• ALB Ingress: redirect traffic to HTTPS

    One of the beauties of using an ALB Ingress controller on AWS is that you can configure SSL certificates for your Ingress by just defining you want to use HTTPS

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      annotations:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
    

    But this is going to serve the same content using HTTP and HTTPS. Configuring a SSL redirect it is also pretty straightforward but involves two steps:

    22/03/2021

    Read more...
  • Error syncing load balancer: failed to ensure load balancer: could not find any suitable subnets for creating the ELB

    If we try to create a LoadBalancer on an AWS EKS cluster without any public subnet it will get stuck on the pending state and we won't get any external IP/DNS name for it. By using kubectl describe we will be able to get the actual error:

    $ kubectl get svc -n pet2cattle
    NAME      TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
    demo-lb   LoadBalancer   172.20.235.213   <pending>     80:30525/TCP   7d
    $ kubectl describe svc demo-lb -n pet2cattle 
    Name:                     demo-lb
    Namespace:                pet2cattle
    Labels:                   <none>
    Annotations:              <none>
    Selector:                 run=demo-lb
    Type:                     LoadBalancer
    IP Families:              <none>
    IP:                       172.20.166.181
    IPs:                      <none>
    Port:                     <unset>  80/TCP
    TargetPort:               80/TCP
    NodePort:                 <unset>  30088/TCP
    Endpoints:                10.236.124.69:80,10.236.126.253:80
    Session Affinity:         None
    External Traffic Policy:  Cluster
    Events:
      Type     Reason                  Age                From                Message
      ----     ------                  ----               ----                -------
      Normal   EnsuringLoadBalancer    12s (x3 over 27s)  service-controller  Ensuring load balancer
      Warning  SyncLoadBalancerFailed  12s (x3 over 27s)  service-controller  Error syncing load balancer: failed to ensure load balancer: could not find any suitable subnets for creating the ELB
    

    17/02/2021

    Read more...
  • IRSA: IAM role to ServiceAccount

    For EKS cluster there was kube2iam for providing IAM credentials to containers running inside a kubernetes cluster that required a DaemonSet to be deployed. With IRSA (IAM Role to ServiceAccount) we can link IAM roles to ServiceAccounts

    11/02/2021

    Read more...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets