- 209
- 3 400 084
Anton Putra
United States
Registrace 13. 09. 2020
AWS - GCP - Azure - Kubernetes - Terraform
Kubernetes Storage & EKS CSI Driver Tutorial (ReadWriteOnce): AWS EKS Kubernetes Tutorial - Part 8
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
👉 [Playlist] AWS EKS Kubernetes Tutorial: czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl
1. Create AWS VPC using Terraform
2. Create AWS EKS Cluster using Terraform
3. Add IAM User & IAM Role to AWS EKS
4. Horizontal Pod Autoscaler (HPA) on AWS EKS
5. Cluster Autoscaler Tutorial (EKS Pod Identities)
6. AWS Load Balancer Controller Tutorial (TLS)
7. Nginx Ingress Controller Tutorial (Cert-Manager & TLS)
8. CSI Driver Tutorial (ReadWriteOnce)
9. EFS CSI Driver Tutorial (ReadWriteMany)
10. AWS Secrets Manager Tutorial (Env & Files)
Based on the feedback, I’ll add the following sections (let me know if anything else is missing):
- Autoscaling with Karpenter
- Autoscaling with Keda
- Private Ingress with Private DNS & VPN
- Monitoring with Prometheus
- EKS self managed group
- EKS Fargate
- EKS Pod Identities vs. EKS IRSA (oidc) vs. Node roles
▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬
► I’m a Senior Software Engineer at Juniper Networks (12+ years of experience)
► Located in San Francisco Bay Area, CA (US citizen)
▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬
► LinkedIn: www.linkedin.com/in/anton-putra
► Twitter/X: antonvputra
► GitHub: github.com/antonputra
► Email: me@antonputra.com
▬▬▬▬▬▬ Related videos 👨🏫 ▬▬▬▬▬▬
👉 [Playlist] Kubernetes Tutorials: czcams.com/play/PLiMWaCMwGJXnHmccp2xlBENZ1xr4FpjXF.html
👉 [Playlist] Terraform Tutorials: czcams.com/play/PLiMWaCMwGJXmJdmfJjG3aK1IkU7oWvxIj.html
👉 [Playlist] Network Tutorials: czcams.com/play/PLiMWaCMwGJXluySjXqWG6fg1H1hzd-zWz.html
👉 [Playlist] Apache Kafka Tutorials: czcams.com/play/PLiMWaCMwGJXlL8-E-xu8RBwyC5YfS3V5e.html
👉 [Playlist] Performance Benchmarks: czcams.com/play/PLiMWaCMwGJXl-h2RgOSpdO-pQaSRwlVjd.html
👉 [Playlist] Database Tutorials: czcams.com/play/PLiMWaCMwGJXnhmmh5pu9sdWekdRwAzV5f.html
▬▬▬▬▬▬▬ Timestamps ⏰ ▬▬▬▬▬▬▬
0:00 Overview
2:26 Install EKS CSI Driver
3:45 Demo
▬▬▬▬▬▬▬ Source Code 📚 ▬▬▬▬▬▬▬
► GitHub: github.com/antonputra/tutorials/tree/main/lessons/195
#AWS #EKS #Kubernetes #K8s
👉 [Playlist] AWS EKS Kubernetes Tutorial: czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl
1. Create AWS VPC using Terraform
2. Create AWS EKS Cluster using Terraform
3. Add IAM User & IAM Role to AWS EKS
4. Horizontal Pod Autoscaler (HPA) on AWS EKS
5. Cluster Autoscaler Tutorial (EKS Pod Identities)
6. AWS Load Balancer Controller Tutorial (TLS)
7. Nginx Ingress Controller Tutorial (Cert-Manager & TLS)
8. CSI Driver Tutorial (ReadWriteOnce)
9. EFS CSI Driver Tutorial (ReadWriteMany)
10. AWS Secrets Manager Tutorial (Env & Files)
Based on the feedback, I’ll add the following sections (let me know if anything else is missing):
- Autoscaling with Karpenter
- Autoscaling with Keda
- Private Ingress with Private DNS & VPN
- Monitoring with Prometheus
- EKS self managed group
- EKS Fargate
- EKS Pod Identities vs. EKS IRSA (oidc) vs. Node roles
▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬
► I’m a Senior Software Engineer at Juniper Networks (12+ years of experience)
► Located in San Francisco Bay Area, CA (US citizen)
▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬
► LinkedIn: www.linkedin.com/in/anton-putra
► Twitter/X: antonvputra
► GitHub: github.com/antonputra
► Email: me@antonputra.com
▬▬▬▬▬▬ Related videos 👨🏫 ▬▬▬▬▬▬
👉 [Playlist] Kubernetes Tutorials: czcams.com/play/PLiMWaCMwGJXnHmccp2xlBENZ1xr4FpjXF.html
👉 [Playlist] Terraform Tutorials: czcams.com/play/PLiMWaCMwGJXmJdmfJjG3aK1IkU7oWvxIj.html
👉 [Playlist] Network Tutorials: czcams.com/play/PLiMWaCMwGJXluySjXqWG6fg1H1hzd-zWz.html
👉 [Playlist] Apache Kafka Tutorials: czcams.com/play/PLiMWaCMwGJXlL8-E-xu8RBwyC5YfS3V5e.html
👉 [Playlist] Performance Benchmarks: czcams.com/play/PLiMWaCMwGJXl-h2RgOSpdO-pQaSRwlVjd.html
👉 [Playlist] Database Tutorials: czcams.com/play/PLiMWaCMwGJXnhmmh5pu9sdWekdRwAzV5f.html
▬▬▬▬▬▬▬ Timestamps ⏰ ▬▬▬▬▬▬▬
0:00 Overview
2:26 Install EKS CSI Driver
3:45 Demo
▬▬▬▬▬▬▬ Source Code 📚 ▬▬▬▬▬▬▬
► GitHub: github.com/antonputra/tutorials/tree/main/lessons/195
#AWS #EKS #Kubernetes #K8s
zhlédnutí: 205
Video
Nginx Ingress Controller Tutorial (Cert-Manager & TLS): AWS EKS Kubernetes Tutorial - Part 7
zhlédnutí 1KPřed 15 hodinami
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [Playlist] AWS EKS Kubernetes Tutorial: czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl 1. Create AWS VPC using Terraform 2. Create AWS EKS Cluster using Terraform 3. Add IAM User & IAM Role to AWS EKS 4. Horizontal Pod Autoscaler (HPA) on AWS EKS 5. Cluster Au...
AWS Load Balancer Controller Tutorial (TLS): AWS EKS Kubernetes Tutorial - Part 6
zhlédnutí 1,6KPřed dnem
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [Playlist] AWS EKS Kubernetes Tutorial: czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl 1. Create AWS VPC using Terraform 2. Create AWS EKS Cluster using Terraform 3. Add IAM User & IAM Role to AWS EKS 4. Horizontal Pod Autoscaler (HPA) on AWS EKS 5. Cluster Au...
Cluster Autoscaler Tutorial (EKS Pod Identities): AWS EKS Kubernetes Tutorial - Part 5
zhlédnutí 1,2KPřed dnem
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [Playlist] AWS EKS Kubernetes Tutorial: czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl 1. Create AWS VPC using Terraform 2. Create AWS EKS Cluster using Terraform 3. Add IAM User & IAM Role to AWS EKS 4. Horizontal Pod Autoscaler (HPA) on AWS EKS 5. Cluster Au...
Horizontal Pod Autoscaler (HPA) on AWS EKS: AWS EKS Kubernetes Tutorial - Part 4
zhlédnutí 1,5KPřed dnem
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [Playlist] AWS EKS Kubernetes Tutorial: czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl 1. Create AWS VPC using Terraform 2. Create AWS EKS Cluster using Terraform 3. Add IAM User & IAM Role to AWS EKS 4. Horizontal Pod Autoscaler (HPA) on AWS EKS 5. Cluster Au...
Add IAM User & IAM Role to AWS EKS: AWS EKS Kubernetes Tutorial - Part 3
zhlédnutí 1,8KPřed 14 dny
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [Playlist] AWS EKS Kubernetes Tutorial: czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl 1. Create AWS VPC using Terraform 2. Create AWS EKS Cluster using Terraform 3. Add IAM User & IAM Role to AWS EKS 4. Horizontal Pod Autoscaler (HPA) on AWS EKS 5. Cluster Au...
Create AWS EKS Cluster using Terraform: AWS EKS Kubernetes Tutorial - Part 2
zhlédnutí 2,9KPřed 14 dny
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [Playlist] AWS EKS Kubernetes Tutorial: czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl 1. Create AWS VPC using Terraform 2. Create AWS EKS Cluster using Terraform 3. Add IAM User & IAM Role to AWS EKS 4. Horizontal Pod Autoscaler (HPA) on AWS EKS 5. Cluster Au...
Create AWS VPC using Terraform: AWS EKS Kubernetes Tutorial - Part 1
zhlédnutí 4KPřed 21 dnem
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [Playlist] AWS EKS Kubernetes Tutorial: czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl 1. Create AWS VPC using Terraform 2. Create AWS EKS Cluster using Terraform 3. Add IAM User & IAM Role to AWS EKS 4. Horizontal Pod Autoscaler (HPA) on AWS EKS 5. Cluster Au...
What is a Columnar Database? (vs. Row-oriented Database)
zhlédnutí 1,6KPřed měsícem
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com ▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬ ► I’m a Senior Software Engineer at Juniper Networks (12 years of experience) ► Located in San Francisco Bay Area, CA (US citizen) ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ ► LinkedIn: www.linkedin.com/in/anton-putra ► Twitter/X: antonvputra ► GitHub: g...
How to debug Kubernetes Ingress? (TLS - Cert-Manager - HTTP-01 & DNS-01 Challenges)
zhlédnutí 4,1KPřed měsícem
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com ▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬ ► I’m a Senior Software Engineer at Juniper Networks (12 years of experience) ► Located in San Francisco Bay Area, CA (US citizen) ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ ► LinkedIn: www.linkedin.com/in/anton-putra ► Twitter/X: antonvputra ► GitHub: g...
How to debug Kubernetes? (Deployments, Services & Ingress)
zhlédnutí 4,9KPřed měsícem
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com ▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬ ► I’m a Senior Software Engineer at Juniper Networks (12 years of experience) ► Located in San Francisco Bay Area, CA (US citizen) ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ ► LinkedIn: www.linkedin.com/in/anton-putra ► Twitter/X: antonvputra ► GitHub: g...
Kubernetes RBAC Explained
zhlédnutí 7KPřed měsícem
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com ▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬ ► I’m a Senior Software Engineer at Juniper Networks (12 years of experience) ► Located in San Francisco Bay Area, CA (US citizen) ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ ► LinkedIn: www.linkedin.com/in/anton-putra ► Twitter/X: antonvputra ► GitHub: g...
Types of Load Balancing Algorithms (Animated + Code Examples)
zhlédnutí 3,4KPřed 2 měsíci
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com ▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬ ► I’m a Senior Software Engineer at Juniper Networks (12 years of experience) ► Located in San Francisco Bay Area, CA (US citizen) ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ ► LinkedIn: www.linkedin.com/in/anton-putra ► Twitter/X: antonvputra ► GitHub: g...
What is a Reverse Proxy? (vs. Forward Proxy) | Proxy servers explained
zhlédnutí 3,4KPřed 2 měsíci
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com ▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬ ► I’m a Senior Software Engineer at Juniper Networks (12 years of experience) ► Located in San Francisco Bay Area, CA (US citizen) ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ ► LinkedIn: www.linkedin.com/in/anton-putra ► Twitter/X: antonvputra ► GitHub: g...
What Is a Graph Database? (Animated + Practice)
zhlédnutí 1,4KPřed 2 měsíci
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com ▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬ ► I’m a Senior Software Engineer at Juniper Networks (12 years of experience) ► Located in San Francisco Bay Area, CA (US citizen) ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ ► LinkedIn: www.linkedin.com/in/anton-putra ► Twitter/X: antonvputra ► GitHub: g...
Docker Networking Tutorial (Bridge - None - Host - IPvlan - Macvlan - Overlay)
zhlédnutí 15KPřed 3 měsíci
Docker Networking Tutorial (Bridge - None - Host - IPvlan - Macvlan - Overlay)
Kubernetes Health Checks: Liveness vs. Readiness vs. Startup Probe
zhlédnutí 9KPřed 5 měsíci
Kubernetes Health Checks: Liveness vs. Readiness vs. Startup Probe
Types of Databases: Relational vs. Columnar vs. Document vs. Graph vs. Vector vs. Key-value & more
zhlédnutí 24KPřed 5 měsíci
Types of Databases: Relational vs. Columnar vs. Document vs. Graph vs. Vector vs. Key-value & more
Container vs. Pod vs. Deployment vs. StatefulSet: Kubernetes Tutorial
zhlédnutí 11KPřed 5 měsíci
Container vs. Pod vs. Deployment vs. StatefulSet: Kubernetes Tutorial
Kubernetes Autoscaling: HPA vs. VPA vs. Keda vs. CA vs. Karpenter vs. Fargate
zhlédnutí 16KPřed 6 měsíci
Kubernetes Autoscaling: HPA vs. VPA vs. Keda vs. CA vs. Karpenter vs. Fargate
Go (Golang) vs Python Performance Benchmark (Kubernetes - OpenTelemetry - Prometheus - S3/Postgres)
zhlédnutí 8KPřed 7 měsíci
Go (Golang) vs Python Performance Benchmark (Kubernetes - OpenTelemetry - Prometheus - S3/Postgres)
ArgoCD Notifications (Successful/Failed Deployments)
zhlédnutí 7KPřed 7 měsíci
ArgoCD Notifications (Successful/Failed Deployments)
OpenTelemetry Golang Tutorial (Tracing in Grafana & Kubernetes & Tempo)
zhlédnutí 12KPřed 7 měsíci
OpenTelemetry Golang Tutorial (Tracing in Grafana & Kubernetes & Tempo)
Azure Kubernetes Service (AKS) Tutorial: (Terraform - Nginx Ingress & TLS - OIDC Workload Identity)
zhlédnutí 10KPřed 7 měsíci
Azure Kubernetes Service (AKS) Tutorial: (Terraform - Nginx Ingress & TLS - OIDC Workload Identity)
Crossplane Tutorial (vs Terraform): Create AWS VPC - EKS - IRSA - Cluster Autoscaler - CSI Driver #1
zhlédnutí 9KPřed 8 měsíci
Crossplane Tutorial (vs Terraform): Create AWS VPC - EKS - IRSA - Cluster Autoscaler - CSI Driver #1
AWS App Mesh Tutorial (EKS | Ingress | Terraform)
zhlédnutí 6KPřed 8 měsíci
AWS App Mesh Tutorial (EKS | Ingress | Terraform)
Kubernetes Ingress Explained (2 Types)
zhlédnutí 28KPřed 9 měsíci
Kubernetes Ingress Explained (2 Types)
Thanks Anton
Thank you for the vedios.. is it possible for you do vedios on GKE please
Great video! Helped me finding a couple of issues in a cluster setup. If you don't mind the question, is there any reason you choose not to use the VPC CNI addon?
love this type of visual explanation, saved my time , thank you so much..
thanks!
Thank you for the lesson. If you don't mind, I have a few questions related to this part. So we need to use PV/PVC for stateful applications, like databases and so on. So I think in case of a disaster, we should be able to recover the data easily, right? Could you shed some light on that? Maybe in the next lessons. Because the current setup with ReclaimPolicy: Delete will delete all the data inside the pvc/pv in case of statefulset recreation, if I understood correctly. Therefore, it will be useful to know how to backup data inside PV/PVC properly and how to restore it easily and mount data back to the new statefulset (in case of recreation) P.S Sorry for the long read 😅
Actually, in many cases, recovering data is not necessary. For example, if you lose one Kafka broker or one node from a Cassandra ring, they will recover data automatically after they rejoin the cluster. However, when it comes to standalone databases like PostgreSQL, it is a bit more challenging. There are mechanisms to back up volumes, but you really want to test them at scale, not just in a development cluster. Volume Snapshots - kubernetes.io/docs/concepts/storage/volume-snapshots/
Part 9 will be released in 2 days. Playlist - czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=Ku0ay7zUEKgfcVcb 1. Create AWS VPC using Terraform 2. Create AWS EKS Cluster using Terraform 3. Add IAM User & IAM Role to AWS EKS 4. Horizontal Pod Autoscaler (HPA) on AWS EKS 5. Cluster Autoscaler Tutorial (EKS Pod Identities) 6. AWS Load Balancer Controller Tutorial (TLS) 7. Nginx Ingress Controller Tutorial (Cert-Manager & TLS) 8. CSI Driver Tutorial (ReadWriteOnce) 9. EFS CSI Driver Tutorial (ReadWriteMany) 10. AWS Secrets Manager Tutorial (Env & Files) Based on the feedback, I’ll add the following sections (let me know if anything else is missing): - Autoscaling with Karpenter - Autoscaling with Keda - Private Ingress with Private DNS & VPN - Monitoring with Prometheus - EKS self managed group - EKS Fargate - EKS Pod Identities vs. EKS IRSA (oidc) vs. Node roles
autoscaling with keda thanks for adding it
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
Can someone show me some GUI or how things work inside Kafka, not just diagram bullshit...
thanks for the feedback, i'm planning to refresh the course and will include "gui" Lenses interface
Thank you!!!
I’m so grateful to you. ⭐️
thanks! 🫡
This playlist is pure gold!
Three more to go! 😀
@@AntonPutra 👏👏👏
Is this good to use for production bro? With help of certmanager to renewal the TLS certificates?
Yes I’ve been using this setup for the last 4 years. Just make sure you use valid email, it saved me few times
@@AntonPutra love you bro
To tear down cluster, first run "terraform destroy --target helm_release.external_nginx" then "terraform destroy"
nginx ingress controller is one of the alternatives for the aws load balancer controller , then why do we need to install aws load balancer also before installing nginx controller ? got confused.. could you please explain insights here
You need the AWS Load Balancer Controller to create an NLB with IP mode (the target group for the load balancer will only contain the pod's IP addresses). Without the AWS Load Balancer Controller, you can only use "instance mode," which adds all your Kubernetes workers to the target group and uses NodePorts. It's not a hard requirement for the NGINX ingress; it's just an improvement.
What software are you using for these cool animation at 0:26 ?
i use adobe suite
Hi, I know this is a bit off-topic, but I have a question. I'm using ingress-nginx on EKS with an NLB (externalTrafficPolicy: Local), and my target group instances are showing as unhealthy. Any advice on resolving this? also it's a private cluster..so shoudl i try DaemonSet instead Deployment , trying to understand what's the best recommended approach
It's normal if you use "instance mode," which is the default. The load balancer will add all Kubernetes workers and only show healthy instances where you run your pods.
Hi Anton for enabling Pod identity and start using in eks we need to disable oidc ? I did not understand the part where you mention "if we use oidc we have to specify service account" could you clarify ?
No, you can use both EKS pod identities and OIDC simultaneously. Actually, in section 9, the EFS CSI driver does not support pod identities yet, and I use OIDC to grant permissions. So it's safe to use both in the same cluster.
@@AntonPutra awesome Anton thanks for sharing your knowledge
What is the advantage of using cert manager with lets encrypt on acm? It seems much more complicated to maintain.
you mean then annotation with aws certificate manager? well it's the only way to automate if you want to use nginx ingress controller
Yes. What do you mean it is the only way?
@@usarov TLS is terminated on nginx controller level, you can manually create "tls" kubernetes secret with private key and certificate or you can automate with cert-manager. When using ALB you can use annotation and attach TLS certificate to ALB itself. TLS will be terminated on the load balancer.
its official - i hit the bell icon. Well done @AntonPutra.
😂
thank you
Welcome! I'll release the updated version in about a week. The biggest difference is the ability to parse JSON secrets and mount them as single values, such as 'devops123', instead of {'password': 'devops123'}.
Thanks for sharing one more awesome lesson, any plans to make a video on using AWS private certificate authority (ACM) with aws-pca-issuer add-on ? thanks
Thanks, yeah, I will consider it. Can you describe your use case, or just in general, the most common use cases for this integration?
@@AntonPutra our environment is a private setup (secure), so we can't use letsencrypt also it's internal traffic, so have to be ACM, it will be great if you can create one, i have just started working on it, so was looking around, if someone have already created on. thanks
@@user-qv2gl3wl5s got it thanks, to secure your internal services
@@user-qv2gl3wl5s, you can use ALB ingress controller and launch internal facing load balancer with ACM on EKS
Thank you so much. Thank you thank you thank you
Most welcome 😊
why nlb and not alb ?
There is no need for an ALB (Application Load Balancer). It's slower, more expensive, and provides no benefits when used with NGINX Ingress. All Layer 7 routing is handled by the controller itself.
Great lesson, as always. Keep it going!
thank you again!
Ladies and Gentlemen, here we go again ......
?
@@AntonPutra The much awaited playlist
@@twizzoe ❤
Thank you for your hard work! Any plans on Pulumi IaC tutorials?
thanks, yes i got couple of requests for other iac tools including Pulumi
Part 8 will be released in 2 days. Playlist - czcams.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=Ku0ay7zUEKgfcVcb 1. Create AWS VPC using Terraform 2. Create AWS EKS Cluster using Terraform 3. Add IAM User & IAM Role to AWS EKS 4. Horizontal Pod Autoscaler (HPA) on AWS EKS 5. Cluster Autoscaler Tutorial (EKS Pod Identities) 6. AWS Load Balancer Controller Tutorial (TLS) 7. Nginx Ingress Controller Tutorial (Cert-Manager & TLS) 8. CSI Driver Tutorial (ReadWriteOnce) 9. EFS CSI Driver Tutorial (ReadWriteMany) 10. AWS Secrets Manager Tutorial (Env & Files) Based on the feedback, I’ll add the following sections (let me know if anything else is missing): - Autoscaling with Karpenter - Autoscaling with Keda - Private Ingress with Private DNS & VPN - Monitoring with Prometheus - EKS self managed group - EKS Fargate - EKS Pod Identities vs. EKS IRSA (oidc) vs. Node roles
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
Working fine, but doesn't seem to work with secret auto-rotation. What is the best way to apply changes to the secret store.
Have you tried the latest version of both controllers? Is there a specific error, or did you not find that functionality?
@@AntonPutra Making sure the controllers where up-to-date seems to have done the trick. Restarting my pods is now updating the secret. There was no specific error but the new secret wasn't being grabbed. Many thanks, love your videos, always super helpful.
@@joshualegg3750 I'll release the updated version in about a week. The biggest difference is the ability to parse JSON secrets and mount them as single values, such as 'devops123', instead of {'password': 'devops123'}.
Add more SSO on AWS
ok will do
7 minutes of video do way more than a whole month of classes. What an awesome video
❤️
is there any video available for eks security group ?
Is there anything specific you are interested in? In part 9, I use EKS security groups to allow access to the EFS file system. Something like this: resource "aws_efs_mount_target" "zone_a" { file_system_id = aws_efs_file_system.eks.id subnet_id = aws_subnet.private_zone1.id security_groups = [aws_eks_cluster.eks.vpc_config[0].cluster_security_group_id] }
@@AntonPutra yes sir like pod security group means you can directly attach security groups to pods and like how to attach security group to eks using terraform
@@kalpeshkolap3525 got it will do- docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
Thanks for the video. very insightful.❤ quick query: How can we share values between staging and production using this architecture?
you can use read_terragrunt_config function example: locals { common_vars = read_terragrunt_config(find_in_parent_folders("common.hcl")) } reference - terragrunt.gruntwork.io/docs/reference/built-in-functions/#read_terragrunt_config
Hi, very good playlist, thanks a lot. I am facing an error when I try to install alb controller: "unable to initialize AWS cloud","error":"failed to introspect vpcID from EC2Metadata or Node name, specify --aws-vpc-id instead if EC2Metadata", I am using the same scripts, The only difference is the cluster version, I am using 1.30.
try to use the latest helm chart version for the aws load balancer controller, I'll test 1.30 in about a week and update the terraform code Run to get the latest verion: helm repo update helm search repo aws-load-balancer-controller
@@AntonPutra Hi, I try with 1.8.2 version, but it doesnt work. So I used cluster version 1.29 and It works. Thanks for your answer.
@@jesdavidgomez well, eks 1.30 was introduce a week or two ago, maybe it wasn't enough time to update load balancer controller. But like I said I'll be updating source code for this playlist 1 or 2 times a month moving forward.
Hello, when I deployed the loadbalancer, it says: "Failed build model due to AccessDenied: User: arn:aws:sts::714343735212:assumed-role/staging-simantep-eks-nodes/i-05a02cc5b9d76678b is not authorized to perform: elasticloadbalancing:DescribeLoadBalancers because no identity-based policy allows the elasticloadbalancing:DescribeLoadBalancers action"
helo anton please advice, when I tried to update-kubeconfig with eks-admin it says: "when calling the DescribeCluster operation: The security token included in the request is invalid"
you have tried this? delete credentials and reconfigure? also try to clean aws cache stackoverflow.com/questions/34582318/how-can-i-resolve-the-error-the-security-token-included-in-the-request-is-inval
@@AntonPutra I sloved the issue, thanks.
@@mzw8374 what was the issue? just that i know if someone else facing the same problem
@@AntonPutra As same as what you shared from the stackoverflow, I reset everything and re-applied terraform
@@mzw8374 ok thanks
what benchmarking platform do you use?
In that specific case, I used AWS and t3a.small instances. I ran tests multiple times (creating new EC2 instances each time) with the same results. github.com/antonputra/tutorials/blob/main/lessons/144/terraform/10-traefik-ec2.tf#L3 github.com/antonputra/tutorials/blob/main/lessons/144/terraform/11-nginx-ec2.tf#L3
@@AntonPutra thanks bro, that monitoring with traffic and latency graph is it part of aws service or another platform too?
@@stephen.cabreros It's open source prometheus and grafana, i have all components and dashboards in my repo just in case you want to reproduce
@@AntonPutra ok I'll check it, thank you for this
You just gained my fellowship. You did a terrific explanation. Especially that visual representation, Awesome!
thank you!!
Thanks for the great content, my question is, can you please explain how did you do this without the need to auth terraform with your aws account? Thanks
Not sure if i understood the question, but aws terraform provider can use default aws profile that you can configure with "aws configure" command
This is legacy version. It would be greate if you make an other video about GitHub Actions Self Hosted Runner with runner-scale-set chart and runner-scale-set-controller chart.
I was thinking about refreshing. Maybe I'll create a mini playlist for GitHub Actions.
Apps can use the same ALB with a simple groupname annotation
They can, but there are some limitations - kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/annotations/#ingressgroup
Thank you for the lesson! I have one question about certificates. Are there any ways to automate this, just like we can do with cert-manager + nginx ingress? If we don't want to store the certificate ARN directly in the kubernetes manifests... Because it seems to me that it's not very error-resistant in this case and we need always to update it manually in case of changing the certificate ARN for some reason
One way I can think of doing this is to create a higher abstraction. For example, to create and validate a certificate, you can use Terraform. Then, you can pass the ARN of the certificate from Terraform to the Helm chart as an argument responsible for deploying your application. The AWS Load Balancer Controller by itself does not provide any options to automate this.
To whom it may concern, I had to use the EIP Allocation ID for two EIPs associated with NAT Gateways, otherwise I would have an EC2-Classic error.
that's for the update, best way to find how to import is terraform resource page
Thank you So much Genius, Could you please help me with ordered steps involved to upgrade eks cluster briefly ... i have followed below steps . could u pls validate and correct me if the order is not proper. 1. backup (kubectl get all --A -o yaml > backup.yaml 2. upgrade control plane throu aws console 3. upgrade node groups 4. upgrade addons (each verison at a time) by preserving 5. validate coredns etc...
Seems correct. However, from time to time, Kubernetes deprecates some APIs. For example, it deprecated the Ingress beta API. So, you should check before upgrading your cluster to see if you have anything that needs to be updated.
Very good explanation, a quick refresher videos. thx
thanks!
Hi Anton! I have 10 users in AWS SSO (IAM Identity Center) that need EKS console access to view pods and nodes. They don't need cluster login, just console access. I have an IAM policy for this, but I'm unsure how to parse it into the aws-auth configmap. I know how to do this for normal IAM users and groups but can't figure out how to add an SSO group.
I have updated video - czcams.com/video/6COvT1Zu9o0/video.html, using new API approach, do you have to still use auth configma?
@@AntonPutra yes we still use configmap
@@George-mk7lp ok, let me test - docs.aws.amazon.com/eks/latest/userguide/view-kubernetes-resources.html#view-kubernetes-resources-permissions
Thanks 🙏
welcome!
Excellent !! It will be helpful if you share the exact link for git to get the terraform code.
thanks, it's in description - github.com/antonputra/tutorials/tree/main/lessons/195
Absolutly loving this series, so happy that i've found it right when i wanted to setup my own eks cluster I'd like to see how deploying multiple apps would work with your guide, like Grafana, Prometheus and Loki for example, exposed with subdomain but also accessible from within the cluster by other services. Don't see that in the additional sections you've commented Keep up the good work!
Thank you! I have few additional lessons on EKS that will cover client side VPN + Private Route 53 hosted zones and internal Ingresses (pushing private DNS as VPN config)
Loving these playlist
❤️