Upgrade of core EKS components
We have upgraded the core cluster components, running in kube-system, to their latest recommended versions (for EKS 1.14):
Use NetworkPolicies
We have deployed Calico to our EKS setups as a network policy engine.
More …Upgrade Concourse to version 5.8.1
We rolled out Concourse version 5.8.1 to all our setups.
More …Upgrade Caddy to version 1.0.4 with ACMEv2
We rolled out version 1.0.4 of the Caddy web server to all our setups which use on-demand “whitelabel” type of domains. All these certificates are now being requested and renewed against the ACMEv2 API.
More …Upgrade Concourse to version 5.8.0
We rolled out Concourse version 5.8.0 to all our setups.
More …Vault on K8s
As of now we have the option to deploy Vault on our reference solution out of the box.
More …All secret data is now encrypted in our Kubernetes definition files
As you may know, we define our Kubernetes clusters’ desired state in a yaml file, which is stored in the customer private Git repository. That file is then fed into our CI, which is the one responsible for rolling out the cluster.
More …Bugfix - Velero backups failing on some clusters
We use Velero as our solution to backup complete K8s cluster workloads (both K8s resources and Persistent Volumes).
More …Bugfix - Raise fs.inotify limits
During our migrations from KOPS to EKS clusters, some customer Pods had issues launching, due to hitting fs.inotify.max_user_instances and/or fs.inotify.max_user_watches limits. Turns out these sysctl have been raised from their defaults for the KOPS base images, but the EKS AMIs still use the OS defaults.
Allow runing K8s nodes and Concourse workers in public subnets
We now make it possible to run (part of) your Kubernetes and/or Concourse worker nodes in public subnets, if the situation requires it. However our default is still to deploy these instances in private subnets.
More …Documentation on how to have feature environments on Concourse
The Concourse team is working hard to have an implementation to accomodate feature environments in Concourse. However this is still WIP at this moment and per request of our customers we researched a way to have feature environments with Concourse.
More …Bugfix - loki-promtail wasn't scheduled on tainted nodes
We offer Grafana Loki as default logging solution, which relies on the Promtail daemonset for gathering logs on each K8s node and shipping them to Loki.
More …Bugfix - Grafana instability, increased memory request/limit
For some customers, with more complex dashboards, Grafana has recently become unstable sometimes due to hitting our configured memory limits.
More …Teleport setups and updates are now fully automated
In our quest to automate most of the components of our infrastructure, we’ve set up CI/CD pipelines to automate the rollout of Teleport servers and their nodes.
More …Fixed Kubernetes cluster-autoscaler ASG auto-detectionn
Some earlier changes in how we label our AWS AutoScaling Groups (ASGs) and which labels the Kubernetes cluster-autoscaler uses for automatically detecting these ASGs caused the scaler to not work properly. This could result in clusters not automatically removing unneeded nodes, or adding extra ones when more capacity is needed.
More …Improved Prometheus-based ElasticSearch monitoring
It has come to our attention that in certain cases our Prometheus-based ElasticSearch monitoring wasn’t correctly detecting issues and sending alerts.
More …Upgrade Concourse to version 5.7.2
During the coming days, we’ll roll out Concourse version 5.7.2 to all our setups.
More …Spot termination alerts on Slack
We have updated the alert routing from k8s-spot-termination-handler to notify in our shared Slack channel to increase visibility. We’ve rolled this change out to all our clusters during the last couple of days.
More …Several other K8s Reference Solution improvemens
To complement today’s barrage of changelog updates, here’s some miscellaneous additions that didn’t make it in onther post 😁:
More …Better support for different AWS regions and AZs for our Kubernetes reference solution
We’ve made several improvements to our Kubernetes stacks, allowing us to deploy in different AWS Regions (eg. us-east-1) and allowing more dynamic usage of the Availability Zones in those regions.