Questions tagged [amazon-eks]
83 questions
0
votes
1 answer
Can't access RDS instance externally
I've spun up an RDS postgres database in an existing VPC (which has both public and private subnets - connected to a NAT gateway) which I've set as publicly accessible.
I've added the relevant IP addresses to the attached security group, and this…
![](../../users/profiles/848162.webp)
Mike
- 21
- 5
0
votes
1 answer
Unable to grant additional AWS roles the ability to interact with my cluster
I am trying to learn AWS EKS and following Getting started with Amazon EKS – AWS Management Console and AWS CLI guide step by step except for the region which I have changed to us-east-1.
I am able to create my cluster - my-cluster but when I am…
![](../../users/profiles/838113.webp)
kusur
- 101
- 1
0
votes
1 answer
AWS EKS add-on coredns status as degraded and node group creation failed( is unable to join Cluster)
I'm trying to create node group on EKS Cluster(region = ap-south-1) but it is failing to join cluster. Health issues : NodeCreationFailure Instances failed to join the kubernetes cluster
I found that it may be because AWS EKS add-on(coredns) for…
![](../../users/profiles/830972.webp)
uni
- 21
- 1
- 4
0
votes
1 answer
Hashicorp Vault - AWS EKS vs EC2
Is it possible to install a Hashicorp Vault cluster to EC2 only or is EKS required and would there be a big advantage to one over the other?
![](../../users/profiles/576553.webp)
Robben
- 33
- 5
0
votes
1 answer
AWS EKS Ingress Timeout On Any Non-Root Path
We have configured an Ingress resource on our EKS cluster with rewrites from /.* on the load balancer to the matching URI upstream. If we visit staging.my-domain.com/, we see a successful health-check response as expected. However, any other url,…
![](../../users/profiles/573572.webp)
DragonBobZ
- 151
- 1
- 2
0
votes
0 answers
Can i access an EKS cluster , if i don't have access to iam user that created it?
An AWS admin , created an IAM user , and that user created an EKS cluster. Now , we don't have access to that IAM user.
If , we try to execute , kubectl , commands on that EKS cluster from a new IAM user that has admin level permissions, we still…
![](../../users/profiles/706505.webp)
Dawood Abbas
- 1
- 1
0
votes
2 answers
Postfix behind AWS NLB with Proxy Protocol does not send banner until CRLF is sent
I've redeployed my mail stack as a Kubernetes pod. This pod is on an EKS cluster in the private subnet, behind an NLB. Postfix and the NLB are configured to speak proxy protocol v2.
Originally I had this setup without proxy protocol, and the Postfix…
![](../../users/profiles/214395.webp)
Routhinator
- 3
- 1
- 7
0
votes
1 answer
AWS EKS: load balancer service stuck in external ip pending
I have a EKS cluster (1.19) with a public and private subnets. I deployed ingress nginx with the following annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol:…
![](../../users/profiles/325891.webp)
chingis
- 223
- 2
- 13
0
votes
1 answer
Can't configure RBAC to users in EKS
I have deployed EKS using eksctl following this docs.
As the user who created the cluster I have full access control.
Trying to grant system:masters permissions to a specific user doesn't work this way:
kubectl edit -n kube-system…
![](../../users/profiles/225912.webp)
itaied
- 123
- 1
- 3
0
votes
1 answer
Filebeat on ECK with AWS Module Fails Due To Metadata Error
We are running an Elastic Stack with ECK in EKS (7.8). We noticed that our filebeat daemonset and the AWS module were not processing logs from S3 and our SQS queues backing up. Looking at the logs on our FileBeat containers, we noticed the following…
![](../../users/profiles/590267.webp)
JGG Xm8
- 1
0
votes
1 answer
Can 1 namespace span across multiple EKS clusters?
I am trying to understand the relation between namespaces and clusters in EKS. Can 1 namespace span across multiple EKS clusters? Is that possible?
![](../../users/profiles/564331.webp)
Biju
- 125
- 4
0
votes
2 answers
Single IP to access Kubernetes cluster ingress
I have an amazon EKS cluster that I'm using to host multiple websites, I have an ingress controller and a load balancer that spins up more pods as needed.
I normally use CNAME type "eg alias or aname" to point a domain to the dynamic cluster,…
![](../../users/profiles/615465.webp)
nzimpossible
- 101
- 2
0
votes
2 answers
Is AWS Fargate EKS Container to Container communication encrypted at the network level?
I see that ephemeral drives are now encrypted but is network communications between containers encrypted, say for HIPAA compliance. Looking specifically at Serverless Fargate with Kubernetes pods. A google of "fargate kubernetes network encryption"…
![](../../users/profiles/6852.webp)
xenoterracide
- 1,476
- 2
- 12
- 26
0
votes
1 answer
Running kubectl commands as cronjobs in the Kubernetes cluster results in a connection refused error
When running a kubectl command using the bitnami/kubectl image from inside a kubernetes (EKS based) cluster I am expecting the command to pick up the KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT environment variables and connect to the local…
![](../../users/profiles/108132.webp)
Adam C
- 5,132
- 2
- 28
- 49
0
votes
2 answers
Why root user is allowed by default in public cloud Kubernetes services?
In a Kubernetes environment, I suppose that the root user should not be allowed by default to mitigate the risk in case the host OS was accessed from inside a container. This setting should be done by writing in PodSecurityPolicy.
Considering this,…
![](../../users/profiles/603369.webp)
rks
- 1
- 1