#kubernetes (2021-05)

kubernetes

Archive: https://archive.sweetops.com/kubernetes/

2021-05-07

Christian avatar
Christian
09:20:06 AM

Hi everyone, just curious as to how are people managing users/roles in an EKS cluster with only private access enabled? In this case, we would only be able to communicate with the API server inside a bastion host. How would rbac or IAM access work?

Jonathon Canada avatar
Jonathon Canada
04:16:23 PM

Hi Christian. One option is to use Teleport: https://github.com/gravitational/teleport

Essentially you could deploy a Teleport pod into your k8s clusters and that pod would create a reverse tunnel to a Teleport proxy that you would have running. This would allow you to keep your k8s clusters in private subnets/privately accessible. You would still need to create RBAC within your k8s clusters, but any groups or users you create within your k8s clusters you could map to roles you create in Teleport.

In full disclosure I work for Teleport, but the open source version that I linked is fully free to use. Please let me know if I can answer any questions for you.

gravitational/teleportattachment image

Certificate authority and access plane for SSH, Kubernetes, web applications, and databases - gravitational/teleport

2021-05-11

Santiago Campuzano avatar
Santiago Campuzano
09:56:08 PM

I am really excited to share this story with all the community, I used my passion time at GumGum to write this story that collects personal and team experiences with Kubernetes.

Santiago Campuzano avatar
Santiago Campuzano
09:56:08 PM

https://medium.com/gumgum-tech/implementing-kubernetes-the-hidden-part-of-the-iceberg-part-1-76c3e9684d49

Implementing Kubernetes: The Hidden Part of the Iceberg — Part 1attachment image

A summary of personal and team experiences and challenges when implementing a production-grade flee of Kubernetes clusters at GumGum.

5

2021-05-12

Milosb avatar
Milosb
04:14:41 PM

Guys, what is your cluster utilization in production?

roth.andy avatar
roth.andy
04:20:10 PM

CPU: 14%, RAM: 29%

2021-05-13

Sergey Kvetko avatar
Sergey Kvetko
07:23:24 AM

Hi there! Is anybody uses kpt as a main deploy tool ?

Kptattachment image

Kubernetes configuration package management

2021-05-14

tomkinson avatar
tomkinson
07:45:24 PM

Would anyone here have the ability (time and generosity) to help take a min and check this video log out its about 30 sec. It seems out ETC is in a ‘boot loop’ of sorts. We don’t even know what started it. Any assistance would be amazing as we’re learning this stuff as we go. Tried powering down and restarting the droplets too but did nothing https://forums.rancher.com/t/sh-is-booting-us-out-because-boot-loop/19973/2

SH is booting us out because boot loop

The UI is just static HTML/JS files, so not being able to get to it is just a symptom and not your actual problem. Etcd restarting constantly basically means you have no cluster, in which Rancher is supposed to be running, which provides the API, which serves up the UI assets. But there’s not much anyone can tell you in detail given just that “a boot loop or something” is happening.

2021-05-21

Harry avatar
Harry
02:15:58 PM

I’m not sure if this is the right channel as I’m using Nomad rather than Kubernetes but I’m having some issues with the container storage interface which I believe is a Kubernetes project. In short, I’m getting an error trying to launch a job that depends on an EBS volume with the error “Constraint CSI volume grafana has exhausted its available writer claims filtered 1 node” but the volume says it has no read or write allocations. Any ideas what might be causing this or how to fix it would be much appreciated. I’m finding that attaching some persistent disk storage to a container seems far far harder than I’d expect it to be.

    keyboard_arrow_up