Heavily reduced resource reservations for our default cluster Add-ons
In the past weeks we’ve revisited the resource reservations (requests and limits) we made for running all the cluster Add-ons.
Kubernetes monitoring upgrades
In the past week we’ve rolled out a bunch of updates to our Kubernetes cluster-monitoring stack.
More …Moving from Calico to the AWS VPC CNI for EKS clusters
Previously we used Project Calico as networking plugin (CNI) on all our Kubernetes clusters (KOPS & EKS). However with our move to EKS as base for our reference solution, we will be defaulting to AWS’ own VPC CNI.
More …Introducing Grafana Loki to the k8s reference solution
Previously we shipped your logs with Fluentd to CloudWatch Logs and optionally send them to an ElasticSearch/Kibana cluster (“EFK” stack) for analytics. This setup however was expensive, had quite some problems scaling and was overkill for most of our customers anyway. Due to that we researched for alternatives with the following requirements:
More …CVE-2019-14287
On tuesday a notice for CVE-2019-14287 affecting Sudo versions prior to 1.8.28.
More …Upgrade Vault to 1.2.3
We’ve recently upgraded our Vault setups to version 1.2.3, which is the latest Vault version available at the moment. Compared to version 1.0.1, there are a bunch of bug fixes and multiple improvements under the hood. You can check the full changelog here.
More …CVE-2019-11253
Yesterday a notice for CVE-2019-11253 with a severity of High went out, impacting all versions of Kubernetes.
More …Upgrade to Terraform 0.12
Terraform is an automation tool that allows you to define infrastructure as code, and we use it to manage most of our customer’s infrastructure. In order to get to that point, we’ve developed a lot of Terraform code during the last few years, along with some Terraform modules, that can be easily reused for multiple projects and use cases.
More …CVE-2019-16276 Upgrade Concourse to 5.5.3
During today, we’ll roll out Concourse version 5.5.3 to all our setups.
More …Improved Kubernetes clusters automation
We manage multiple Kubernetes clusters and regularly set up new ones from scratch. There are also a bunch of extra components deployed on each cluster, that we also need to maintain and keep up to date.
More …Upgrade Concourse to version 5.5.1
During the coming days, we’ll roll out Concourse version 5.5.1 to all our setups.
More …Upgrade EKS to 1.14
We have updated our EKS control planes and nodes to the latest version: 1.14. In the process of upgrading EKS we updated:
More …Upgrade Calico to 3.8.2
We have updated Calico on our AWS EKS-based reference solution to the latest version: 3.8.2.
More …Concourse docker-image deprecation and how to migrate to the new registry-image
In the new Concourse 5.0.0 version, a new resource was released to track and upload Docker images to a registry, the registry-image-resource. This new resource is intended to replace the current docker-image-resource, as it’s more lightweight and simpler. Concourse announced that they intend to deprecate the current docker-image-resource in the future.
Switch Terraform Dynamodb tables and Vault Dynamodb backend to pay per request
Previously we were still on the default provisioned capacity for our tables. This however led to over provisioned tables and/or autoscaling to be in place. As of now we defaulted to the PPR cost type for internal Dynamodb tables and for the Dynamodb backend for our Vault setup. For application specific tables this is evaluated on a case-per-case basis.
More …Upgrade kops-based clusters to Kubernetes 1.11.10
We are in the process of upgrading our kops-managed Kubernetes clusters from v1.11.9 to v1.11.10. This is a bug fix release.
Upgrade Concourse to version 5.4.1
During the comming days, we’ll roll out Concourse version 5.4.1 to all our setups.
More …Upgrade to EKS 1.13
We have updated our AWS EKS-based reference solution to be compatible with Kubernetes 1.13. More specifically, EKS uses K8s v1.13.10.
More …Concourse task that checks the status of the service after the deployment
We extended the functionallity for the ECS deployments with concourse. After the service gets deployed Concourse would just exit because Terraform doesn’t take the deployment itself into account. This resulted in having false deploys sometimes without any clear reason what happened.
More …Prometheus-blackbox-exporter available as optional cluster addon
We’ve added the prometheus-blackbox-exporter as a K8s cluster addon which can be enabled upon request. The blackbox exporter can be used for probing HTTP(S), DNS, TCP and ICMP endpoints, for example to check whether an external resource is up/down.
More …