Content tagged with "kubernetes"
Verified DevOps Agent's EKS integration. Compared investigation processes for application vs. infrastructure failures, measured audit log-based operator identification, and evaluated preventive recommendations for critical system components.
Hands-on verification of EKS managed node group warm pools. Measured Running 28s, Stopped 48s, and cold start 62s for scale-out, plus a 16-minute drain wait for reuseOnScaleIn. Provides a decision framework for poolState selection.
Git Directory Generator auto-creates dev/staging/prod Applications from directory structure. Adding an environment is just a directory push, and per-environment changes don't affect others. Watch out for the longer polling interval.
Just one IAM policy addition to the Capability Role enables CodeCommit private repo deployments. Watch out: URL typos and missing permissions produce the same error, and manual refresh is recommended after fixing permissions.
Hands-on verification of EKS Pod Identity session policies. Restrict IAM role permissions per association without creating additional roles. Covers session tag exclusivity, policy size limits, and trade-offs to evaluate before adoption.
Validating BuildKit as a Kaniko replacement on EKS. Rootless mode fails on Auto Mode nodes, but privileged mode delivers 25-52% faster builds with a 3-stage initContainers pattern.
Deploying Gradio + Cognito OAuth Web UI and HPA autoscaling to complete the full workshop architecture. Includes measured resource consumption across all 4 components.
Validating A2A delegation from Travel Agent to Weather Agent on EKS. Two gotchas: agent card URL defaults to 0.0.0.0, and S3 session history poisons LLM context with stale URLs.
Hands-on validation of the AWS 'Agentic AI on EKS' workshop. Covers Strands Agents SDK, MCP-based tool auto-discovery, and building container images with Kaniko on EKS.
Upgrading EKS following AWS best practices end-to-end: Cluster Insights, deprecated API scanning, PDB-backed availability guarantees, and post-upgrade validation.
Deploy the Neuron DRA driver on EKS and verify attribute-based device allocation via ResourceClaimTemplates. Discovered that dynamic LNC configuration is unsupported on trn1.2xlarge.
Create an ArgoCD Capability using eksctl's declarative YAML config and deploy a sample app. Covers the differences from AWS CLI and CloudFormation behavior.
Enable ArgoCD Capability on EKS via AWS CLI and deploy a sample app end-to-end. Covers real gotchas like Identity Center region mismatch and access policy setup.
Verified ClusterNetworkPolicy and ApplicationNetworkPolicy on EKS Auto Mode. Domain name-based egress filtering enables multi-layered access control that restricts pods to specific external services only.
Set up CloudWatch Vended Logs for EKS Auto Mode's 4 components (Compute/Block Storage/Load Balancing/IPAM) and analyze scale-up to scale-down behavior with Logs Insights queries.
Set up an EKS cluster with Auto Mode enabled using a single eksctl command. Covers how Auto Mode eliminates node group management and when to choose it over traditional managed node groups.
Adding a managed node group to an EKS Auto Mode cluster fails with NodeCreationFailure (cni plugin not initialized). Installing vpc-cni, kube-proxy, and coredns addons resolves the issue.
Strands SDK A2A server sets the card url to http://0.0.0.0:9000/ by default. Fix by setting a2a.http_url to the Kubernetes Service FQDN in Helm values.
max_user_namespaces=0 prevents user namespace creation, causing rootless mode to fail. Privileged mode is the workaround.
EKS Auto Mode (Karpenter) auto-terminates nodes with no pods via DisruptionTerminating: Empty. Expected cost-optimization behavior, not an error.
EKS Cluster Insights automatically checks kubelet version skew, add-on compatibility, and cluster health. Pair with kubent/pluto for a solid pre-upgrade checklist.
Upload source as tar.gz to S3, use --context=s3:// in a Kaniko Job, and it builds and pushes to ECR directly on EKS without a Docker daemon.
kubent runs both a Cluster collector and a Helm v3 collector that decodes release secrets. pluto's detect-all-in-cluster only covers live resources.
hostname spread alone can land all pods in the same AZ. Add topology.kubernetes.io/zone to guarantee cross-AZ distribution.
EKS auto-created VPC endpoints persist after cluster deletion, leaving ENIs in-use and blocking VPC deletion with DependencyViolation. Explicitly delete VPC endpoints and wait for ENI release.
kubectl delete application removes the CR but leaves Pods and Services running. Add resources-finalizer.argocd.argoproj.io for cascade deletion.
The access entry auto-created by EKS Capabilities has no deploy permissions. Without associate-access-policy, ArgoCD Application sync silently fails.