Yearly Archives: 2021

Kubernetes: spec.ports[0].nodePort: Forbidden: may not be used when `type` is ‘ClusterIP’
0 (0)

5 May 2021

During applications deploy from a Helm chart described in the Istio: shared Ingress/AWS ALB, Helm chart with conditions, Istio, and ExternalDNS we are getting the “spec.ports[0].nodePort: Forbidden: may not be used when `type` is ‘ClusterIP’” error. Let’s reproduce it and find solutions with kubectl and Helm to solve it. The “spec.ports[0].nodePort: Forbidden: may not be… Read More: Kubernetes: spec.ports[0].nodePort: Forbidden: may not be used when `type` is… »

Loading

Istio: shared Ingress/AWS ALB, Helm chart with conditions, Istio, and ExternalDNS
0 (0)

27 April 2021

Let’s proceed with our journey with Istio. Previous parts: Istio: an overview and running Service Mesh in Kubernetes Istio: external AWS Application LoadBalancer and Istio Ingress Gateway Besides Istio, in this post, we will also configure ExternalDNS, see the Kubernetes: update AWS Route53 DNS from an Ingress for details. Everything described below is a kind… Read More: Istio: shared Ingress/AWS ALB, Helm chart with conditions, Istio, and… »

Loading

Istio: a cause and solution of the “SQLSTATE Connection refused”
0 (0)

23 April 2021

During starting a pod we got errors “SQLSTATE[HY000] [2002] Connection refused’” in two different applications – a РНР/Yii and NodeJS. In the РHР/Yii it’s coming when we are running a pre-install hook during deployment with Helm and on the MySQL Migration Job execution: Yii Migration Tool (based on Yii v2.0.38)Exception ‘yii\db\Exception’ with message ‘SQLSTATE[HY000] [2002]… Read More: Istio: a cause and solution of the “SQLSTATE Connection refused”0… »

Loading

Kubernetes: metrics-server – “401 Unauthorized” amd “kubelet stopped posting node status”
0 (0)

23 April 2021

On our AWS Elastic Kubernetes Service Dev cluster, we got a couple of namespaees hanging i nthe Termination state. “401 Unauthorized”, response: “Unauthorized” Remembering a similar issue where the root cause was the metrics-server (see the Kubernetes: namespace hangs in Terminating and metrics-server non-obviousness post for details), the first thing I did was to check… Read More: Kubernetes: metrics-server – “401 Unauthorized” amd “kubelet stopped posting node… »

Loading

Istio: external AWS Application LoadBalancer and Istio Ingress Gateway
5 (1)

22 April 2021

In the previous post, Istio: an overview and running Service Mesh in Kubernetes, we started Istion io AWS Elastic Kubernetes Service and got an overview of its main components. The next task is to add an AWS Application Load Balancer (ALB) before Istio Ingress Gateway because Istio Gateway Service with its default type LoadBalancer creates… Read More: Istio: external AWS Application LoadBalancer and Istio Ingress Gateway5 (1) »

Loading

Kubernetes: NodeLocal DNS and the “lookup istiod.istio-system.svc on lookup: no such host” error
0 (0)

19 April 2021

In our Deployments, we are using the NodeLocal DNS as a local DNS cache to reduce requests number to the AWS VPC DNS, see the Kubernetes: load-testing and high-load tuning – problems and solutions for details. Currently, a manifest looks like the next: … dnsPolicy: “None” dnsConfig: nameservers: – 169.254.20.10 … The problem is, that… Read More: Kubernetes: NodeLocal DNS and the “lookup istiod.istio-system.svc on lookup: no… »

Loading

AWS: cost optimization – purchasing RDS Reserved Instances
0 (0)

16 April 2021

Currently, I’m actively working on our AWS infrastructure costs optimization and will post a series of posts about this. The first one will be about AWS RDS Reserved Instances. The idea is quite simple: you are committing to use some types of instances for one or three years. Here, you’ll be able to choose to… Read More: AWS: cost optimization – purchasing RDS Reserved Instances0 (0) »

Loading

DevOps Days Kyiv 2021
0 (0)

14 April 2021

⚙️ On April 20-22th, join DevOps Days Kyiv – a free online conference focused on the DevOps Culture. Meet experts from Google, VMWare, PagerDuty, and co-creator of Kubernetes – Joe Beda. 💻 What to expect: 5 talks about DevOps culture fireside chat with co-creator of Kubernetes – Joe Beda, fill in your questions for Joe… Read More: DevOps Days Kyiv 20210 (0) »

Loading

Istio: an overview and running Service Mesh in Kubernetes
0 (0)

11 April 2021

Istio is a Service Mesh solution that allows performing Service Discovery, Load Balancing, traffic control, canary rollouts and blue-green deployments, traffic monitoring between microservices. We will use Istio in our AWS Elastic Kubernetes Service for traffic monitoring, as an API Gateway service, for traffic policies, and for various deployment strategies. In this post, will speak… Read More: Istio: an overview and running Service Mesh in Kubernetes0 (0) »

Loading

Kubernetes: ExternalDNS – records retrieval failed: failed to list hosted zones: Throttling: status code: 400
0 (0)

9 April 2021

We have an ExternalDNS service running, see the Kubernetes: update AWS Route53 DNS from an Ingress post, which started sending a lot of messages like: msg=”failed to list resource records sets for zone /hostedzone/Z2VM3W5SRY4I9J: Throttling: \n\tstatus code: 400 And even AWS Console in the Route53 says “Throttling error that was caused because API rate was… Read More: Kubernetes: ExternalDNS – records retrieval failed: failed to list hosted… »

Loading