Upgrade Concourse to version 5.7.2
During the coming days, we’ll roll out Concourse version 5.7.2 to all our setups.
More …Spot termination alerts on Slack
We have updated the alert routing from k8s-spot-termination-handler to notify in our shared Slack channel to increase visibility. We’ve rolled this change out to all our clusters during the last couple of days.
More …Several other K8s Reference Solution improvemens
To complement today’s barrage of changelog updates, here’s some miscellaneous additions that didn’t make it in onther post 😁:
More …Better support for different AWS regions and AZs for our Kubernetes reference solution
We’ve made several improvements to our Kubernetes stacks, allowing us to deploy in different AWS Regions (eg. us-east-1) and allowing more dynamic usage of the Availability Zones in those regions.
Heavily reduced resource reservations for our default cluster Add-ons
In the past weeks we’ve revisited the resource reservations (requests and limits) we made for running all the cluster Add-ons.
Kubernetes monitoring upgrades
In the past week we’ve rolled out a bunch of updates to our Kubernetes cluster-monitoring stack.
More …Moving from Calico to the AWS VPC CNI for EKS clusters
Previously we used Project Calico as networking plugin (CNI) on all our Kubernetes clusters (KOPS & EKS). However with our move to EKS as base for our reference solution, we will be defaulting to AWS’ own VPC CNI.
More …Introducing Grafana Loki to the k8s reference solution
Previously we shipped your logs with Fluentd to CloudWatch Logs and optionally send them to an ElasticSearch/Kibana cluster (“EFK” stack) for analytics. This setup however was expensive, had quite some problems scaling and was overkill for most of our customers anyway. Due to that we researched for alternatives with the following requirements:
More …CVE-2019-14287
On tuesday a notice for CVE-2019-14287 affecting Sudo versions prior to 1.8.28.
More …Upgrade Vault to 1.2.3
We’ve recently upgraded our Vault setups to version 1.2.3, which is the latest Vault version available at the moment. Compared to version 1.0.1, there are a bunch of bug fixes and multiple improvements under the hood. You can check the full changelog here.
More …CVE-2019-11253
Yesterday a notice for CVE-2019-11253 with a severity of High went out, impacting all versions of Kubernetes.
More …Upgrade to Terraform 0.12
Terraform is an automation tool that allows you to define infrastructure as code, and we use it to manage most of our customer’s infrastructure. In order to get to that point, we’ve developed a lot of Terraform code during the last few years, along with some Terraform modules, that can be easily reused for multiple projects and use cases.
More …CVE-2019-16276 Upgrade Concourse to 5.5.3
During today, we’ll roll out Concourse version 5.5.3 to all our setups.
More …Improved Kubernetes clusters automation
We manage multiple Kubernetes clusters and regularly set up new ones from scratch. There are also a bunch of extra components deployed on each cluster, that we also need to maintain and keep up to date.
More …Upgrade Concourse to version 5.5.1
During the coming days, we’ll roll out Concourse version 5.5.1 to all our setups.
More …Upgrade EKS to 1.14
We have updated our EKS control planes and nodes to the latest version: 1.14. In the process of upgrading EKS we updated:
More …Upgrade Calico to 3.8.2
We have updated Calico on our AWS EKS-based reference solution to the latest version: 3.8.2.
More …Concourse docker-image deprecation and how to migrate to the new registry-image
In the new Concourse 5.0.0 version, a new resource was released to track and upload Docker images to a registry, the registry-image-resource. This new resource is intended to replace the current docker-image-resource, as it’s more lightweight and simpler. Concourse announced that they intend to deprecate the current docker-image-resource in the future.
Switch Terraform Dynamodb tables and Vault Dynamodb backend to pay per request
Previously we were still on the default provisioned capacity for our tables. This however led to over provisioned tables and/or autoscaling to be in place. As of now we defaulted to the PPR cost type for internal Dynamodb tables and for the Dynamodb backend for our Vault setup. For application specific tables this is evaluated on a case-per-case basis.
More …Upgrade kops-based clusters to Kubernetes 1.11.10
We are in the process of upgrading our kops-managed Kubernetes clusters from v1.11.9 to v1.11.10. This is a bug fix release.