Questions tagged [amazon-eks]
The amazon-eks tag has no usage guidance.
65
questions with no upvoted or accepted answers
3
votes
0
answers
1k
views
EKS - Use IAM roles for service accounts on multiple clusters
I am trying to use IAM roles for service accounts in EKS.
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
When it comes to create the IAM role to be assigned to a ...
- 31
2
votes
2
answers
70
views
How to obtain authorization to access EKS cluster
Followed this document Cert Signing to get the certificate issued.
I created cluster role and role binding to test it.
$ kubectl auth can-i create pods --as=myserver
yes
$ kubectl auth can-i list pods ...
2
votes
0
answers
906
views
How do you route to a mix of HTTP and HTTPS backends from an ALB Ingress?
I have a Kubernetes cluster running in EKS (on AWS.)
In the cluster I have Elasticsearch, Kibana and various other web services.
I would like to set up a single ALB loadbalancer such that:
Requests ...
- 395
1
vote
0
answers
67
views
eksctl and AsgInstance launch failures due to account quota limit
I was trying to launch an eks cluster using eksctl tool. The cluster is launched but the nodegroup fails to launch. The following error is displayed in the cloudformation of the nodegroup.
Error ...
- 111
1
vote
1
answer
969
views
gRPC bidirectional streaming client sometimes close rpc unexpected EOF to server behind Nginx Ingress
I am faced with the issue that a gRPC Client in Bidirectional streaming call to the server behind an AWS NLB, nginx ingress controller sometimes throws er "close rpc error: code = Internal desc = ...
- 21
1
vote
0
answers
254
views
Use Node IP's instead of Pod IP's for egress with Secondary CIDR
I'm working with an Amazon EKS cluster that uses AWS VPC CNI for networking and has a custom network configuration. The primary IP address of the nodes is in the range 10.x.x.x/x, and there are ...
- 11
1
vote
2
answers
1k
views
How to debug containerLogMaxSize not taking effect on the kubelet?
I'm running the following EKS version:
kubelet --version
Kubernetes v1.22.12-eks-ba74326
I've set the following parameter as documented here.
"containerLogMaxSize": "100 Mi"
I ...
- 273
1
vote
0
answers
6k
views
Kubectl generates TLS handshake timeout with private EKS cluster
I'm seeing the following error when running any kubectl command and no data is returned. This error occurs when accessing a private AWS EKS instance over a VPN connection.
$ kubectl get pods -A -v=9
...
- 11
1
vote
0
answers
755
views
EKS: kubectl exec does not respect streamingConnectionIdleTimeout
Using EKS with Kubernetes 1.21, managed nodegroups in a private subnet. I'm trying to set the cluster up so that kubectl exec times out after inactivity regardless of the workload being execed into, ...
- 11
1
vote
1
answer
439
views
AWS Site-to-Site VPN ping working, TCP not
I want to establish a site-to-site IPsec VPN connection between an AWS EKS-Kubernetes-Cluster and a server from a different provider using AWS Site-to-Site VPN.
Pings get through the VPN, but TCP ...
- 11
1
vote
0
answers
3k
views
Updating ingress-nginx helm chart for kubernetes 1.23.5
I am having lots of issues that seem to stem from upgrading my kubernetes cluster to the latest version (1.23.5). I initially had some issues with the cluster itself and the nodes but that seems to be ...
- 111
1
vote
0
answers
2k
views
Amazon EKS: Moving pods from one node group to another
I currently have a Managed Node Group serving my EKS cluster and have added another:
NodeGroup1 [current - 20gb ec2 disk]
NodeGroup2 [new - 80gb ec2 disk]
I'd like to migrate my current pods from ...
- 23
1
vote
0
answers
747
views
How can i route pods in a EKS cluster to a specific NAT Gateway within the same subnet
Am running an EKS cluster deployed on a node (in public subnet) with two namespaces, one pod running in each of the namespaces. I have created two NAT gateways on the same subnet. I would like to ...
1
vote
0
answers
500
views
aws-load-balancer-controller annotations not working
I'm trying to automatically start an ALB in my EKS cluster by using the aws-load-balancer-controller
This is what the logs of my deployment look like:
$ kubectl logs -n kube-system deployment.apps/aws-...
- 123
1
vote
0
answers
317
views
Troubleshoot kubectl DNS Lookup REFUSED
This is happening on one engineers Macbook. Everyone else is able to run kubectl commands successfully.
% kubectl --v=1000 get svc
I0326 16:22:48.587540 28045 loader.go:379] Config loaded from file: ...
- 230
1
vote
0
answers
154
views
Applying CRDs to EKS cluster causes timeout
We have been using ArgoCD in a proof of concept EKS Cluster (running 1.18) and yesterday we tried to update it from ArgoCD 1.7.10 to 1.8.7.
Our first attempt was just by doing:
kubectl apply -n argocd ...
- 111
1
vote
0
answers
714
views
How to access a S3 bucket accessible only through a EKS Pod
We've got a S3 bucket we use to store files used by an application deployed on EKS, to access the bucket we have a secret web identity token.
The application maintenance guys sometime need to browse ...
- 111
1
vote
0
answers
3k
views
How do I allow an additional AWS user to gain access to EKS?
I'm trying to do:
[ec2-user@xxxxxxxxx x]$ aws eks update-kubeconfig --name prod-eks-v2 --role-arn arn:aws:iam::9xxxxxxxxxxeks-v2-cluster-ServiceRole-xxxxxxxxxx
An error occurred (...
- 1,908
1
vote
1
answer
2k
views
Istio : HTTPS Traffic converted to HTTP with port set as 443
Bug description
We have setup an istio over on eks cluster & a java app is hosted in it.
The pod has been created along with service with type ClusterIP
We have created Virtual Service, Gateway &...
- 111
0
votes
0
answers
10
views
Public IP should not be changed when aws eks cluster and managed nodegroup is upgraded
We have used the eks cluster(current version 1.20) and managed nodegroup and used the public IPs of the nodes for our purpose so now when we upgrade the eks cluster and nodegroup with version 1.21 all ...
0
votes
1
answer
44
views
Unable to start metrics server on eks fargate
I am trying to implement eks on fargate. I want to deploy metrics server on eks fargate. I am following official documentation from aws on eks.
https://docs.aws.amazon.com/eks/latest/userguide/metrics-...
0
votes
0
answers
19
views
Is it possible to configure `kubectl exec` to behavior the same way as `ssh` when there is a client disconnect?
Empirically, it looks like kubectl exec and ssh behave differently on disconnects of the client.
I performed the following experiments.
SSH
# Terminal 1
ssh <random_host_in_aws>
bash -c 'sleep ...
- 273
0
votes
0
answers
16
views
How istio works with multiple node groups on single eks cluster
In our vpc architecture, we have designed like one vpc with two availability zones, two public subnets , 2 private subnets , 2 private db subnets, internet gateway , route table association to pulic ...
0
votes
0
answers
23
views
Setting up Prometheus on Azure Kubernetes Cluster
I am setting up Prometheus on a production aks cluster. The app deployment on this cluster is exposed using ngnix ingress behind a load balancer and a firewall device.
How do I access Prometheus ...
- 1
0
votes
0
answers
75
views
Assign static IP address (outbound traffic) for every pod in EKS cluster
I have my software running in EKS cluster, where every node can fit up to 5 pods. The software uses multiple accounts on 3rd-party service which requires IP whitelisting. I have separate manifest ...
0
votes
0
answers
766
views
FailedScheduling too many pods. Preemption: 0/2 nodes are available: 2 No preemption victims found for incoming pod
I configured eks and when performing a deployment, the pod is always in pending state.
FailedScheduling appears. My node group is created with 2 node - T2.micro - 20gb.
Even the simplest deployment ...
0
votes
0
answers
120
views
AWS application load balancer not registering targets for Kubernetes EKS node target group
I have an EKS cluster with public/private access on a VPC with public and private subnets. I've setup my ALB in the public subnets on port 80, internet-facing and ip and installed the AWS controller ...
0
votes
0
answers
121
views
AWS EC2 Autoscaling Group timeout during scale up from 0 to 1 then "Failed to find readiness information for" until manual termination
I have an AWS EC2 Auto Scaling Group for GPU accelerated g4dn-2xlarge instances.
Recently we've had a couple of days where the ASG times out after 5 minutes scaling from 0 to 1 and the instance it ...
- 101
0
votes
1
answer
82
views
How do Fargate pods locate CoreDNS?
How do Kubernetes serverless pods (EKS Fargate) know the IP address to access the cluster's DNS server (the CoreDNS service deployment)?
I recently updated a Kubernetes cluster to set up serverless ...
- 141
0
votes
0
answers
45
views
Static files not being detected by the ALB
So, I have deployed an application in a Kubernetes environment (AWS EKS). It is a collection of various micro-applications exposed as services, each micro-service having three replica sets.
All the ...
- 1
0
votes
0
answers
24
views
Does EKS bill include the costs for control-plane (master) nodes?
EKS costs $0.10 / hr + you pay for the worker nodes (EC2 + storage + data transfer). But EKS itself runs master nodes. So the question is: does $0.10 covers the costs of master nodes? If not, then how ...
0
votes
1
answer
286
views
AWS VPC CNI PLUGIN - Error: container runtime network not ready due to NetworkPluginNotReady - How to Resolve
I am facing difficulty in this, maybe the answer is simple so if someone knows the answer, please comment here.
I have created an EKS cluster using the following manifest.
apiVersion: eksctl.io/...
- 1
0
votes
1
answer
146
views
Failing to authenticate with GHCR after kubernetes upgrade to 1.24
I’ve upgraded my AWS EKS to 1.24, and since then authentication with github docker registry fails.
I’m running the following Ansible task in Jenkins:
- name: Login to github docker registry
...
0
votes
0
answers
200
views
Velero cannot access same S3 from different EKS cluster
I have velero installed on two different EKS clusters in the same region. All velero installation configurations are same and installed using same charts and credentials, and uses same S3 bucket with ...
- 101
0
votes
0
answers
83
views
how to grant network access to mongo atlas to a EKS deployment
problem:
I have an app running on a EKS cluster that needs to connect with a mongodb atlas database.
I must grant the app running on the EKS cluster network access by entering its IP address.
I do not ...
0
votes
0
answers
139
views
Why can't I schedule more pods even with Ipv4Prefix enabled in my EKS cluster
I am using cilium as my CNI. I have successfully run the cilium connectivity test and all tests pass. My nodegroup schedules a t3.small nodes (3 of them), which allows me to run 11 pods without ...
- 123
0
votes
0
answers
190
views
EKS coredns resolve eks.us-east-1.amazonaws.com
Can't resolve eks.us-east-1.amazonaws.com
kubectl exec -i -t dnsutils -- nslookup eks.us-east-1.amazonaws.com
Server: 10.100.0.10
Address: 10.100.0.10#53
Non-authoritative answer:
*** ...
- 1
0
votes
0
answers
41
views
Stop EKS/Traefik overwriting Inbound Security Group rules every 2 weeks
I have a kubernetes cluster (EKS AWS Managed) with Traefik Ingress service installed. Now, my understanding is the ingress service creates and manages the load balancer in AWS, and also the security ...
- 101
0
votes
0
answers
83
views
EKS provisions nodes more than maxnodes using Karpenter
Currently I am using EKS with karpenter and I provision EKS cluster with values
minNodes: 1
maxNodes: 2
DesiredNodes: 1
Then I setup the karpenter using this link. After Setting it up as referred by ...
0
votes
0
answers
180
views
AWS ALB gives 504 timeout when vpc cni network policies applied
I've got argocd deployed on EKS, with ingress running on top of AWS Load Balancer Controller.
Alb controller is deployed in kube-system. Argo is deployed in argocd namespace with internal alb created ...
- 101
0
votes
0
answers
13
views
Removing kubernetes.io/aws-ebs in-tree StorageClass
After installation of aws-ebs-csi-driver I've realized that there is default in-tree implementation kubernetes.io/aws-ebs which is deprecated according to official doc:
$ kubectl get StorageClass
NAME ...
- 321
0
votes
1
answer
536
views
CoreDNS pods in AWS EKS Fargate unable to pull image
I created a PRIVATE EKS Cluster using AWS Console. Then, followed the documentation to configure Fargate. After I finished, I can see my Fargate nodes under Compute tab in my cluster in AWS Console, ...
- 1
0
votes
0
answers
155
views
On AWS EKS, how can I update an addon multiple minor versions at once?
Some enabled add-on lags far behind the latest version. The add-on is NOT self-managed (checked using the doc with aws eks describe-addon)
That specific addon has no compatibility issues between the ...
- 1
0
votes
0
answers
128
views
Restrict Access to Amazon EKS Cluster for Users with Kubeconfig by Specific IP (Connected to VPN)
I have an Amazon Elastic Kubernetes Service (EKS) cluster running in my private subnet. I've created a kubeconfig file for a user, let's call it the "lens user." However, I've noticed that ...
- 111
0
votes
0
answers
32
views
Unable to enable Singlestore studio in Singlestore kubernetes operator
I deployed a singlestore test cluster using the documentation from https://docs.singlestore.com/db/v7.3/deploy/kubernetes/ on AWS.
The deployment was successful, and I managed to get the cluster up ...
0
votes
0
answers
20
views
Issues with Kompose tool while converting docker compose to k8 mainifest
how to resolve issues while converting docker-compose to k8 manifest files.
I am getting errors once use the Konvert tool forbidden errors. any simple way to convert docker-compose to k8 manifest
0
votes
1
answer
519
views
No out of pod networking on EKS cluster
I have an EKS cluster(1.24) launched with Terraform's AWS EKS module. System generated security groups. Private or public subnets.
Cluster Inbound:
Node Inbound:
Node Outbound:
The cluster has 1 ...
- 11
0
votes
1
answer
232
views
Does AWS EKS 1.27 have Graceful Node Shutdown enabled by default?
I'm not sure if the GracefulNodeShutdown feature gate is enabled in EKS 1.27.
I know that for regular vanilla Kubernetes 1.27 is set to true by default GracefulNodeShutdown since 1.21.
But I can't ...
- 181
0
votes
0
answers
39
views
Assign permission to EKS cluter using IAM groups
Following this tutorial: https://archive.eksworkshop.com/beginner/091_iam-groups/test-cluster-access/ - Which I believe is missing the point it is trying to make, by assuming the role directly at the ...
- 101
0
votes
0
answers
46
views
Kubernets: what exactly needs to be installed on each server/node and how?
I have coded AWS instances that can serve as nodes where my containers will run. So by default each of these instances have docker installed. This part is working fine.
Eventually i would like to ...
- 101