Welcome to the EKS Best Practices Guides. The primary goal of this project is to offer a set of best practices for day 2 operations for Amazon EKS. We elected to publish this guidance to GitHub so we could iterate quickly, provide timely and effective recommendations for variety of concerns, and easily incorporate suggestions from the broader community. https://aws.github.io/aws-eks-best-practices/
quick question about secrets, in kubernetes from the kubernetes docs we need to encode the secret in base64, in my situation I have to mount the secret in the filesystem of the pod… if you shell into it it still is encoded in base64. is that the normal behaviour ? or it should appear decoded ?
does the application need to be able to decode the secret first to use it ?
Hi Does anyone knows what might cause Kubespray to still override my system hostnames and fqdn even though i am changing everywhere the variable override_system_hostname to false?
Out of all the projects such as microk8s, k3s, minikube, etc, anyone have any opinions on which is best for a linux workstation for local development? I also have the same question about a windows workstation.
We’re using k3d on linux & mac. It works well, but their documentation is definitely lacking. I haven’t used the others to compare so I can’t say it’s the best.
Thanks for the response. Do you use tools like terraform against it? I guess I’d like to know if k3d is good for testing terraform modules.
Nope, we’re not using terraform.
I’ve had great luck with Colima, which is Containers on MacOS. It handles the VM, and installs a nice version of K3s. K3s in general I recommend, it has a number of plugins pre-installed so it’s more “baked” than some of the raw distributions.
What are the recommended FOSS applications to track k8s costs, e.g. like
opencost with no strings attached and without artificially limited features?
Anyone have any recommendations on tools that can generate diagrams/visualizations?
mermaid’s great, is there a tool that can autogenerate mermaid diagrams for a namespace?
Are any teams out there running micro-services and long running Datascience batch jobs in the same EKS Kubernetes cluster? Just curious how you manage this. e.g.
• Use spot instances for micro-services
• Use non-spots for Datascience batch jobs
• Or does it make sense to use something else for Datascience batch jobs like Fargate or AWS batch?
Totally doable if you use Karpenter and have separate Provisioners for Spot instances for things that are allowed to be interrupted, such as deployments for microservices, as you said.
Then non-interruptible stuff can use the Provisioner with on-demand instances.
Set taints in the on-demand provisioners, corresponding tolerations and nodeaffinity on your batch job Pod specs.
We do something similar for non-interruptible builds that can’t go on spots.
Anyone POC’d this? https://istio.io/latest/blog/2022/introducing-ambient-mesh/