Questions tagged [amazon-eks]
The amazon-eks tag has no usage guidance.
102
questions
8
votes
1
answer
7k
views
Worker Group VS Node Group EKS
I am trying to use https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/12.2.0(Terraform AWS EKS provider)
What is the difference between worker nodes and node group?
- 83
6
votes
1
answer
16k
views
Kubernetes pod has unbound immediate PersistentVolumeClaims (eks)
I have following StorageClass defined for aws eks cluster (3 nodes)
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: aws-gp2
annotations:
storageclass.kubernetes.io/is-default-...
- 121
5
votes
1
answer
5k
views
EKS ARM Node stuck in NotReady status - runtime network not ready cni config uninitialized
I have an EKS Cluster (AWS) named cluster-main running on
Kubernetes version: 1.16
Platform version: eks.4
CNI version v1.6.1
There are two node groups in the cluster
Cluster Name
Instance Type
AMI ...
- 121
3
votes
3
answers
12k
views
Kubectl error You must be logged in to the server (Unauthorized) when using kubectl
I proceeded with the work referring to the following site
(I don't use EKS.I create k8s on ec2 using kops)
Getting Started with kOps on AWS
When I tried to call kubectl get service I got the message: ...
3
votes
2
answers
3k
views
How can I get Egress Static IP per namespace within a EKS cluster
My current setup involves an EKS Cluster with multiple namespaces (multi-tenant) across many different EKS nodes in private subnets. I would like the egress traffic from the pods to have a dedicated ...
3
votes
2
answers
1k
views
Debugging Prometheus OOMkilled despite 6Gi limits
I'm at the end of my patience with a prometheus setup leveraging kube-prometheus-stack 44.3.0 (latest being 45).
I have two environments, staging and prod. In staging, my prometheus runs smoothly. In ...
- 141
3
votes
1
answer
3k
views
HTTP/2 for ALB with EKS on AWS
I'm experimenting with AWS EKS and have created the following setup:
EKS cluster with a single service/pod/node
AWS ALB ingress controller
ALB
I try to configure the ALB to:
create access logs
...
- 1,289
3
votes
0
answers
816
views
EKS - Use IAM roles for service accounts on multiple clusters
I am trying to use IAM roles for service accounts in EKS.
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
When it comes to create the IAM role to be assigned to a ...
- 31
2
votes
1
answer
202
views
Why would you want worker node traffic to leave a VPC? (AWS EKS)
When setting up AWS EKS, I came across a configuration option I don't understand.
What is the use case for the "public" option as shown in this screenshot?
This is the only option that makes ...
- 23
2
votes
2
answers
5k
views
Kubernetes: run aws s3 sync/rsync against persistent volume on demand
Is there a way in Kubernetes to trigger a job to run on my containers on demand?
The use case is to be able to have the containers sync from S3 to a persistent volume on demand. In the application's ...
- 143
2
votes
1
answer
6k
views
EKS suddenly failing with disk pressure
We have an EKS cluster with two t3.small nodes with 20Gi of ephemeral storage. The cluster runs only two small Nodejs (node:12-alpine) applications for now.
This worked perfectly for a few weeks, and ...
- 1,289
2
votes
1
answer
2k
views
How do i fix terraform invalid JSON policy
I am trying to use a file which contains load balancer iam policy for my AWS in terraform. However when i run the terraform script, i get an error stating:
Error: "policy" contains an ...
- 123
2
votes
2
answers
7k
views
creating k8s secret results in public private key not matching
I have created a certificate using ACM. Now, I want to create a TLS secret using kubernetes, so that I can use the secret to configure Ingress Resource.
I am trying to create a TLS secret using ...
- 41
2
votes
1
answer
2k
views
Mounting EKS EFS with CSI Times Out before Pod Comes Up
I am using EKS with Kubernetes version 1.15 and when I create a Storageclass, Persistent-Volume, Persistent-Volume-Claim, and Deployment the pod fails with:
Warning FailedAttachVolume 71s (x2 over ...
- 21
2
votes
0
answers
781
views
How do you route to a mix of HTTP and HTTPS backends from an ALB Ingress?
I have a Kubernetes cluster running in EKS (on AWS.)
In the cluster I have Elasticsearch, Kibana and various other web services.
I would like to set up a single ALB loadbalancer such that:
Requests ...
- 395
1
vote
1
answer
1k
views
Applying k8s network policies in Amazon EKS
I'm learning about Kubernetes network policies. I'm attempting to create a situation where two pods in the same namespace have different network policies associated:
pod A has ingress from anywhere
...
- 51
1
vote
3
answers
5k
views
EKS cluster nodes go from Ready to NotReady after approximately 30 minutes with authorization failures
I am using eksctl to set up a cluster on EKS/AWS.
Following the guide in the EKS documentation, I use default values for pretty much everything.
The cluster is created successfully, I update the ...
- 81
1
vote
1
answer
619
views
Managing K3s Cluster with AWS EKS
I'm wondering if I can use an EKS managed node to be the control plane for a K3s cluster deployed on an edge/IoT device, such as the Intel NUC. My goal is to have a lightweight kubernetes distro to ...
- 13
1
vote
2
answers
97
views
Infrastructure used in Amazon EKS
I was looking into a demo of an application built on Amazons kubernetes service, EKS. However, I am struggling to understand what infrastructure is used underneath, as I don't have access to AWS ...
1
vote
1
answer
2k
views
Pod assigned node role instead of service account role on AWS EKS
First some info about the setup:
EKS version: 1.21
eksctl version: 0.77.0
AWS Go SDK verion: v1.44.28
Deploying using kubectl
I have a k8s cluster on AWS EKS on which I am deploying a custom k8s ...
- 131
1
vote
1
answer
72
views
IPv4 to IPv6 NAT on AWS
AWS supports connecting to external IPv4-only services from an IPv6-only node using NAT64. Is there an equivalent for the reverse?
For context, I have an EKS cluster, which is currently IPv4-only, all ...
- 181
1
vote
1
answer
1k
views
How do I enable containerd?
When I run systemctl status containerd, I get the following output:
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; disabled; vendor ...
- 273
1
vote
1
answer
535
views
Keycloak w/ EKS + ALB (401 after auth)
I’m currently trying to get Keycloak to run in EKS behind ALB and for the life of me, I can’t get it to work. I get the redirect to a login screen and after I log in - I instantly get presented with ...
- 21
1
vote
1
answer
1k
views
do I need kube-proxy and vpc-cni addons when running fargate only eks cluster?
they both seem like good add-ons when you're running node groups; I'm assuming given Fargate mandates ALB's would register IP only for services, and other similar fargate requirements, do we still ...
- 537
1
vote
2
answers
502
views
Is AWS Fargate EKS Container to Container communication encrypted at the network level?
I see that ephemeral drives are now encrypted but is network communications between containers encrypted, say for HIPAA compliance. Looking specifically at Serverless Fargate with Kubernetes pods. A ...
- 1,496
1
vote
1
answer
295
views
Kubernetes eks supported HPA api version
Does anyone know if eks 1.15 supports apps/v1 api for hpa scalling?
We have 2 environments and would like to keep the helm repo updated to both code versions
- 21
1
vote
1
answer
2k
views
Is it possible to deploy Datadog agents on AWS EKS cluster using terraform
I am looking to understand if anyone can guide me on how to install Datadog agents on my AWS EKS cluster as pods. I am able to complete my requirement by using kubectl commands.
But here I am looking ...
1
vote
2
answers
1k
views
Missing metrics for "kubelet_volume_*" in Prometheus
I setup latest https://github.com/coreos/kube-prometheus/ in an AWS EKS cluster in which I'm using the Amazon EBS CSI driver for persistent volume claims, but I don't see any "kubelet_volume_*" ...
- 21
1
vote
1
answer
7k
views
Not able to access RDS instance inside EKS cluster | EKS <-> RDS connection
I'm trying to access my existing RDS instance in the newly created EKS cluster.
steps I have followed:
Create a VPC peering connection by keeping RDS as requester and EKS as accepter.
Add destination ...
1
vote
1
answer
301
views
Traffic encryption between EC2 and EKS pods
We are deploying our app to the EKS, and have a hybrid situation where some services aren't deployed yet within the EKS cluster.
We want the traffic between services deployed on EC2 instances would ...
- 111
1
vote
1
answer
3k
views
How do I use AWS EKS with the Jenkins Kubernetes Cloud plugin?
I have found essentially no documentation about how to use the Jenkins Kubernetes Plugin with Amazon EKS. The documentation mentions aws-iam-authenticator and a java setting to change a cache timeout, ...
- 133
1
vote
1
answer
1k
views
Not able to join worker nodes using kubectl with updated aws-auth configmap
I'm setting up AWS EKS cluster using terraform from an EC2 instance. Basically the setup includes EC2 launch configuration and autoscaling for worker nodes. After creating the cluster, I am able to ...
- 121
1
vote
1
answer
247
views
gRPC bidirectional streaming client sometimes close rpc unexpected EOF to server behind Nginx Ingress
I am faced with the issue that a gRPC Client in Bidirectional streaming call to the server behind an AWS NLB, nginx ingress controller sometimes throws er "close rpc error: code = Internal desc = ...
- 21
1
vote
0
answers
76
views
Use Node IP's instead of Pod IP's for egress with Secondary CIDR
I'm working with an Amazon EKS cluster that uses AWS VPC CNI for networking and has a custom network configuration. The primary IP address of the nodes is in the range 10.x.x.x/x, and there are ...
- 11
1
vote
2
answers
711
views
How to debug containerLogMaxSize not taking effect on the kubelet?
I'm running the following EKS version:
kubelet --version
Kubernetes v1.22.12-eks-ba74326
I've set the following parameter as documented here.
"containerLogMaxSize": "100 Mi"
I ...
- 273
1
vote
0
answers
5k
views
Kubectl generates TLS handshake timeout with private EKS cluster
I'm seeing the following error when running any kubectl command and no data is returned. This error occurs when accessing a private AWS EKS instance over a VPN connection.
$ kubectl get pods -A -v=9
...
- 11
1
vote
0
answers
556
views
EKS: kubectl exec does not respect streamingConnectionIdleTimeout
Using EKS with Kubernetes 1.21, managed nodegroups in a private subnet. I'm trying to set the cluster up so that kubectl exec times out after inactivity regardless of the workload being execed into, ...
- 11
1
vote
1
answer
343
views
AWS Site-to-Site VPN ping working, TCP not
I want to establish a site-to-site IPsec VPN connection between an AWS EKS-Kubernetes-Cluster and a server from a different provider using AWS Site-to-Site VPN.
Pings get through the VPN, but TCP ...
- 11
1
vote
0
answers
3k
views
Updating ingress-nginx helm chart for kubernetes 1.23.5
I am having lots of issues that seem to stem from upgrading my kubernetes cluster to the latest version (1.23.5). I initially had some issues with the cluster itself and the nodes but that seems to be ...
- 111
1
vote
0
answers
2k
views
Amazon EKS: Moving pods from one node group to another
I currently have a Managed Node Group serving my EKS cluster and have added another:
NodeGroup1 [current - 20gb ec2 disk]
NodeGroup2 [new - 80gb ec2 disk]
I'd like to migrate my current pods from ...
- 23
1
vote
0
answers
591
views
How can i route pods in a EKS cluster to a specific NAT Gateway within the same subnet
Am running an EKS cluster deployed on a node (in public subnet) with two namespaces, one pod running in each of the namespaces. I have created two NAT gateways on the same subnet. I would like to ...
1
vote
1
answer
2k
views
coredns deployment fails looking for nodes even after fargate profile patch
Problem with installing fargate profiles and coreddns addon; I'm using terraform for some parts and kubetctl for others, the fargate profiles are created via terraform:
fargate_profiles = {
kube-...
- 537
1
vote
0
answers
492
views
aws-load-balancer-controller annotations not working
I'm trying to automatically start an ALB in my EKS cluster by using the aws-load-balancer-controller
This is what the logs of my deployment look like:
$ kubectl logs -n kube-system deployment.apps/aws-...
- 123
1
vote
0
answers
293
views
Troubleshoot kubectl DNS Lookup REFUSED
This is happening on one engineers Macbook. Everyone else is able to run kubectl commands successfully.
% kubectl --v=1000 get svc
I0326 16:22:48.587540 28045 loader.go:379] Config loaded from file: ...
- 162
1
vote
0
answers
131
views
Applying CRDs to EKS cluster causes timeout
We have been using ArgoCD in a proof of concept EKS Cluster (running 1.18) and yesterday we tried to update it from ArgoCD 1.7.10 to 1.8.7.
Our first attempt was just by doing:
kubectl apply -n argocd ...
- 111
1
vote
0
answers
560
views
How to access a S3 bucket accessible only through a EKS Pod
We've got a S3 bucket we use to store files used by an application deployed on EKS, to access the bucket we have a secret web identity token.
The application maintenance guys sometime need to browse ...
- 111
1
vote
0
answers
3k
views
How do I allow an additional AWS user to gain access to EKS?
I'm trying to do:
[ec2-user@xxxxxxxxx x]$ aws eks update-kubeconfig --name prod-eks-v2 --role-arn arn:aws:iam::9xxxxxxxxxxeks-v2-cluster-ServiceRole-xxxxxxxxxx
An error occurred (...
- 1,738
1
vote
1
answer
2k
views
Istio : HTTPS Traffic converted to HTTP with port set as 443
Bug description
We have setup an istio over on eks cluster & a java app is hosted in it.
The pod has been created along with service with type ClusterIP
We have created Virtual Service, Gateway &...
- 111
0
votes
1
answer
1k
views
Kubernetes upgrade from 1.21 to 1.22 caused Prometheus to fail
We recently upgraded Kubernetes 1.21 to 1.22 version on aws eks. The upgrade was successful. However, the associated prometheus deployments fails with error
$ kubectl -n monitoring logs prometheus-...
- 103
0
votes
1
answer
287
views
Why does 'kubectl' sometimes return a *node* name instead of the *pod* name if the specified pod no longer exists in the cluster?
Sometimes kubectl get pod some-pod-1234abc returns an error like: Error from server (NotFound): pods "ip-192-168-55-196.us-east-1.compute.internal" not found. This is surprising because the ...
- 103