade the eks cluster and nodegroup with version 1.21 all ...
2
votes
2
answers
69
views
How to obtain authorization to access EKS cluster
Followed this document Cert Signing to get the certificate issued.
I created cluster role and role binding to test it.
$ kubectl auth can-i create pods --as=myserver
yes
$ kubectl auth can-i list pods ...
0
votes
1
answer
44
views
Unable to start metrics server on eks fargate
I am trying to implement eks on fargate. I want to deploy metrics server on eks fargate. I am following official documentation from aws on eks.
https://docs.aws.amazon.com/eks/latest/userguide/metrics-...
0
votes
0
answers
19
views
Is it possible to configure `kubectl exec` to behavior the same way as `ssh` when there is a client disconnect?
Empirically, it looks like kubectl exec and ssh behave differently on disconnects of the client.
I performed the following experiments.
SSH
# Terminal 1
ssh <random_host_in_aws>
bash -c 'sleep ...
- 273
0
votes
0
answers
16
views
How istio works with multiple node groups on single eks cluster
In our vpc architecture, we have designed like one vpc with two availability zones, two public subnets , 2 private subnets , 2 private db subnets, internet gateway , route table association to pulic ...
0
votes
0
answers
23
views
Setting up Prometheus on Azure Kubernetes Cluster
I am setting up Prometheus on a production aks cluster. The app deployment on this cluster is exposed using ngnix ingress behind a load balancer and a firewall device.
How do I access Prometheus ...
- 1
0
votes
0
answers
75
views
Assign static IP address (outbound traffic) for every pod in EKS cluster
I have my software running in EKS cluster, where every node can fit up to 5 pods. The software uses multiple accounts on 3rd-party service which requires IP whitelisting. I have separate manifest ...
0
votes
0
answers
766
views
FailedScheduling too many pods. Preemption: 0/2 nodes are available: 2 No preemption victims found for incoming pod
I configured eks and when performing a deployment, the pod is always in pending state.
FailedScheduling appears. My node group is created with 2 node - T2.micro - 20gb.
Even the simplest deployment ...
1
vote
0
answers
67
views
eksctl and AsgInstance launch failures due to account quota limit
I was trying to launch an eks cluster using eksctl tool. The cluster is launched but the nodegroup fails to launch. The following error is displayed in the cloudformation of the nodegroup.
Error ...
- 111
0
votes
0
answers
120
views
AWS application load balancer not registering targets for Kubernetes EKS node target group
I have an EKS cluster with public/private access on a VPC with public and private subnets. I've setup my ALB in the public subnets on port 80, internet-facing and ip and installed the AWS controller ...
0
votes
0
answers
121
views
AWS EC2 Autoscaling Group timeout during scale up from 0 to 1 then "Failed to find readiness information for" until manual termination
I have an AWS EC2 Auto Scaling Group for GPU accelerated g4dn-2xlarge instances.
Recently we've had a couple of days where the ASG times out after 5 minutes scaling from 0 to 1 and the instance it ...
- 101
0
votes
1
answer
82
views
How do Fargate pods locate CoreDNS?
How do Kubernetes serverless pods (EKS Fargate) know the IP address to access the cluster's DNS server (the CoreDNS service deployment)?
I recently updated a Kubernetes cluster to set up serverless ...
- 141
0
votes
0
answers
45
views
Static files not being detected by the ALB
So, I have deployed an application in a Kubernetes environment (AWS EKS). It is a collection of various micro-applications exposed as services, each micro-service having three replica sets.
All the ...
- 1
0
votes
0
answers
24
views
Does EKS bill include the costs for control-plane (master) nodes?
EKS costs $0.10 / hr + you pay for the worker nodes (EC2 + storage + data transfer). But EKS itself runs master nodes. So the question is: does $0.10 covers the costs of master nodes? If not, then how ...
0
votes
1
answer
285
views
AWS VPC CNI PLUGIN - Error: container runtime network not ready due to NetworkPluginNotReady - How to Resolve
I am facing difficulty in this, maybe the answer is simple so if someone knows the answer, please comment here.
I have created an EKS cluster using the following manifest.
apiVersion: eksctl.io/...
- 1
0
votes
1
answer
146
views
Failing to authenticate with GHCR after kubernetes upgrade to 1.24
I’ve upgraded my AWS EKS to 1.24, and since then authentication with github docker registry fails.
I’m running the following Ansible task in Jenkins:
- name: Login to github docker registry
...
0
votes
0
answers
200
views
Velero cannot access same S3 from different EKS cluster
I have velero installed on two different EKS clusters in the same region. All velero installation configurations are same and installed using same charts and credentials, and uses same S3 bucket with ...
- 101
0
votes
0
answers
83
views
how to grant network access to mongo atlas to a EKS deployment
problem:
I have an app running on a EKS cluster that needs to connect with a mongodb atlas database.
I must grant the app running on the EKS cluster network access by entering its IP address.
I do not ...
0
votes
0
answers
139
views
Why can't I schedule more pods even with Ipv4Prefix enabled in my EKS cluster
I am using cilium as my CNI. I have successfully run the cilium connectivity test and all tests pass. My nodegroup schedules a t3.small nodes (3 of them), which allows me to run 11 pods without ...
- 123
0
votes
0
answers
190
views
EKS coredns resolve eks.us-east-1.amazonaws.com
Can't resolve eks.us-east-1.amazonaws.com
kubectl exec -i -t dnsutils -- nslookup eks.us-east-1.amazonaws.com
Server: 10.100.0.10
Address: 10.100.0.10#53
Non-authoritative answer:
*** ...
- 1
0
votes
1
answer
400
views
How can i get cilium to pass the failing connectivity test
I am trying to deploy cilium to my eks cluster, for context, this cluster is a private cluster running behind a private subnet, and routed to the internet through a NAT gateway and then an internet ...
- 123
0
votes
0
answers
41
views
Stop EKS/Traefik overwriting Inbound Security Group rules every 2 weeks
I have a kubernetes cluster (EKS AWS Managed) with Traefik Ingress service installed. Now, my understanding is the ingress service creates and manages the load balancer in AWS, and also the security ...
- 101
0
votes
0
answers
83
views
EKS provisions nodes more than maxnodes using Karpenter
Currently I am using EKS with karpenter and I provision EKS cluster with values
minNodes: 1
maxNodes: 2
DesiredNodes: 1
Then I setup the karpenter using this link. After Setting it up as referred by ...
0
votes
0
answers
180
views
AWS ALB gives 504 timeout when vpc cni network policies applied
I've got argocd deployed on EKS, with ingress running on top of AWS Load Balancer Controller.
Alb controller is deployed in kube-system. Argo is deployed in argocd namespace with internal alb created ...
- 101
0
votes
0
answers
13
views
Removing kubernetes.io/aws-ebs in-tree StorageClass
After installation of aws-ebs-csi-driver I've realized that there is default in-tree implementation kubernetes.io/aws-ebs which is deprecated according to official doc:
$ kubectl get StorageClass
NAME ...
- 321
0
votes
1
answer
536
views
CoreDNS pods in AWS EKS Fargate unable to pull image
I created a PRIVATE EKS Cluster using AWS Console. Then, followed the documentation to configure Fargate. After I finished, I can see my Fargate nodes under Compute tab in my cluster in AWS Console, ...
- 1
0
votes
0
answers
155
views
On AWS EKS, how can I update an addon multiple minor versions at once?
Some enabled add-on lags far behind the latest version. The add-on is NOT self-managed (checked using the doc with aws eks describe-addon)
That specific addon has no compatibility issues between the ...
- 1
1
vote
2
answers
405
views
IPv4 to IPv6 NAT on AWS
AWS supports connecting to external IPv4-only services from an IPv6-only node using NAT64. Is there an equivalent for the reverse?
For context, I have an EKS cluster, which is currently IPv4-only, all ...
- 179
0
votes
1
answer
197
views
Oracle MySQL operator for kubernetes backup to S3 using service account
I've installed the operator, and trying to create the innodb cluster with backup profile which uses S3. There is no mention of S3 in the documentation, but they mentioned in a conference about S3 ...
- 103
1
vote
1
answer
969
views
gRPC bidirectional streaming client sometimes close rpc unexpected EOF to server behind Nginx Ingress
I am faced with the issue that a gRPC Client in Bidirectional streaming call to the server behind an AWS NLB, nginx ingress controller sometimes throws er "close rpc error: code = Internal desc = ...
- 21
0
votes
0
answers
128
views
Restrict Access to Amazon EKS Cluster for Users with Kubeconfig by Specific IP (Connected to VPN)
I have an Amazon Elastic Kubernetes Service (EKS) cluster running in my private subnet. I've created a kubeconfig file for a user, let's call it the "lens user." However, I've noticed that ...
- 111
1
vote
0
answers
254
views
Use Node IP's instead of Pod IP's for egress with Secondary CIDR
I'm working with an Amazon EKS cluster that uses AWS VPC CNI for networking and has a custom network configuration. The primary IP address of the nodes is in the range 10.x.x.x/x, and there are ...
- 11
0
votes
0
answers
32
views
Unable to enable Singlestore studio in Singlestore kubernetes operator
I deployed a singlestore test cluster using the documentation from https://docs.singlestore.com/db/v7.3/deploy/kubernetes/ on AWS.
The deployment was successful, and I managed to get the cluster up ...
0
votes
0
answers
20
views
Issues with Kompose tool while converting docker compose to k8 mainifest
how to resolve issues while converting docker-compose to k8 manifest files.
I am getting errors once use the Konvert tool forbidden errors. any simple way to convert docker-compose to k8 manifest
0
votes
1
answer
519
views
No out of pod networking on EKS cluster
I have an EKS cluster(1.24) launched with Terraform's AWS EKS module. System generated security groups. Private or public subnets.
Cluster Inbound:
Node Inbound:
Node Outbound:
The cluster has 1 ...
- 11
0
votes
1
answer
232
views
Does AWS EKS 1.27 have Graceful Node Shutdown enabled by default?
I'm not sure if the GracefulNodeShutdown feature gate is enabled in EKS 1.27.
I know that for regular vanilla Kubernetes 1.27 is set to true by default GracefulNodeShutdown since 1.21.
But I can't ...
- 181
0
votes
0
answers
39
views
Assign permission to EKS cluter using IAM groups
Following this tutorial: https://archive.eksworkshop.com/beginner/091_iam-groups/test-cluster-access/ - Which I believe is missing the point it is trying to make, by assuming the role directly at the ...
- 101
0
votes
0
answers
46
views
Kubernets: what exactly needs to be installed on each server/node and how?
I have coded AWS instances that can serve as nodes where my containers will run. So by default each of these instances have docker installed. This part is working fine.
Eventually i would like to ...
- 101
0
votes
1
answer
401
views
EKS service SSL endpoint
When creating a service using EKS, it is exposed using http through a AWS load balancer.
kubectl apply -f service.yaml - Will create a load balancer that's managed by EKS, and can not be modified. any ...
- 101
3
votes
2
answers
2k
views
Debugging Prometheus OOMkilled despite 6Gi limits
I'm at the end of my patience with a prometheus setup leveraging kube-prometheus-stack 44.3.0 (latest being 45).
I have two environments, staging and prod. In staging, my prometheus runs smoothly. In ...
- 141
1
vote
1
answer
3k
views
How do I enable containerd?
When I run systemctl status containerd, I get the following output:
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; disabled; vendor ...
- 273
1
vote
2
answers
1k
views
How to debug containerLogMaxSize not taking effect on the kubelet?
I'm running the following EKS version:
kubelet --version
Kubernetes v1.22.12-eks-ba74326
I've set the following parameter as documented here.
"containerLogMaxSize": "100 Mi"
I ...
- 273
0
votes
1
answer
2k
views
AWS EKS Cluster : InvalidParameterException: Unsupported Kubernetes minor version update ,Terraform Gitlab CI
The following errors occur every time I run the pipeline
│ Error: error updating EKS Cluster (business-staging) version: InvalidParameterException: Unsupported Kubernetes minor version update from 1....
- 59
0
votes
1
answer
2k
views
Kubernetes upgrade from 1.21 to 1.22 caused Prometheus to fail
We recently upgraded Kubernetes 1.21 to 1.22 version on aws eks. The upgrade was successful. However, the associated prometheus deployments fails with error
$ kubectl -n monitoring logs prometheus-...
- 103
0
votes
0
answers
2k
views
How to create EKS cluster with VPC CNI addon via CloudFormation?
I create a EKS cluster (1.24) via cloudformation, it works fine without a CNI plugin but fails when I add vpc-cni addon:
AddonCNI:
Type: 'AWS::EKS::Addon'
Properties:
AddonName: vpc-...
- 243
2
votes
1
answer
3k
views
How do i fix terraform invalid JSON policy
I am trying to use a file which contains load balancer iam policy for my AWS in terraform. However when i run the terraform script, i get an error stating:
Error: "policy" contains an ...
- 123
0
votes
1
answer
2k
views
How do i add a security group as an inbound rule to another security group in terraform
I have a Terraform codebase which deploys a private EKS cluster, a bastion host and other AWS services. I have also added a few security groups to the in Terraform. One of the security groups allows ...
- 123
0
votes
0
answers
1k
views
Enable Vault JWT using `-tls-skip-verify` with EKS ca.crt fails with `x509: certificate signed by unknown authority`
We need to enable JWT auth in vault which is hosted within our EKS cluster in preparation for using K8s 1.24 OIDC and testing token renewal with Vault. I'm following documentation from a few places:
...
- 355
1
vote
1
answer
710
views
Keycloak w/ EKS + ALB (401 after auth)
I’m currently trying to get Keycloak to run in EKS behind ALB and for the life of me, I can’t get it to work. I get the redirect to a login screen and after I log in - I instantly get presented with ...
- 21
1
vote
0
answers
6k
views
Kubectl generates TLS handshake timeout with private EKS cluster
I'm seeing the following error when running any kubectl command and no data is returned. This error occurs when accessing a private AWS EKS instance over a VPN connection.
$ kubectl get pods -A -v=9
...
- 11