Category Archives: HOWTO’s

GitHub Actions: running the Actions Runner Controller in Kubernetes

16 October 2024
 

  We use GitHub Actions for deployments, and eventually came to the point where we wanted to run its Runners on our own Kubernetes cluster because: self-hosted GitHub Runners are cheaper – in fact, you pay only for the servers that run the jobs we need to run SQL migrations on AWS RDS in AWS… Read More »

Karpenter: an introduction to the Disruption Budgets

8 October 2024
 

  Disruption budgets were introduced in version 0.36, and it looks like a very interesting tool to limit Karpenter from recreating WorkerNodes. For example, in my case, we don’t want EC2 instances to be killed during business hours in the US because we have customers there, so we currently have consolidationPolicy=whenEmpty to prevent “unnecessary” deletion… Read More »

VictoriaMetrics Cloud: integration with AWS Data Firehose for CloudWatch metrics

2 October 2024
 

  I will write about VictoriaMetrics Cloud itself separately, but now I want to check how you can write CloudWatch Metrics via AWS Firehose to VictoriaMetrics Cloud. In fact, the AWS Data Firehose service itself allows you to transfer streaming data from various sources to Amazon services such as AWS S3, Redshift, Open Search, or… Read More »

VictoriaLogs: an overview, run in Kubernetes, LogsQL, and Grafana

9 September 2024
 

 VictoriaLogs is a relatively new system for collecting and analyzing logs, similar to Grafana Loki, but – like VictoriaMetrics compared to vanilla Prometheus – less demanding on CPU/Memory resources. Personally, I’ve been using Grafana Loki for about 5 years, but sometimes I have concerns about it – both in terms of documentation and the overall… Read More »

AWS: Kubernetes and External Secrets Operator for AWS Secrets Manager

24 August 2024
 

  We have a new EKS cluster 1.30 on our project, where we want to completely remove the old IRSA with OIDC and start using EKS Pod Identities – see AWS: EKS Pod Identities – a replacement for IRSA? Simplifying IAM access management. And everything seems to work fine, but when I started deploying our… Read More »

AWS: IAM Access Analyzer policy generation – create an IAM Policy

24 August 2024
 

  Quite often for a new project that is just building its infrastructure and CI/CD to do so as an MVP/PoC, and at the beginning, no time is spent on tuning AWS IAM Roles and IAM Policies, but simply connecting AdministratorAccess. Actually, this is exactly what happened in my project, but we are growing, and… Read More »

Terraform: managing EKS Access Entries and EKS Pod Identities

24 August 2024
 

 So, we have an AWS Elastic Kubernetes Service cluster with Authentication mode EKS API and ConfigMap, which we enabled during upgrade of the EKS Terraform module from version 19.21 to 20.0. Before switching EKS Authentication mode completely to the API, we need to transfer all users and roles to Access Entries of the EKS cluster… Read More »

Terraform: EKS and Karpenter version upgrade 19.21 to 20.0

13 July 2024
 

 It seems like a common task to update a version of a Terraform module, but terraform-aws-modules/eks version 20.0 had some pretty big changes with breaking changes. The changes relate to authentication and authorization in AWS IAM and AWS EKS, which I analyzed in the post AWS: Kubernetes and Access Management API, the new authentication in… Read More »

EcoFlow: monitoring with Prometheus and Grafana

7 July 2024
 

 In continuation of the topic with Підготовка до зими 2024-2025: ДБЖ, інвертори, та акумулятори (in Ukrainian). Surprise – there’s even a Prometheus exporter for the EcoFlow – berezhinskiy/ecoflow_exporter! It looks really cool. I launched it, looked at it, and ran to write this post. It can be run in a couple of clicks with Docker… Read More »

AWS: Kubernetes and Access Management API, the new authentication in EKS

7 July 2024
 

  Another cool feature that Amazon showed back at the last re:Invent in November 2023 is changes in how AWS Elastic Kubernetes Service authenticates and authorizes users. And this applies not only to the cluster’s users, but also to its WorkerNodes. I mean, it’s not really a new scheme (November 2023) – but I just… Read More »