Tag Archives: Kubernetes

Terraform: EKS and Karpenter version upgrade 19.21 to 20.0

13 July 2024
 

 It seems like a common task to update a version of a Terraform module, but terraform-aws-modules/eks version 20.0 had some pretty big changes with breaking changes. The changes relate to authentication and authorization in AWS IAM and AWS EKS, which I analyzed in the post AWS: Kubernetes and Access Management API, the new authentication in… Read More »

AWS: Kubernetes and Access Management API, the new authentication in EKS

7 July 2024
 

  Another cool feature that Amazon showed back at the last re:Invent in November 2023 is changes in how AWS Elastic Kubernetes Service authenticates and authorizes users. And this applies not only to the cluster’s users, but also to its WorkerNodes. I mean, it’s not really a new scheme (November 2023) – but I just… Read More »

AWS: RDS IAM database authentication, EKS Pod Identities, and Terraform

7 July 2024
 

  We’re preparing to migrate our Backend API database from DynamoDB to AWS RDS with PostgreSQL, and finally decided to try out AWS RDS IAM database authentication, which appeared in 2021. IAM database authentication, as the name implies, allows us to authenticate to RDS using AWS IAM instead of the login-password from the database server… Read More »

Kubernetes: monitoring Events with kubectl and Grafana Loki

23 June 2024
 

  In Kubernetes, in addition to metrics and logs from containers, we can get information about the operation of components using Kubernetes Events. Events usually store information about the status of Pods (creation, evict, kill, ready or not-ready status of pods), WorkerNodes (status of servers), Kubernetes Scheduler (inability to start a pod, etc.). Kubernetes Events… Read More »

Helm: UPGRADE FAILED: another operation (install/upgrade/rollback) is in progress

24 May 2024
 

 Sometimes, when deploying Helm charts, the error “UPGRADE FAILED: another operation (install/upgrade/rollback) is in progress” may appear: It can occur because the previous deployment failed due to errors in the chart, or the connection between the build machine and the Kubernetes cluster was lost. Check the release status with ls –all: $ helm -n dev-backend-api-ns… Read More »

AWS: VPC Flow Logs, NAT Gateways, and Kubernetes Pods – a detailed overview

5 May 2024
 

 We have a relatively large spending on AWS NAT Gateway Processed Bytes, and it became interesting to know what exactly is processed through it. It would seem that everything is simple – just turn on VPC Flow Logs and see what’s what. But when it comes to AWS Elastic Kubernetes Service and NAT Gateways, things… Read More »

AWS: VPC Prefix and the maximum of Pods on Kubernetes WorkerNodes

29 February 2024
 

 Each WorkerNode in a Kubernetes cluster can have a limited number of Pods running, and this limit is determined by three parameters: CPU: the total number of requests.cpu cannot be more than the number of CPUs on the Node Memory: the total number of requests.memory cannot be more than the Memory on the Node IP:… Read More »

Karpenter: its monitoring, and Grafana dashboard for Kubernetes WorkerNodes

18 February 2024
 

 We have an AWS Elastic Kubernetes Service cluster with Karpenter which is responsible for EC2 auto-scaling, see AWS: Getting started with Karpenter for autoscaling in EKS, and its installation with Helm. In general, there are no problems with it so far, but in any case we need to monitor it. For its monitoring, Karpenter provides… Read More »

AWS: EKS Pod Identities – a replacement for IRSA? Simplifying IAM access management

16 December 2023
 

 Another very interesting new feature from the latest re:Invent is the EKS Pod Identities: a new ability to manage Pod access to AWS resources. The current state: IAM Roles for Service Accounts Before that, we used the IAM Roles for Service Accounts (IRSA) model, where in order to give a Pod access to, for example,… Read More »