TIL

Today I Learned — Daily learnings

A DELETE_FAILED CloudFormation stack blocks eksctl create cluster

eksctl create cluster fails with AlreadyExistsException when a DELETE_FAILED CloudFormation stack lingers from a previous attempt. Manually delete the stack to unblock.

March 23, 20261 min read

#aws #eks #cloudformation

TIL

EKS Auto Mode automatically terminates empty nodes

EKS Auto Mode (Karpenter) auto-terminates nodes with no pods via DisruptionTerminating: Empty. Expected cost-optimization behavior, not an error.

March 23, 20261 min read

#aws #eks #kubernetes

TIL

aws eks list-insights detects upgrade blockers before you hit them

EKS Cluster Insights automatically checks kubelet version skew, add-on compatibility, and cluster health. Pair with kubent/pluto for a solid pre-upgrade checklist.

March 23, 20261 min read

#aws #eks #kubernetes

TIL

Kaniko with S3 build context builds containers on EKS without Docker

Upload source as tar.gz to S3, use --context=s3:// in a Kaniko Job, and it builds and pushes to ECR directly on EKS without a Docker daemon.

March 23, 20261 min read

#kaniko #eks #kubernetes+1

TIL

kubent scans Helm releases for deprecated APIs, pluto doesn't

kubent runs both a Cluster collector and a Helm v3 collector that decodes release secrets. pluto's detect-all-in-cluster only covers live resources.

March 23, 20261 min read

#kubernetes #cli

TIL

topologySpreadConstraints needs zone spread, not just hostname

hostname spread alone can land all pods in the same AZ. Add topology.kubernetes.io/zone to guarantee cross-AZ distribution.

March 23, 20261 min read

#kubernetes #aws #eks

TIL

Deleting a VPC after EKS cluster removal requires waiting for VPC endpoint ENI release

EKS auto-created VPC endpoints persist after cluster deletion, leaving ENIs in-use and blocking VPC deletion with DependencyViolation. Explicitly delete VPC endpoints and wait for ENI release.

March 22, 20261 min read

#eks #kubernetes #vpc

TIL

DependencyViolation when deleting VPC after agentcore destroy — wait for ENI release

AgentCore Runtime's ENI in the VPC may stay in-use for hours after agentcore destroy. Wait for it to become available before deleting the subnet and VPC.

March 21, 20261 min read

#bedrock #agentcore #vpc+1

TIL

Deleting an ArgoCD Application doesn't delete deployed resources — you need a finalizer

kubectl delete application removes the CR but leaves Pods and Services running. Add resources-finalizer.argocd.argoproj.io for cascade deletion.

March 21, 20261 min read

#argocd #kubernetes #gitops

TIL

Find Identity Center's home region by running sso-admin list-instances per region

Identity Center looks global but lives in a specific region. Specifying the wrong idcRegion in EKS Capabilities triggers AccessDeniedException.

March 21, 20261 min read

#aws #identity-center #eks