🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [UPDATED] AWS EKS Kubernetes Tutorial [NEW]: ua-cam.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl
Great work. Just wanted to suggest to keep Graphical explanation about services and connectivity between different tools before jumping into practical. but still I must say well done.
great work Anton. I am trying to build the fargate container with EKS 1.26, but after follow the steps at 7:00 Min, I started getting the error you saw on first terminal at 07:06 Warning LoggingDisabled 15s fargate-scheduler Disabled logging because aws-logging configmap was not found. configmap "aws-logging" not found CoreDNS POD never comes up and stays in pending state. I am going to try on EKS1.22 to see if this does not happen, but have you see this issue?
Thanks! check this You created the CoreDNS pods with a default annotation that maps them to the Amazon Elastic Compute Cloud (Amazon EC2) compute type. To schedule them on a Fargate node, remove the Amazon EC2 compute type. repost.aws/knowledge-center/eks-resolve-pending-fargate-pods and github.com/terraform-aws-modules/terraform-aws-eks/issues/2069
you only create public subnets for "public" load balancer, all your nodes located in private subnets with NAT gateway. Public subnets are optional, you can remove them
Hello, just to be sure, now on recent version the annotation for core dns is gone? And we need to create the profile for the core dns pod to be able to launcnh ? Thank you for the content ❤
@@AntonPutra Thank you, it will be just useful to see how you handle multiple container definitions for ECS task definition, all other solutions out there are badly explained and complex to understand.
I am trying to add deployment with efs however its not working giving below error as Pod not supported on Fargate: volumes not supported: host is of an unsupported volume Type
Great video! I have i question Anton, where you read the information for the aws-load-balancer-controller Helm chart? To know the variables to override for example? I trying to integrate the fluent-bit Helm chart but i coulnt find it.
I did not explicitly use the CoreDNS managed EKS add-on. As far as I remember, I had to remove taints or do something else (patch), but the process for new EKS 1.27 and higher may be different.
hey, I'm following the tutorial but having trouble after the "aws eks update-kubeconfig --name demo --region us-east-1" command. I changed it to matching my cluster and region, it created the config file. But when I try to get pods I get the following error: E1001 11:58:54.188249 182883 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server (the server has asked for the client to provide credentials) And on the aws web interface I see the following message: Your current IAM principal doesn’t have access to Kubernetes objects on this cluster. This may be due to the current user or role not having Kubernetes RBAC permissions to describe cluster resources or not having an entry in the cluster’s auth config map Any idea what would be wrong?
Most likely you used different user to create EKS. By default only user that created a cluster gets access. You need to create new local profile with the same credentials and authenticate with EKS again. Example - aws eks update-kubeconfig --name dev-demo --region us-east-2 --profile crossplane
@@AntonPutra hi, thank you for your reply. I created the EKS with terraform and terraform authenticates aws with OIDC. I'm not sure how to authenticate that as a user. It's confusing :)
Getting Error: (Kubernetes cluster unreachable:: with helm_release.metrics-server, │ on 9-metrics-server.tf line 13, in resource "helm_release" "metrics-server": │ 13: resource "helm_release" "metrics-server") after deploying terraform with helm_release resource. Any idea to fix?
try to rerun, if error persist check version and use terraform lock file. Are you able to connect to eks cluster from the terminal? aws eks update-kubeconfig
@@AntonPutra Yes thats right, Anton. I am able to connect to cluster. When you say check version, is that helm version? I have not installed helm package on my linux instance. I remember in the video you said you dont need to install extra package. Should I ? Thanks.
@@AntonPutra yeah, I haven't used Helm until now too but the way you walked through the steps was good enough to get it. I believe the problem could be the missing elb tags in subnets and some annotations I'm preety sure I didn't read in the doc... It was quite frustrating follow step by step the owner doc and the whole thing just doesn't work. Thanks again
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
👉 [UPDATED] AWS EKS Kubernetes Tutorial [NEW]: ua-cam.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl
Great work, Anton! Perfect speed, and the content was delivered just right.
thank you!
🔴UPDATED🔴 How to create EKS Cluster using Terraform MODULES (AWS Load Balancer Controller + Autoscaler + IRSA) - ua-cam.com/video/kRKmcYC71J4/v-deo.html
👉 How to Manage Secrets in Terraform - ua-cam.com/video/3N0tGKwvBdA/v-deo.html
👉 Terraform Tips & Tricks - ua-cam.com/video/7S94oUTy2z4/v-deo.html
👉 ArgoCD Tutorial - ua-cam.com/video/zGndgdGa1Tc/v-deo.html
Get Full-Length High-Quality DevOps Tutorials for Free - Subscribe Now! - ua-cam.com/users/AntonPutra
Great work. Just wanted to suggest to keep Graphical explanation about services and connectivity between different tools before jumping into practical. but still I must say well done.
Thanks, noted.
You are amazing man
Thanks :)
🟢 [New] Terragrunt Tutorial: Create VPC, EKS from Scratch! (Step-by-Step) - ua-cam.com/video/yduHaOj3XMg/v-deo.html
Thanks buddy for useful video 👍
Thanks Ambrish!
great work Anton. I am trying to build the fargate container with EKS 1.26, but after follow the steps at 7:00 Min, I started getting the error you saw on first terminal at 07:06
Warning LoggingDisabled 15s fargate-scheduler Disabled logging because aws-logging configmap was not found. configmap "aws-logging" not found
CoreDNS POD never comes up and stays in pending state. I am going to try on EKS1.22 to see if this does not happen, but have you see this issue?
Thanks! check this
You created the CoreDNS pods with a default annotation that maps them to the Amazon Elastic Compute Cloud (Amazon EC2) compute type. To schedule them on a Fargate node, remove the Amazon EC2 compute type.
repost.aws/knowledge-center/eks-resolve-pending-fargate-pods
and
github.com/terraform-aws-modules/terraform-aws-eks/issues/2069
Hi can you share the steps for production because i think EKS should not be in public subnet. Very clean explanation thanks!
you only create public subnets for "public" load balancer, all your nodes located in private subnets with NAT gateway.
Public subnets are optional, you can remove them
Based. Thanks
my pleasure!
Hello, just to be sure, now on recent version the annotation for core dns is gone? And we need to create the profile for the core dns pod to be able to launcnh ? Thank you for the content ❤
Thanks, it's possible, but I don't use Fargate in production and only review it when I refresh the tutorial.
could you do a tutorial for AWS ECS with FARGATE, and ECR as well please
Well, maybe in the future, but it's not as common as EKS.
@@AntonPutra Thank you, it will be just useful to see how you handle multiple container definitions for ECS task definition, all other solutions out there are badly explained and complex to understand.
Great video!
Thanks!
I am trying to add deployment with efs however its not working giving below error as Pod not supported on Fargate: volumes not supported: host is of an unsupported volume Type
Great video! I have i question Anton, where you read the information for the aws-load-balancer-controller Helm chart? To know the variables to override for example? I trying to integrate the fluent-bit Helm chart but i coulnt find it.
You can use helm show command, example "helm show values karpenter/karpenter"
Вы используете CoreDNS Addon? Не совсем понятно откуда он начинает деплоиться
I did not explicitly use the CoreDNS managed EKS add-on. As far as I remember, I had to remove taints or do something else (patch), but the process for new EKS 1.27 and higher may be different.
@@AntonPutra thanks
I have a question sir where did you store the terraform state file?
For the demo locally, for production use i store it in S3 with dynamoDB lock. Some in terraform cloud such as IAM policies.
Ebs is supported
"You can't mount Amazon EBS volumes to Fargate Pods."
AWS Fargate considerations - docs.aws.amazon.com/eks/latest/userguide/fargate.html
Great work Anton. One quick question can we run both Fargate and EC2 together ?
Can you combine a Fargate profile with traditional node groups?' Yes, you can. Fargate only affects the selected namespaces, so it's possible.
@@AntonPutra : So in that case how would DNS works, you changed the type to fatgate from ec2.. Should we leave that to default
@@rohitnarula7038 If you use ec2, just keep dns as is.
hey, I'm following the tutorial but having trouble after the "aws eks update-kubeconfig --name demo --region us-east-1" command. I changed it to matching my cluster and region, it created the config file. But when I try to get pods I get the following error:
E1001 11:58:54.188249 182883 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)
And on the aws web interface I see the following message:
Your current IAM principal doesn’t have access to Kubernetes objects on this cluster.
This may be due to the current user or role not having Kubernetes RBAC permissions to describe cluster resources or not having an entry in the cluster’s auth config map
Any idea what would be wrong?
Most likely you used different user to create EKS. By default only user that created a cluster gets access. You need to create new local profile with the same credentials and authenticate with EKS again. Example - aws eks update-kubeconfig --name dev-demo --region us-east-2 --profile crossplane
@@AntonPutra hi, thank you for your reply. I created the EKS with terraform and terraform authenticates aws with OIDC. I'm not sure how to authenticate that as a user. It's confusing :)
Great video!
How to create more namespaces in eks fargate via terraform?
Thanks, just add more fo these - github.com/antonputra/tutorials/blob/main/lessons/113/terraform/7-kube-system-profile.tf#L21-L36
Getting Error: (Kubernetes cluster unreachable:: with helm_release.metrics-server,
│ on 9-metrics-server.tf line 13, in resource "helm_release" "metrics-server":
│ 13: resource "helm_release" "metrics-server") after deploying terraform with helm_release resource. Any idea to fix?
try to rerun, if error persist check version and use terraform lock file. Are you able to connect to eks cluster from the terminal?
aws eks update-kubeconfig
@@AntonPutra Yes thats right, Anton. I am able to connect to cluster. When you say check version, is that helm version? I have not installed helm package on my linux instance. I remember in the video you said you dont need to install extra package. Should I ? Thanks.
I have the same issue Anton, what will be the fix for this issue?
I solved adding token argument to helm provider, like so:
data "aws_eks_cluster_auth" "cluster-auth" {
depends_on = [aws_eks_cluster.cluster]
name = aws_eks_cluster.cluster.name
}
provider "helm" {
kubernetes {
host = aws_eks_cluster.cluster.endpoint
cluster_ca_certificate = base64decode(aws_eks_cluster.cluster.certificate_authority[0].data)
token = data.aws_eks_cluster_auth.cluster-auth.token
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", aws_eks_cluster.cluster.id]
command = "aws"
}
}
}│
I followed the AWS Official Doc and It didn't work, thank you for this video.
Welcome, they focus on eksctl which is not most of the people use =)
@@AntonPutra yeah, I haven't used Helm until now too but the way you walked through the steps was good enough to get it.
I believe the problem could be the missing elb tags in subnets and some annotations I'm preety sure I didn't read in the doc... It was quite frustrating follow step by step the owner doc and the whole thing just doesn't work. Thanks again
I was trying to undestand what is Rafael and only later realised it's 'a profile' lol
:)