Tag Archives: Kubernetes

AWS: InvalidSignatureException: Signature not yet current and Kubernetes AWS ALB Ingress controller

4 March 2021
 

 One day our developers said that they can not create new AWS LoadBalancers via Ingress on our Kubernetes Dev cluster (AWS EKS). Balancers are created using AWS ALB Controller, see AWS Elastic Kubernetes Service: running ALB Ingress controller. Errors in the controller’s logs were: E0304 07:12:38.595113       1 controller.go:217] kubebuilder/controller “msg”=”Reconciler error” “error”=”no object matching key… Read More »

Jenkins: running workers in Kubernetes and Docker images build

27 February 2021
 

 We have a Jenkins instance that is running jobs in Docker containers on its host. Eventually, we’ve faced with an issue when the current AWS Ec2 instance t2.2xlarge (8 CPU, 32 RAM) during peak workload periods was too overloaded – not enough CPU time, not enough memory. So, the first solution could be to proceed… Read More »

Kubernetes: NGINX/PHP-FPM graceful shutdown and 502 errors

25 February 2021
 

 We have a PHP application running with Kubernetes in pods with two dedicated containers – NGINX и PHP-FPM. The problem is that during downscaling clients get 502 errors. E.g. when a pod is stopping, its containers can not correctly close existing connections. So, in this post, we will take a closer look at the pods’… Read More »

Logz.io: collection logs from Kubernetes – fluentd vs filebeat

1 February 2021
 

 We are using Logz.io to collect our Kubernetes cluster logs (also, there is a local Loki instance). Logs are collected and processed by a Fluentd pod on every WorkerNode which are deployed from a DaemonSet in its default configuration, see the documentation here – logzio-k8s. The problem we faced is that those pods are consuming… Read More »

ArgoCD: a Helm chart deployment, and working with Helm Secrets via AWS KMS

22 November 2020
 

 In the previous post ArgoCD: an overview, SSL configuration, and an application deploy we did a quick overview on how to work with the ArgoCD in general, and now let’s try to deploy a Helm chart. The most interesting part of this is how to enable the Helm Secrets. Had some pain with this, but… Read More »

ArgoCD: an overview, SSL configuration, and an application deploy

22 November 2020
 

 ArgoCD helps to deliver applications to Kubernetes by using the GitOps approach, i.e. when a Git-repository is used as a source of trust, thus all manifest, configs and other data are stored in a repository. It can b used with Kubernetes manifest, kustomize, ksonnet, jsonnet, and what we are using in our project – Helm-charts.… Read More »

Kubernetes: ServiceAccounts, JWT-tokens, authentication, and RBAC authorization

22 November 2020
 

  For the authentification and authorization, Kubernetes has such notions as User Accounts and Service Accounts. User Accounts – common user profiles used to access a cluster from the outside, while Service Accounts are used to grant access from inside of the cluster. ServiceAccounts are intended to provide an identity for a Kubernetes Pod to… Read More »

Kubernetes: update AWS Route53 DNS from an Ingress

22 November 2020
 

 We’d like to have the ability to add a DNS-record on the AWS Route53 when a Kubernetes Ingress resource is deployed and point this record to the URL of an AWS Load Balancer which is created by the ALB Ingress controller. To achieve this, the ExternalDNS can be used which will make API-requests to the… Read More »

Jenkins: Redis deployment, and Helm subchart values

1 November 2020
 

 The task is to create a Jenkins job to deploy Redis to Dev/Stage/Prod Kubernetes clusters. In the Redis: running Master-Slave replication in Kubernetes we did it manually to see how it’s working, now it’s time to automate it. The main question is how to pass parameters for different environments during the deployment? I’d like to… Read More »

Kubernetes: Service, load balancing, kube-proxy, and iptables

1 November 2020
 

 One day I wondered – how is load balancing between pods is working in Kubernetes? I.e. – we have an external Load Balancer. Then a Service. And behind it – Pods. What happens when we are receiving a network packet from the world, and we have a few pods – how the traffic will be… Read More »