Tag Archives: AWS

Istio: an overview and running Service Mesh in Kubernetes

11 April 2021
 

 Istio is a Service Mesh solution that allows performing Service Discovery, Load Balancing, traffic control, canary rollouts and blue-green deployments, traffic monitoring between microservices. We will use Istio in our AWS Elastic Kubernetes Service for traffic monitoring, as an API Gateway service, for traffic policies, and for various deployment strategies. In this post, will speak… Read More »

Kubernetes: ExternalDNS – records retrieval failed: failed to list hosted zones: Throttling: status code: 400

9 April 2021
 

 We have an ExternalDNS service running, see the Kubernetes: update AWS Route53 DNS from an Ingress post, which started sending a lot of messages like: msg=”failed to list resource records sets for zone /hostedzone/Z2VM3W5SRY4I9J: Throttling: \n\tstatus code: 400 And even AWS Console in the Route53 says “Throttling error that was caused because API rate was… Read More »

Opsgenie: integration with AWS RDS and alerting

18 March 2021
 

 Let’s configure Opsgenie with AWS RDS. The idea is to get notifications from RDS about events and send them to Opsgenie which will send them to our Slack. To do so, we need to configure AWS Simple Notification Service and AWS RDS Event subscriptions. The official documentation is here>>>. Opsgenie confiuration Go to the Integrations… Read More »

AWS: InvalidSignatureException: Signature not yet current and Kubernetes AWS ALB Ingress controller

4 March 2021
 

 One day our developers said that they can not create new AWS LoadBalancers via Ingress on our Kubernetes Dev cluster (AWS EKS). Balancers are created using AWS ALB Controller, see AWS Elastic Kubernetes Service: running ALB Ingress controller. Errors in the controller’s logs were: E0304 07:12:38.595113       1 controller.go:217] kubebuilder/controller “msg”=”Reconciler error” “error”=”no object matching key… Read More »

ArgoCD: a Helm chart deployment, and working with Helm Secrets via AWS KMS

22 November 2020
 

 In the previous post ArgoCD: an overview, SSL configuration, and an application deploy we did a quick overview on how to work with the ArgoCD in general, and now let’s try to deploy a Helm chart. The most interesting part of this is how to enable the Helm Secrets. Had some pain with this, but… Read More »

Kubernetes: Service, load balancing, kube-proxy, and iptables

1 November 2020
 

 One day I wondered – how is load balancing between pods is working in Kubernetes? I.e. – we have an external Load Balancer. Then a Service. And behind it – Pods. What happens when we are receiving a network packet from the world, and we have a few pods – how the traffic will be… Read More »

Kubernetes: AWS ALB Ingress Controller – add redirect to another domain

9 October 2020
 

 We have an application – an old version, and a new one, and two domains for them. The application is working on AWS Elastic Kubernetes Service, behind an AWS LoadBalancer created with AWS ALB Ingress Controller. The task is to create a redirect from the old domain’s Ingress to a new LoadBalancer: old URL: dev.api.old-example.com… Read More »

Kubernetes: load-testing and high-load tuning – problems and solutions

4 September 2020
 

 Actually, this post was planned as a short note about using NodeAffinity for Kubernetes Pod: But then, as often happens, after starting writing about one thing, I faced another, and then another one, and as a result – I made this long-read post about Kubernetes load-testing. So, I’ve started about NodeAffinity, but then wondered how… Read More »

Prometheus: yet-another-cloudwatch-exporter – collecting AWS CloudWatch metrics

23 July 2020
 

 Currently, to collect metrics from the AWS CloudWatch we are using AWS’s own cloudwatch-exporter, see the Prometheus: CloudWatch exporter — сбор метрик из AWS и графики в Grafana post (in Rus), but it has a few gaps: it’s written in Java, so uses CPU/memory of the monitoring host doesn’t scrapes AWS tags from resources uses… Read More »