Upgrade EKS to 1.14
We have updated our EKS control planes and nodes to the latest version: 1.14. In the process of upgrading EKS we updated:
More …Upgrade Calico to 3.8.2
We have updated Calico on our AWS EKS-based reference solution to the latest version: 3.8.2.
More …Concourse docker-image deprecation and how to migrate to the new registry-image
In the new Concourse 5.0.0 version, a new resource was released to track and upload Docker images to a registry, the registry-image-resource. This new resource is intended to replace the current docker-image-resource, as it’s more lightweight and simpler. Concourse announced that they intend to deprecate the current docker-image-resource in the future.
Switch Terraform Dynamodb tables and Vault Dynamodb backend to pay per request
Previously we were still on the default provisioned capacity for our tables. This however led to over provisioned tables and/or autoscaling to be in place. As of now we defaulted to the PPR cost type for internal Dynamodb tables and for the Dynamodb backend for our Vault setup. For application specific tables this is evaluated on a case-per-case basis.
More …Upgrade kops-based clusters to Kubernetes 1.11.10
We are in the process of upgrading our kops-managed Kubernetes clusters from v1.11.9 to v1.11.10. This is a bug fix release.
Upgrade Concourse to version 5.4.1
During the comming days, we’ll roll out Concourse version 5.4.1 to all our setups.
More …Upgrade to EKS 1.13
We have updated our AWS EKS-based reference solution to be compatible with Kubernetes 1.13. More specifically, EKS uses K8s v1.13.10.
More …Concourse task that checks the status of the service after the deployment
We extended the functionallity for the ECS deployments with concourse. After the service gets deployed Concourse would just exit because Terraform doesn’t take the deployment itself into account. This resulted in having false deploys sometimes without any clear reason what happened.
More …Prometheus-blackbox-exporter available as optional cluster addon
We’ve added the prometheus-blackbox-exporter as a K8s cluster addon which can be enabled upon request. The blackbox exporter can be used for probing HTTP(S), DNS, TCP and ICMP endpoints, for example to check whether an external resource is up/down.
More …Redshift monitoring via Prometheus
We have updated our stacks to support Redshift monitoring via the Prometheus Operator running on our K8s clusters. If you have Redshift running, you will now be able to see alerts in Alertmanager and on slack when there is something wrong with the cluster.
Neo4j monitoring via Prometheus
We have updated our stacks to support Neo4j monitoring (Neo4j >= 3.4) via the Prometheus Operator running on our K8s clusters. If you have Neo4j running, you will see metrics appearing in the new Neo4j Grafana dashboard.
Fix for dashboards HTTP 500 error when refreshing token
Since our SSO overhaul you might’ve been noticing sudden HTTP 500 errors while using the Alertmanager, Kubernetes of Prometheus dashboards when your token’s TTL expires.
More …A note on CVE-2019-11247
Two weeks ago a patch for Kubernetes vulnerability CVE-2019-11247 was released for K8s 1.13, 1.14 and 1.15. Unfortunately as of writing clusters using older K8s versions (like our kops-based 1.11 clusters) are still vulnerable.
More …Kubernetes dashboards ERR_TOO_MANY_REDIRECTS bug
During the past days you might’ve been getting ERR_TOO_MANY_REDIRECTS and or Bad Request - Login session expired errors. This bug was introduced during last week’s cluster add-ons upgrade.
Add Bitbucket, GitLab and Google authentication to Concourse
By default we only allowed authenticating to Concourse through GitHub and local users. It’s now possible to plug into other systems like Bitbucket, GitLab or Google.
More …Kubernetes add-on upgrades
In the following days we’ll be rolling-out a bunch of upgrades to the deployed add-ons on your clusters. You don’t have to do anything to apply these upgrades, we’ll do that for you. And it won’t cause any downtime to the cluster or your applications. We’ll first start with staging clusters, and production clusters will follow after a couple of days.
More …We're moving to EKS
The past months we’ve beeen heavily re-evaluting and testing AWS EKS as base for our reference solution. Today we can consider our platform GA and moving forward all new clusters will be setup using EKS.
More …Cluster and Persistent Volume backups with Velero 1.0
Staging Kubernetes clusters are now backed up through Heptio Velero. Production rollout is happening in the following days.
More …SSO / OAuth2 overhaul
We’ve completely updated our cluster’s Single-Sign-On setup, adding new features and fixing some long-standing bugs. What has changed:
More …Support for Cognito in ElasticSearch
in v2.3.8 we added support for Cognito and its options to our terraform-awselasticsearch module.