• Kubernetes: volume node affinity conflict

  4 min read

  While trying to deploy Pods we might notice the on the Events section that Pod cannot be scheduled due to a volume node affinity conflict:

  $ kubectl describe pod website-365-flask-ampa2-ha-member-1 -n website-365 
  Name:           website-365-flask-ampa2-ha-member-1
  Namespace:      website-365
  Priority:       0
  Node:           <none>
  Labels:         (...)
  Annotations:    (...)
  Status:         Pending
  IP:             
  IPs:            <none>
  Controlled By:  StatefulSet/website-365-flask-ampa2-ha-member
  Init Containers:
  (...)
  Containers:
  (...)
  Conditions:
    Type           Status
    PodScheduled   False 
  Volumes:
    volume:
      Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
      ClaimName:  volume-website-365-flask-ampa2-ha-member-1
      ReadOnly:   false
  (...)
  Events:
    Type     Reason             Age                      From                Message
    ----     ------             ----                     ----                -------
    Normal   NotTriggerScaleUp  31m (x20835 over 7d19h)  cluster-autoscaler  pod didn't trigger scale-up: 2 node(s) had taint {pti/role: system}, that the pod didn't tolerate, 1 node(s) had volume node affinity conflict
    Normal   NotTriggerScaleUp  95s (x46144 over 7d19h)  cluster-autoscaler  pod didn't trigger scale-up: 1 node(s) had volume node affinity conflict, 2 node(s) had taint {pti/role: system}, that the pod didn't tolerate
    Warning  FailedScheduling   64s (x2401 over 43h)     default-scheduler   0/4 nodes are available: 2 node(s) had taint {pti/role: system}, that the pod didn't tolerate, 2 node(s) had volume node affinity conflict.
  

  27/04/2022

  Read more...

• How to update terraform modules

  5 min read

  
  

  When we change the location of any terraform module we need to run terraform init again to be able to pick up the right version:

  $ terraform plan
  Acquiring state lock. This may take a few moments...
  Releasing state lock. This may take a few moments...
  ╷
  │ Error: Module source has changed
  │ 
  │   on main.tf line 17, in module "terraform-module":
  │   17:   source = "git::ssh://git@github.com/pet2cattle/terraform-module.git?ref=1.0.2"
  │ 
  │ The source address was changed since this module was installed. Run "terraform init" to install all modules required by this configuration.
  ╵
  

  26/04/2022

  Read more...

• CoreDNS on Kubernetes: Allow DNS zone transfer

  3 min read

  
  

  Kubernetes, by default, registers all the Pods and services using the cluster.local DNS zone. At some point we might want to be able to take a look at this zone. Zone transfers are going to be restricted by default:

  dnstools# dig axfr cluster.local
  
  ; <<>> DiG 9.11.3 <<>> axfr cluster.local
  ;; global options: +cmd
  ; Transfer failed.
  

  But if we are using CoreDNS, we can configure it to temporally allow zone transfers to be able to take a look at it

  25/04/2022

  Read more...

• How to test terraform's HCL code

  2 min read

  
  

  To be able to learn about new terraform functions we can use terraform output to learn how a variable is modified. But this can take a while if we have a lot of resources to compute.

  Instead, if we know the values we want to use beforehand it might be easier and quicker to use terraform console

  22/04/2022

  Read more...

• terraform: How to calculate subnets using the cidrsubnet function

  3 min read

  If we are using terraform for creating subnets on AWS we are going to need to split the VPC's network range into several pieces, one for each AZ. We can let terraform handle all the details by using the cidrsubnet() function

  20/04/2022

  Read more...

More recent...

Older content...