Questions tagged [amazon-eks]
The amazon-eks tag has no usage guidance.
122
questions
1
vote
0
answers
755
views
EKS: kubectl exec does not respect streamingConnectionIdleTimeout
Using EKS with Kubernetes 1.21, managed nodegroups in a private subnet. I'm trying to set the cluster up so that kubectl exec times out after inactivity regardless of the workload being execed into, ...
- 11
2
votes
1
answer
2k
views
Pod assigned node role instead of service account role on AWS EKS
First some info about the setup:
EKS version: 1.21
eksctl version: 0.77.0
AWS Go SDK verion: v1.44.28
Deploying using kubectl
I have a k8s cluster on AWS EKS on which I am deploying a custom k8s ...
- 141
0
votes
0
answers
1k
views
Configure EKS to use Nexus Private Docker Registry (HTTP/HTTPS)
I've created an EKS cluster on AWS along with Nexus Repository on DigitalOcean using Terraform & Ansible.
Also I've not created any SSL for the Nexus Repository, so it is "http."
...
1
vote
1
answer
439
views
AWS Site-to-Site VPN ping working, TCP not
I want to establish a site-to-site IPsec VPN connection between an AWS EKS-Kubernetes-Cluster and a server from a different provider using AWS Site-to-Site VPN.
Pings get through the VPN, but TCP ...
- 11
0
votes
0
answers
201
views
Temporarily take kubernetes cluster offline
I have a kuberbetes cluster running in EKS. We use it for testing periodically but mainly it just sits there with all its nodes and costing us.
I am looking for the most elegant way to turn it off so ...
- 532
1
vote
0
answers
3k
views
Updating ingress-nginx helm chart for kubernetes 1.23.5
I am having lots of issues that seem to stem from upgrading my kubernetes cluster to the latest version (1.23.5). I initially had some issues with the cluster itself and the nodes but that seems to be ...
- 111
0
votes
1
answer
348
views
Direct Traffic from a Pulbic ALB to an Internal ALB for EKS
So I have an EKS cluster sitting in a dedicated VPC (EKS-VPC)
In my Main VPC I have a public-facing ALB that I want it to somehow direct traffic to services running in EKS.
More specifically I want ...
- 121
0
votes
1
answer
418
views
Why does 'kubectl' sometimes return a *node* name instead of the *pod* name if the specified pod no longer exists in the cluster?
Sometimes kubectl get pod some-pod-1234abc returns an error like: Error from server (NotFound): pods "ip-192-168-55-196.us-east-1.compute.internal" not found. This is surprising because the ...
- 103
0
votes
1
answer
1k
views
Is it possible to mix instance types in an AWS cluster?
I'd like to know if it is possible to mix node instance types in an AWS (EKS) cluster.
I'd like to host something which requires more resources and add it to the cluster.
- 1,445
1
vote
1
answer
703
views
Managing K3s Cluster with AWS EKS
I'm wondering if I can use an EKS managed node to be the control plane for a K3s cluster deployed on an edge/IoT device, such as the Intel NUC. My goal is to have a lightweight kubernetes distro to ...
- 13
0
votes
1
answer
850
views
Using the AWS VPC CNI add on for EKS can I access a pod directly via it's vpc ip address over a vpn?
My general question is in the title. I feel like I've misunderstood the way pods are connected to the VPC. I was assuming this would make pods routable on the vpc but it seems like this is not the ...
- 103
1
vote
0
answers
2k
views
Amazon EKS: Moving pods from one node group to another
I currently have a Managed Node Group serving my EKS cluster and have added another:
NodeGroup1 [current - 20gb ec2 disk]
NodeGroup2 [new - 80gb ec2 disk]
I'd like to migrate my current pods from ...
- 23
3
votes
2
answers
4k
views
How can I get Egress Static IP per namespace within a EKS cluster
My current setup involves an EKS Cluster with multiple namespaces (multi-tenant) across many different EKS nodes in private subnets. I would like the egress traffic from the pods to have a dedicated ...
2
votes
0
answers
906
views
How do you route to a mix of HTTP and HTTPS backends from an ALB Ingress?
I have a Kubernetes cluster running in EKS (on AWS.)
In the cluster I have Elasticsearch, Kibana and various other web services.
I would like to set up a single ALB loadbalancer such that:
Requests ...
- 395
1
vote
0
answers
747
views
How can i route pods in a EKS cluster to a specific NAT Gateway within the same subnet
Am running an EKS cluster deployed on a node (in public subnet) with two namespaces, one pod running in each of the namespaces. I have created two NAT gateways on the same subnet. I would like to ...
0
votes
0
answers
1k
views
AWS ELB(classic load balancer) response is too slow and sometimes response is not coming it is showing timed out
I have EKS cluster setup in private subnet in which i'm having my microservices and for each microservice i have classic load balancer to access API. But response is having high latency and sometimes ...
- 21
0
votes
1
answer
721
views
Can't access RDS instance externally
I've spun up an RDS postgres database in an existing VPC (which has both public and private subnets - connected to a NAT gateway) which I've set as publicly accessible.
I've added the relevant IP ...
- 23
0
votes
1
answer
872
views
Unable to grant additional AWS roles the ability to interact with my cluster
I am trying to learn AWS EKS and following Getting started with Amazon EKS – AWS Management Console and AWS CLI guide step by step except for the region which I have changed to us-east-1.
I am able to ...
- 101
0
votes
2
answers
16k
views
AWS EKS add-on coredns status as degraded and node group creation failed( is unable to join Cluster)
I'm trying to create node group on EKS Cluster(region = ap-south-1) but it is failing to join cluster. Health issues : NodeCreationFailure Instances failed to join the kubernetes cluster
I found that ...
- 21
0
votes
1
answer
342
views
Hashicorp Vault - AWS EKS vs EC2
Is it possible to install a Hashicorp Vault cluster to EC2 only or is EKS required and would there be a big advantage to one over the other?
- 33
1
vote
1
answer
2k
views
do I need kube-proxy and vpc-cni addons when running fargate only eks cluster?
they both seem like good add-ons when you're running node groups; I'm assuming given Fargate mandates ALB's would register IP only for services, and other similar fargate requirements, do we still ...
- 537
1
vote
1
answer
2k
views
coredns deployment fails looking for nodes even after fargate profile patch
Problem with installing fargate profiles and coreddns addon; I'm using terraform for some parts and kubetctl for others, the fargate profiles are created via terraform:
fargate_profiles = {
kube-...
- 537
0
votes
2
answers
1k
views
AWS EKS Ingress Timeout On Any Non-Root Path
We have configured an Ingress resource on our EKS cluster with rewrites from /.* on the load balancer to the matching URI upstream. If we visit staging.my-domain.com/, we see a successful health-check ...
- 181
3
votes
0
answers
1k
views
EKS - Use IAM roles for service accounts on multiple clusters
I am trying to use IAM roles for service accounts in EKS.
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
When it comes to create the IAM role to be assigned to a ...
- 31
5
votes
1
answer
5k
views
EKS ARM Node stuck in NotReady status - runtime network not ready cni config uninitialized
I have an EKS Cluster (AWS) named cluster-main running on
Kubernetes version: 1.16
Platform version: eks.4
CNI version v1.6.1
There are two node groups in the cluster
Cluster Name
Instance Type
AMI ...
- 121
0
votes
0
answers
506
views
Can i access an EKS cluster , if i don't have access to iam user that created it?
An AWS admin , created an IAM user , and that user created an EKS cluster. Now , we don't have access to that IAM user.
If , we try to execute , kubectl , commands on that EKS cluster from a new IAM ...
1
vote
0
answers
500
views
aws-load-balancer-controller annotations not working
I'm trying to automatically start an ALB in my EKS cluster by using the aws-load-balancer-controller
This is what the logs of my deployment look like:
$ kubectl logs -n kube-system deployment.apps/aws-...
- 123
1
vote
1
answer
1k
views
Applying k8s network policies in Amazon EKS
I'm learning about Kubernetes network policies. I'm attempting to create a situation where two pods in the same namespace have different network policies associated:
pod A has ingress from anywhere
...
- 51
3
votes
2
answers
9k
views
creating k8s secret results in public private key not matching
I have created a certificate using ACM. Now, I want to create a TLS secret using kubernetes, so that I can use the secret to configure Ingress Resource.
I am trying to create a TLS secret using ...
- 51
0
votes
2
answers
2k
views
Postfix behind AWS NLB with Proxy Protocol does not send banner until CRLF is sent
I've redeployed my mail stack as a Kubernetes pod. This pod is on an EKS cluster in the private subnet, behind an NLB. Postfix and the NLB are configured to speak proxy protocol v2.
Originally I had ...
- 23
0
votes
1
answer
6k
views
AWS EKS: load balancer service stuck in external ip pending
I have a EKS cluster (1.19) with a public and private subnets. I deployed ingress nginx with the following annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta....
- 243
1
vote
0
answers
317
views
Troubleshoot kubectl DNS Lookup REFUSED
This is happening on one engineers Macbook. Everyone else is able to run kubectl commands successfully.
% kubectl --v=1000 get svc
I0326 16:22:48.587540 28045 loader.go:379] Config loaded from file: ...
- 230
1
vote
0
answers
154
views
Applying CRDs to EKS cluster causes timeout
We have been using ArgoCD in a proof of concept EKS Cluster (running 1.18) and yesterday we tried to update it from ArgoCD 1.7.10 to 1.8.7.
Our first attempt was just by doing:
kubectl apply -n argocd ...
- 111
0
votes
1
answer
387
views
Can't configure RBAC to users in EKS
I have deployed EKS using eksctl following this docs.
As the user who created the cluster I have full access control.
Trying to grant system:masters permissions to a specific user doesn't work this ...
- 123
0
votes
1
answer
274
views
Filebeat on ECK with AWS Module Fails Due To Metadata Error
We are running an Elastic Stack with ECK in EKS (7.8). We noticed that our filebeat daemonset and the AWS module were not processing logs from S3 and our SQS queues backing up. Looking at the logs on ...
- 1
0
votes
1
answer
601
views
Can 1 namespace span across multiple EKS clusters?
I am trying to understand the relation between namespaces and clusters in EKS. Can 1 namespace span across multiple EKS clusters? Is that possible?
- 125
3
votes
3
answers
13k
views
Kubectl error You must be logged in to the server (Unauthorized) when using kubectl
I proceeded with the work referring to the following site
(I don't use EKS.I create k8s on ec2 using kops)
Getting Started with kOps on AWS
When I tried to call kubectl get service I got the message: ...
0
votes
2
answers
213
views
Single IP to access Kubernetes cluster ingress
I have an amazon EKS cluster that I'm using to host multiple websites, I have an ingress controller and a load balancer that spins up more pods as needed.
I normally use CNAME type "eg alias or ...
- 101
1
vote
2
answers
550
views
Is AWS Fargate EKS Container to Container communication encrypted at the network level?
I see that ephemeral drives are now encrypted but is network communications between containers encrypted, say for HIPAA compliance. Looking specifically at Serverless Fargate with Kubernetes pods. A ...
- 1,566
0
votes
1
answer
2k
views
Running kubectl commands as cronjobs in the Kubernetes cluster results in a connection refused error
When running a kubectl command using the bitnami/kubectl image from inside a kubernetes (EKS based) cluster I am expecting the command to pick up the KUBERNETES_SERVICE_HOST and ...
- 5,242
2
votes
1
answer
243
views
Why would you want worker node traffic to leave a VPC? (AWS EKS)
When setting up AWS EKS, I came across a configuration option I don't understand.
What is the use case for the "public" option as shown in this screenshot?
This is the only option that makes ...
- 23
0
votes
2
answers
401
views
Why root user is allowed by default in public cloud Kubernetes services?
In a Kubernetes environment, I suppose that the root user should not be allowed by default to mitigate the risk in case the host OS was accessed from inside a container. This setting should be done by ...
- 1
0
votes
1
answer
825
views
Is aws-iam-authenticator still needed with EKS?
I've created a cluster (eks.3) through the console and then used aws eks update-config to generate the kubeconfig configuration. I immediately had access to the cluster through kubectl but the EKS ...
anon
1
vote
1
answer
362
views
Kubernetes eks supported HPA api version
Does anyone know if eks 1.15 supports apps/v1 api for hpa scalling?
We have 2 environments and would like to keep the helm repo updated to both code versions
- 21
1
vote
1
answer
2k
views
Is it possible to deploy Datadog agents on AWS EKS cluster using terraform
I am looking to understand if anyone can guide me on how to install Datadog agents on my AWS EKS cluster as pods. I am able to complete my requirement by using kubectl commands.
But here I am looking ...
- 113
0
votes
1
answer
259
views
why AKS,EKS,GKE better than k8s .can we say k8s architecture is base of these 3. How they leverage each other?
I am trying to learn k8s, and 1 question always coming as to why we need GKE, aks, or EKS.
In the cloud, Can we do container orchestration without the above services means can we have compute ...
- 3
0
votes
1
answer
501
views
HTTPS for EKS LoadBalancer
I have LoadBalancer setup for a Deployment on EKS. I can access the app behind the classic load balancer AWS setup with the DNS name <elb id>.<aws region>.elb.amazonaws.com. I would like ...
- 3
8
votes
1
answer
8k
views
Worker Group VS Node Group EKS
I am trying to use https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/12.2.0(Terraform AWS EKS provider)
What is the difference between worker nodes and node group?
- 83
0
votes
0
answers
746
views
In Kubernetes, how can I create a CronJob to test mysql database connectivity from a standard docker image?
I'm trying to create a cronjob in EKS to test the database connection, but it's no working. I tried with the mysql-client docker image.
This is the cronjob definition:
apiVersion: batch/v1beta1
kind: ...
- 1
0
votes
1
answer
2k
views
How pass dotenv file to my deployment using Gitlab's Auto DevOps
Recently I was deployed a EKS cluster and connect it with our Gitlab.com group, I already deployed some examples and templates from Gitlab and all works fine.
Now I’ll want to deploy my Node.js based ...
- 243