EKS 1.34 to 1.35 Upgrade — A Best-Practices-Driven Verification
Upgrading EKS following AWS best practices end-to-end: Cluster Insights, deprecated API scanning, PDB-backed availability guarantees, and post-upgrade validation.
← All Tags
Tag: #kubernetes
Content tagged with "kubernetes"
Blog Posts
Set Up EKS ArgoCD Capability with eksctl — One YAML File for a GitOps Environment
Create an ArgoCD Capability using eksctl's declarative YAML config and deploy a sample app. Covers the differences from AWS CLI and CloudFormation behavior.
Build a Managed GitOps Environment with EKS Capabilities ArgoCD
Enable ArgoCD Capability on EKS via AWS CLI and deploy a sample app end-to-end. Covers real gotchas like Identity Center region mismatch and access policy setup.
FQDN-Based Traffic Control with EKS Enhanced Network Policies
Verified ClusterNetworkPolicy and ApplicationNetworkPolicy on EKS Auto Mode. Domain name-based egress filtering enables multi-layered access control that restricts pods to specific external services only.
Visualizing Karpenter Internals with EKS Auto Mode Enhanced Logging
Set up CloudWatch Vended Logs for EKS Auto Mode's 4 components (Compute/Block Storage/Load Balancing/IPAM) and analyze scale-up to scale-down behavior with Logs Insights queries.
Building a Low-Maintenance Kubernetes Cluster with EKS Auto Mode
Set up an EKS cluster with Auto Mode enabled using a single eksctl command. Covers how Auto Mode eliminates node group management and when to choose it over traditional managed node groups.
TIL
EKS Auto Mode automatically terminates empty nodes
EKS Auto Mode (Karpenter) auto-terminates nodes with no pods via DisruptionTerminating: Empty. Expected cost-optimization behavior, not an error.
1 min read
aws eks list-insights detects upgrade blockers before you hit them
EKS Cluster Insights automatically checks kubelet version skew, add-on compatibility, and cluster health. Pair with kubent/pluto for a solid pre-upgrade checklist.
1 min read
kubent scans Helm releases for deprecated APIs, pluto doesn't
kubent runs both a Cluster collector and a Helm v3 collector that decodes release secrets. pluto's detect-all-in-cluster only covers live resources.
1 min read
topologySpreadConstraints needs zone spread, not just hostname
hostname spread alone can land all pods in the same AZ. Add topology.kubernetes.io/zone to guarantee cross-AZ distribution.
1 min read
Deleting an ArgoCD Application doesn't delete deployed resources — you need a finalizer
kubectl delete application removes the CR but leaves Pods and Services running. Add resources-finalizer.argocd.argoproj.io for cascade deletion.
1 min read
EKS access entries and access policies are separate — you need both
The access entry auto-created by EKS Capabilities has no deploy permissions. Without associate-access-policy, ArgoCD Application sync silently fails.
1 min read