5 messages
Allen Vailliencourtalmost 5 years ago
Single-node K8S cluster for testing on GCP? What would you all think is the best option? Throw minikube on it?
PePe Amengualalmost 5 years ago
is it possible to mix ALB scheme types (internal, internet-facing) on the same alb-controller ?
Thomas Hoefkensalmost 5 years ago(edited)
We have deployed alpine images on EKS Fargate nodes, and have also associated a service account to an IAM role which has access to DynamoDb and some other services. When deploying the containers, we can see that AWS has automatically set these env vars on all containers
But if we execute this command with the cli
or
the command simply hangs and does not return any results.
We have followed the docs on setting up the iam roles for the EKS (k8s) service accounts - is there anything more we need to do to check the connectivity from the containers to the DynamoDb for example? (please note, from Lambda or so we can access DynamoDb - an endpoint exists for the necessary services)
When I execute this on the pod:
I get this error: Connect timeout on endpoint URL: "sts.amazonaws.com" which is strange because the vpc endpoint is sts.eu-central-1.amazonaws.com I can also not ping endpoint addresses such as ec2.eu-central-1.amazonaws.com
AWS_ROLE_ARN=arn:aws:iam::1111111:role/my-roleAWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/tokenBut if we execute this command with the cli
aws sts get-caller-identity or
aws dynamodb list-tablesthe command simply hangs and does not return any results.
We have followed the docs on setting up the iam roles for the EKS (k8s) service accounts - is there anything more we need to do to check the connectivity from the containers to the DynamoDb for example? (please note, from Lambda or so we can access DynamoDb - an endpoint exists for the necessary services)
When I execute this on the pod:
aws sts assume-role-with-web-identity \ --role-arn $AWS_ROLE_ARN \ --role-session-name mh9test \ --web-identity-token ```file://$AWS_WEB_IDENTITY_TOKEN_FILE \ --duration-seconds 1000 I get this error: Connect timeout on endpoint URL: "sts.amazonaws.com" which is strange because the vpc endpoint is sts.eu-central-1.amazonaws.com I can also not ping endpoint addresses such as ec2.eu-central-1.amazonaws.com
meirfialmost 5 years ago
Hay all,
we are facing a strange behaver of WeaveCNI in our AWS EKS cluster.
for some reason our CoreDNS getting NXDOMAIN, which mean that the POD are not able to resolve the URL of the services in the cluster.
after long investigation we found out that the only way to solve the DNS issue is by restarting all WeaveCNI POD.
any one have encountered the same behaver ?
thanks.
we are facing a strange behaver of WeaveCNI in our AWS EKS cluster.
for some reason our CoreDNS getting NXDOMAIN, which mean that the POD are not able to resolve the URL of the services in the cluster.
after long investigation we found out that the only way to solve the DNS issue is by restarting all WeaveCNI POD.
any one have encountered the same behaver ?
thanks.
B
Brad McCoyalmost 5 years ago
Join us in the Microsoft reactor next week for a technical demonstration of provisioning AKS with Terraform and then deploying microservices with Helm!
https://www.meetup.com/Microsoft-Reactor-Sydney/events/277886892/
https://www.meetup.com/Microsoft-Reactor-Sydney/events/277886892/