We’ve upgraded all Teleport clusters from version 12.2.1 to 13.0.3. Teleport is a tool we mostly use internally to provide secure and auditted access to (EC2) instances, Kubernetes clusters and several dashboards. The nodes will gradually be upgraded to the new version when new instances are launched.
During the past days we’ve had multiple customer reports that launching new Pods got stuck with the ContainerCreating status, mostly affecting CronJobs. Even if you were not directly affected, you might have noticed the messages in your channels that we’ve been rolling out a lot of node updates without prior notice. This small post mortem will explain the reason, what steps we took to mitigate, and what we should have done better.
We have upgraded Fluent Bit form v2.0.1 to v2.1.3 and this is gradually rolling out to all our managed clusters.
More …As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated and our gradually rolling out to all our managed clusters.
More …We’re updating the behavior of external-dns when managing records in private Route53 zones.
More …As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated and our gradually rolling out to all our managed clusters.
More …We have upgraded Istio on all clusters that use it. The version was upgraded from 1.16.3 to 1.16.4. These release mostly focuses on many security fixes, ranging from moderate to high. You can check the full release notes here. We’ve also upgraded Kiali to the latest version, 1.66.0 (changelog).
We’ve upgraded all Teleport clusters from version to 12.2.1. Teleport is a tool we mostly use internally to provide secure and auditted access to (EC2) instances, Kubernetes clusters and several dashboards. The nodes will gradually be upgraded to the new version when new instances are launched.
Most of our EKS clusters leverage Spot instances as a cost-efficient way to provide compute nodes. Historically we’ve been defaulting to the “lowest price” allocation strategy to maximize possible cost savings. However this can lead to quite some more interuptions than we want to tolerate and often a big inbalance between AZ spread if price pressure increases. Therefore we’ve updated our default to use a “capacity optimized” strategy instead for increased stability with (possibly) a marginal higher cost.
More …Update 2023-05-04: All clusters have been upgraded to v1.25.
As part of our regular upgrade cycle, the following EKS cluster components have been updated. We’ve already rolled these out to all non-production clusters. Production upgrades are scheduled to happen in the next few days during business hours. As usual, no workload interuptions are expected.
More …We have made an update to the S3 buckets that are used to take external backups from our managed OpenSearch clusters.
More …We have upgraded Istio on all clusters that use it. The version was upgraded from 1.16.1 to 1.16.3. These releases contain bug fixes to improve robustness and security fixes in the underlying Go packages. You can check the full release notes here. We’ve also upgraded Kiali to the latest version, 1.64.0 (changelog).
All Vault setups have been updated to the latest version 1.13.0. Please refer to the upstream changelogs to see what’s changed:
We noticed that some of our customers are having questions about the error messages they’re getting when deploying their workload using helm and/or using kubectl:
More …After deploying our Grafana Loki refactor, several issues started popping up, cascading to a loss of logs for a maximum of 12 hours on 22/02 or 23/02. All environments using Loki as main logging provider were affected. Environments logging to other systems like CloudWatch Logs and ElasticSearch were not affected.
More …We’ve upgraded all Teleport clusters from version 11.1.1 to 12.0.2. Teleport is a tool we mostly use internally to provide secure and auditted access to (EC2) instances, Kubernetes clusters and several dashboards. The nodes will gradually be upgraded to the new version when new instances are launched.
Update 2023-02-28: These updates have been rolled out to all environments.
More …Update 2023-02-15: These changes have now been rolled out everywhere.
More …Based on customer feedback, we’ve now disabled posting AWS Node Termination Handler (NTH) notifications to Slack by default. The NTH is responsible for reacting to node state changes, by properly draining a node for example when a Spot Instance interuption is received.
More …