All Questions
Tagged with kubernetes amazon-eks
90
questions
0
votes
0
answers
10
views
Public IP should not be changed when aws eks cluster and managed nodegroup is upgraded
We have used the eks cluster(current version 1.20) and managed nodegroup and used the public IPs of the nodes for our purpose so now when we upgrade the eks cluster and nodegroup with version 1.21 all ...
2
votes
2
answers
70
views
How to obtain authorization to access EKS cluster
Followed this document Cert Signing to get the certificate issued.
I created cluster role and role binding to test it.
$ kubectl auth can-i create pods --as=myserver
yes
$ kubectl auth can-i list pods ...
0
votes
1
answer
44
views
Unable to start metrics server on eks fargate
I am trying to implement eks on fargate. I want to deploy metrics server on eks fargate. I am following official documentation from aws on eks.
https://docs.aws.amazon.com/eks/latest/userguide/metrics-...
0
votes
0
answers
19
views
Is it possible to configure `kubectl exec` to behavior the same way as `ssh` when there is a client disconnect?
Empirically, it looks like kubectl exec and ssh behave differently on disconnects of the client.
I performed the following experiments.
SSH
# Terminal 1
ssh <random_host_in_aws>
bash -c 'sleep ...
0
votes
0
answers
23
views
Setting up Prometheus on Azure Kubernetes Cluster
I am setting up Prometheus on a production aks cluster. The app deployment on this cluster is exposed using ngnix ingress behind a load balancer and a firewall device.
How do I access Prometheus ...
0
votes
0
answers
75
views
Assign static IP address (outbound traffic) for every pod in EKS cluster
I have my software running in EKS cluster, where every node can fit up to 5 pods. The software uses multiple accounts on 3rd-party service which requires IP whitelisting. I have separate manifest ...
0
votes
0
answers
766
views
FailedScheduling too many pods. Preemption: 0/2 nodes are available: 2 No preemption victims found for incoming pod
I configured eks and when performing a deployment, the pod is always in pending state.
FailedScheduling appears. My node group is created with 2 node - T2.micro - 20gb.
Even the simplest deployment ...
0
votes
0
answers
120
views
AWS application load balancer not registering targets for Kubernetes EKS node target group
I have an EKS cluster with public/private access on a VPC with public and private subnets. I've setup my ALB in the public subnets on port 80, internet-facing and ip and installed the AWS controller ...
0
votes
1
answer
82
views
How do Fargate pods locate CoreDNS?
How do Kubernetes serverless pods (EKS Fargate) know the IP address to access the cluster's DNS server (the CoreDNS service deployment)?
I recently updated a Kubernetes cluster to set up serverless ...
0
votes
1
answer
286
views
AWS VPC CNI PLUGIN - Error: container runtime network not ready due to NetworkPluginNotReady - How to Resolve
I am facing difficulty in this, maybe the answer is simple so if someone knows the answer, please comment here.
I have created an EKS cluster using the following manifest.
apiVersion: eksctl.io/...
0
votes
1
answer
146
views
Failing to authenticate with GHCR after kubernetes upgrade to 1.24
I’ve upgraded my AWS EKS to 1.24, and since then authentication with github docker registry fails.
I’m running the following Ansible task in Jenkins:
- name: Login to github docker registry
...
0
votes
0
answers
83
views
how to grant network access to mongo atlas to a EKS deployment
problem:
I have an app running on a EKS cluster that needs to connect with a mongodb atlas database.
I must grant the app running on the EKS cluster network access by entering its IP address.
I do not ...
0
votes
0
answers
139
views
Why can't I schedule more pods even with Ipv4Prefix enabled in my EKS cluster
I am using cilium as my CNI. I have successfully run the cilium connectivity test and all tests pass. My nodegroup schedules a t3.small nodes (3 of them), which allows me to run 11 pods without ...
0
votes
1
answer
400
views
How can i get cilium to pass the failing connectivity test
I am trying to deploy cilium to my eks cluster, for context, this cluster is a private cluster running behind a private subnet, and routed to the internet through a NAT gateway and then an internet ...
0
votes
0
answers
41
views
Stop EKS/Traefik overwriting Inbound Security Group rules every 2 weeks
I have a kubernetes cluster (EKS AWS Managed) with Traefik Ingress service installed. Now, my understanding is the ingress service creates and manages the load balancer in AWS, and also the security ...
0
votes
0
answers
180
views
AWS ALB gives 504 timeout when vpc cni network policies applied
I've got argocd deployed on EKS, with ingress running on top of AWS Load Balancer Controller.
Alb controller is deployed in kube-system. Argo is deployed in argocd namespace with internal alb created ...
0
votes
0
answers
13
views
Removing kubernetes.io/aws-ebs in-tree StorageClass
After installation of aws-ebs-csi-driver I've realized that there is default in-tree implementation kubernetes.io/aws-ebs which is deprecated according to official doc:
$ kubectl get StorageClass
NAME ...
0
votes
1
answer
536
views
CoreDNS pods in AWS EKS Fargate unable to pull image
I created a PRIVATE EKS Cluster using AWS Console. Then, followed the documentation to configure Fargate. After I finished, I can see my Fargate nodes under Compute tab in my cluster in AWS Console, ...
0
votes
1
answer
197
views
Oracle MySQL operator for kubernetes backup to S3 using service account
I've installed the operator, and trying to create the innodb cluster with backup profile which uses S3. There is no mention of S3 in the documentation, but they mentioned in a conference about S3 ...
0
votes
0
answers
128
views
Restrict Access to Amazon EKS Cluster for Users with Kubeconfig by Specific IP (Connected to VPN)
I have an Amazon Elastic Kubernetes Service (EKS) cluster running in my private subnet. I've created a kubeconfig file for a user, let's call it the "lens user." However, I've noticed that ...
1
vote
0
answers
254
views
Use Node IP's instead of Pod IP's for egress with Secondary CIDR
I'm working with an Amazon EKS cluster that uses AWS VPC CNI for networking and has a custom network configuration. The primary IP address of the nodes is in the range 10.x.x.x/x, and there are ...
0
votes
0
answers
32
views
Unable to enable Singlestore studio in Singlestore kubernetes operator
I deployed a singlestore test cluster using the documentation from https://docs.singlestore.com/db/v7.3/deploy/kubernetes/ on AWS.
The deployment was successful, and I managed to get the cluster up ...
0
votes
0
answers
20
views
Issues with Kompose tool while converting docker compose to k8 mainifest
how to resolve issues while converting docker-compose to k8 manifest files.
I am getting errors once use the Konvert tool forbidden errors. any simple way to convert docker-compose to k8 manifest
0
votes
1
answer
519
views
No out of pod networking on EKS cluster
I have an EKS cluster(1.24) launched with Terraform's AWS EKS module. System generated security groups. Private or public subnets.
Cluster Inbound:
Node Inbound:
Node Outbound:
The cluster has 1 ...
0
votes
1
answer
232
views
Does AWS EKS 1.27 have Graceful Node Shutdown enabled by default?
I'm not sure if the GracefulNodeShutdown feature gate is enabled in EKS 1.27.
I know that for regular vanilla Kubernetes 1.27 is set to true by default GracefulNodeShutdown since 1.21.
But I can't ...
0
votes
0
answers
46
views
Kubernets: what exactly needs to be installed on each server/node and how?
I have coded AWS instances that can serve as nodes where my containers will run. So by default each of these instances have docker installed. This part is working fine.
Eventually i would like to ...
3
votes
2
answers
2k
views
Debugging Prometheus OOMkilled despite 6Gi limits
I'm at the end of my patience with a prometheus setup leveraging kube-prometheus-stack 44.3.0 (latest being 45).
I have two environments, staging and prod. In staging, my prometheus runs smoothly. In ...
1
vote
1
answer
3k
views
How do I enable containerd?
When I run systemctl status containerd, I get the following output:
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; disabled; vendor ...
1
vote
2
answers
1k
views
How to debug containerLogMaxSize not taking effect on the kubelet?
I'm running the following EKS version:
kubelet --version
Kubernetes v1.22.12-eks-ba74326
I've set the following parameter as documented here.
"containerLogMaxSize": "100 Mi"
I ...
0
votes
1
answer
2k
views
AWS EKS Cluster : InvalidParameterException: Unsupported Kubernetes minor version update ,Terraform Gitlab CI
The following errors occur every time I run the pipeline
│ Error: error updating EKS Cluster (business-staging) version: InvalidParameterException: Unsupported Kubernetes minor version update from 1....
0
votes
1
answer
2k
views
Kubernetes upgrade from 1.21 to 1.22 caused Prometheus to fail
We recently upgraded Kubernetes 1.21 to 1.22 version on aws eks. The upgrade was successful. However, the associated prometheus deployments fails with error
$ kubectl -n monitoring logs prometheus-...
0
votes
0
answers
2k
views
How to create EKS cluster with VPC CNI addon via CloudFormation?
I create a EKS cluster (1.24) via cloudformation, it works fine without a CNI plugin but fails when I add vpc-cni addon:
AddonCNI:
Type: 'AWS::EKS::Addon'
Properties:
AddonName: vpc-...
2
votes
1
answer
3k
views
How do i fix terraform invalid JSON policy
I am trying to use a file which contains load balancer iam policy for my AWS in terraform. However when i run the terraform script, i get an error stating:
Error: "policy" contains an ...
0
votes
1
answer
2k
views
How do i add a security group as an inbound rule to another security group in terraform
I have a Terraform codebase which deploys a private EKS cluster, a bastion host and other AWS services. I have also added a few security groups to the in Terraform. One of the security groups allows ...
0
votes
0
answers
1k
views
Enable Vault JWT using `-tls-skip-verify` with EKS ca.crt fails with `x509: certificate signed by unknown authority`
We need to enable JWT auth in vault which is hosted within our EKS cluster in preparation for using K8s 1.24 OIDC and testing token renewal with Vault. I'm following documentation from a few places:
...
1
vote
0
answers
755
views
EKS: kubectl exec does not respect streamingConnectionIdleTimeout
Using EKS with Kubernetes 1.21, managed nodegroups in a private subnet. I'm trying to set the cluster up so that kubectl exec times out after inactivity regardless of the workload being execed into, ...
2
votes
1
answer
2k
views
Pod assigned node role instead of service account role on AWS EKS
First some info about the setup:
EKS version: 1.21
eksctl version: 0.77.0
AWS Go SDK verion: v1.44.28
Deploying using kubectl
I have a k8s cluster on AWS EKS on which I am deploying a custom k8s ...
0
votes
0
answers
1k
views
Configure EKS to use Nexus Private Docker Registry (HTTP/HTTPS)
I've created an EKS cluster on AWS along with Nexus Repository on DigitalOcean using Terraform & Ansible.
Also I've not created any SSL for the Nexus Repository, so it is "http."
...
0
votes
0
answers
201
views
Temporarily take kubernetes cluster offline
I have a kuberbetes cluster running in EKS. We use it for testing periodically but mainly it just sits there with all its nodes and costing us.
I am looking for the most elegant way to turn it off so ...
1
vote
0
answers
3k
views
Updating ingress-nginx helm chart for kubernetes 1.23.5
I am having lots of issues that seem to stem from upgrading my kubernetes cluster to the latest version (1.23.5). I initially had some issues with the cluster itself and the nodes but that seems to be ...
0
votes
1
answer
418
views
Why does 'kubectl' sometimes return a *node* name instead of the *pod* name if the specified pod no longer exists in the cluster?
Sometimes kubectl get pod some-pod-1234abc returns an error like: Error from server (NotFound): pods "ip-192-168-55-196.us-east-1.compute.internal" not found. This is surprising because the ...
1
vote
1
answer
703
views
Managing K3s Cluster with AWS EKS
I'm wondering if I can use an EKS managed node to be the control plane for a K3s cluster deployed on an edge/IoT device, such as the Intel NUC. My goal is to have a lightweight kubernetes distro to ...
1
vote
0
answers
2k
views
Amazon EKS: Moving pods from one node group to another
I currently have a Managed Node Group serving my EKS cluster and have added another:
NodeGroup1 [current - 20gb ec2 disk]
NodeGroup2 [new - 80gb ec2 disk]
I'd like to migrate my current pods from ...
2
votes
0
answers
906
views
How do you route to a mix of HTTP and HTTPS backends from an ALB Ingress?
I have a Kubernetes cluster running in EKS (on AWS.)
In the cluster I have Elasticsearch, Kibana and various other web services.
I would like to set up a single ALB loadbalancer such that:
Requests ...
1
vote
0
answers
747
views
How can i route pods in a EKS cluster to a specific NAT Gateway within the same subnet
Am running an EKS cluster deployed on a node (in public subnet) with two namespaces, one pod running in each of the namespaces. I have created two NAT gateways on the same subnet. I would like to ...
0
votes
1
answer
872
views
Unable to grant additional AWS roles the ability to interact with my cluster
I am trying to learn AWS EKS and following Getting started with Amazon EKS – AWS Management Console and AWS CLI guide step by step except for the region which I have changed to us-east-1.
I am able to ...
0
votes
2
answers
16k
views
AWS EKS add-on coredns status as degraded and node group creation failed( is unable to join Cluster)
I'm trying to create node group on EKS Cluster(region = ap-south-1) but it is failing to join cluster. Health issues : NodeCreationFailure Instances failed to join the kubernetes cluster
I found that ...
1
vote
1
answer
2k
views
do I need kube-proxy and vpc-cni addons when running fargate only eks cluster?
they both seem like good add-ons when you're running node groups; I'm assuming given Fargate mandates ALB's would register IP only for services, and other similar fargate requirements, do we still ...
1
vote
1
answer
2k
views
coredns deployment fails looking for nodes even after fargate profile patch
Problem with installing fargate profiles and coreddns addon; I'm using terraform for some parts and kubetctl for others, the fargate profiles are created via terraform:
fargate_profiles = {
kube-...
0
votes
2
answers
1k
views
AWS EKS Ingress Timeout On Any Non-Root Path
We have configured an Ingress resource on our EKS cluster with rewrites from /.* on the load balancer to the matching URI upstream. If we visit staging.my-domain.com/, we see a successful health-check ...