Browse through the questions and answers listed below or filter and sort to narrow down your results.
EKS NodeGroup IAM Role on Config File (yaml)
Hello,
I'm new to EKS and I have setup a cluster with a NodeGroup from the AWS Console.
Now, I want to do this setup by code, by eksctl using the yaml file. Currently I can create the cluster properly through it, but I can't find how to create the NodeGroup.
My doubt is about where and how I specify the "Node IAM Role" field that appears in the AWS Console, but in the yaml file.
Thanks!
Accepted AnswerAmazon Elastic Kubernetes Service
1
answers
0
votes
6
views
asked 17 days ago
1
answers
0
votes
9
views
asked 2 months ago
0
answers
0
votes
5
views
asked 2 months ago
AWS EKS completly ignores 'topologySpreadConstraints'
Hey there,
When using AWS EKS 1.21, currently 1 node running, (incl. cluster-autoscaler with correctly functioning asg) and creating a deployment with 5 replicas and specifying 'topologySpreadConstraints' like this:
```
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app: xxx
```
the scheduler ignores this completly and schedules all pods on the same node. (even though there is the 'DoNotSchedule')
How can this be fixed? I want the cluster-autoscaler to see, that 2 nodes can not be scheduled.
Thanks in advance.
Accepted AnswerAmazon Elastic Kubernetes Service
1
answers
0
votes
32
views
asked 3 months ago
EKS Node selector - possible labels
A customer using EKS on AWS would like to isolate worker nodes on different racks. I can define `labels` manually as per: https://www.eksworkshop.com/beginner/140_assigning_pods/node_selector/ but I was wondering if automatic labels are perhaps available when K8s detects AWS rack-level placement groups.
My question ultimately is: are `labels` always user-defined or are there automated labels ? Is there any other strategy to create anti-affinity rules (e.g per-AZ nodes) ?
Accepted AnswerAmazon Elastic Kubernetes Service
1
answers
1
votes
26
views
2
answers
0
votes
2
views
asked 9 months ago
Certificate signing in EKS
A customer needs to generate X509 certificates in Kubernetes for their extensions (validating/mutating/conversion webhooks). [Standard way][1] is to use CertificateSigningRequest for this purpose, but EKS [does not have][2] CertificateSigning admission controller installed, so the CSR is not getting signed.
Is there either a way to enable CertificateSigning admission controller on EKS or any other best practice for generating and renewing X509 certificates for EKS cluster internal usage (i.e. kube-apiserver <-> custom-developped-webhook)?
[1]: https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/
[2]: https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html#platform-versions-1.19
Accepted AnswerAmazon Elastic Kubernetes Service
1
answers
0
votes
90
views
asked a year ago
Service stuck in "pending" on EKS with Fargate
Hi!
I created a simple cluster and a simple deployment with service (see below).
---
eksctl create cluster --name artem-cluster --region eu-west-1 --fargate --profile mfa
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sample-app
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: public.ecr.aws/nginx/nginx:1.19.6
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: sample-service
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
type: LoadBalancer
selector:
app: nginx
---
But service is stuck in <pending> state -
sample-service LoadBalancer 10.100.5.193 <pending> 80:31505/TCP 5h57m
In "describe" I see the only string:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal EnsuringLoadBalancer 29m service-controller Ensuring load balancer
---
By the way, if I create service without "service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip", it created successfully, but
curl <external_ip>:80 returns empty response, so I found in docs that I should use "nlb-ip" and now stuck with it.
Accepted AnswerAmazon Elastic Kubernetes Service
2
answers
0
votes
45
views
asked a year ago