Questions tagged with Amazon Elastic Kubernetes Service

Hello Everyone, I have a Private EKS cluster. I want to access my cluster from a new Ec2 instance having kubectl and aws cli installed. Previously, everything is fine means i am able to access my Eks cluster and performing kubectl commands. But accidentally, i deleted aws-auth-cm.yml file. Then after It gives error : "You must be logged in to the Cluster (Unauthorised)". After that, i created a new eks cluster, with the same name, configuration and roles. And deleted previous one. Kindly, requesting or guide me how to access my eks cluster now step by step. I studied lot of articles and posts. But problem not solved.lg...

Hi, I ran into an issue with our logging from Kubernetes pods. We store logging in JSON format, but saw that with big JSON logs it was breaking. So I investigated the isssue. Found out that when you are sending big logs from the pods with for example `cat log/test.log > /proc/1/fd/1` It will ends in multiple parts into the node log folder (/var/log/pods/pod) `2023-03-24T11:53:33.107458625Z stdout P YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY 2023-03-24T11:53:33.107458625Z stdout P YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY 2023-03-24T11:53:33.107458625Z stdout P YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY` This breaks the JSON. How can we avoid that sending big log files to /proc/1/fd/1, will be splitted into multiple parts? Thank you!lg...

Hi, I'm currently have my cluster upgraded to v1.24, and i have already installed pod-security-admission [webhook](https://github.com/kubernetes/pod-security-admission/tree/master/webhook) It also worked as i could see there are some warnings. But if i remove the default `eks.privileged` policy, pod will be failed to create with error `no providers available to validate pod request`. Anything else I need to do to completely disconnect that PSP please ? If I upgrade my cluster to v1.25 now, will it be disrupted because the PSP is removed from kubernetes 1.25 ? Thanks !lg...

I am trying to cut down the cost of container insights, so I want to delete some metrics, that I am not using at any time. Please let me know if there is any way to delete default metrics.lg...

Are there any native options similar to AWS backup to create backups of an EKS clsuter?lg...

So I have created a EKS Cluster with 1 EKS managed node group. I also created a in-region Self-managed node group. I was trying to install some workloads into the cluster using Helm, by simply invoking `helm install` method. The first chart is installed into self-managed node group and everything works fine. But when I tried to install the second helm chart, it went to managed node group. However, the second helm chart has some dependency on the first helm chart and right now second helm chart is stuck trying to find the first helm chart. But it is in the other node group. I am wondering what kind of Security Group rule changes I need to make so that I could make this cross node group communication work ? Currently these two node groups are within the same VPC and Subnet Thankslg...

Is it possible to extend an EKS cluster (on EC2) with on-prem nodes? The on-prem nodes would ideally be connected securely to the VPC to avoid going over public internet. The motivation behind this is to utilize existing servers on-prem for some of the workload, and during peak hours extend the capabilities of the cluster via autoscaling EKS on-demand. Ideally everything would be centrally managed under AWS, therefore some EKS nodes would always be active for the control plane, data redundancy, etc. In researching this topic so far I've only found resources on EKS via AWS Outposts, EKS Anywhere, joining federated clusters, etc. -- but it seems these solutions involve managing our own infrastructure, losing the benefits of fully-managed EKS on AWS. I can't find any information about extending AWS-managed EKS clusters with on-prem hardware (effectively allowing AWS to take ownership of the node/system and integrate it into the cluster). Has anyone accomplished this, or is not viable/supported? I appreciate any feedback, thanks!lg...

Hi. Is it possible to set up routing rules for pods in EKS using standard mesh plugins? I’m not able to install plugins like Calico.lg...

Hi, I am using nlb for serving rtmp connections. Targets of nlb are multiple nodes in eks cluster and on nodes there are nginx-rtmp pods. When i stream multiple streams, i am getting connection dropped at client side, and getting "drop idle stream" log on nginx-rtmp. my idle timeout configuration on nginx-rtmp is 30 sec. I am using ec2 instances to generating load which have 5GB bandwidth. I am not able to found why this is happening. Multiple connections dropping in a single second. and sometimes all of them are on same node. Also when i am checking NLB access logs i found only two ips in target ip and i am not able to found both ip on any pod or node.lg...

Hi Team, Currently we have a customer running application in C program compiled as dll's and hosted the apps into Windows 2016 server in their on-prem data center. Now we have to migrate the apps into AWS cloud. Customer prefer to deploy this apps into container solution without code change. Is it possible to run C program dlls into EKS with small code change ? If NOT then what is the best possible treatment we should offer to customers for this application seamlessly deployed into AWS cloud. Thanks.lg...

I have a code build leading to EKS. When it calls this particular command "CREDENTIALS=$(aws sts assume-role --role-arn arn:aws:iam::3318******:role/EksWorkshopCodeBuildKubectlRole --role-session-name code-build --duration-seconds 900)" I get an error "An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::331*****:assumed-role/codebuild-kubernetes-eks-service-role/AWSCodeBuild-31746234-c1a9-4fe9-9cbc-b0d54264613e is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::331879450537:role/EksWorkshopCodeBuildKubectlRole" My code build trusted relationship looks like { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codebuild.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": {} } ] } I have an STS policy attached to my user, group, codebuils service role and eksworkshopkubectlrole. What could I be doing wronglg...

Hi All, I have create a EKS cluster . and i am trying to connect this cluster from my local machine .I am getting this error while executing kubectl command . Required your support . ]# kubectl describe -n kube-system configmap/aws-auth error: You must be logged in to the server (Unauthorized)lg...