Think Twice Before Adopting EKS Auto Mode

I’ve been using AWS’ EKS service for many years. What began as a bare bones offering has slowly and steadily added more features over the years. Amazon recently announced “auto” mode for EKS clusters. In this new mode AWS manages a Karpenter installation, core addons such as coredns and vpc-cni, as well as the underlying ec2 nodes. On paper this sounds great, but as always the devil is in the details. In this instance, it is important to be aware of the ~ 10% price premium for this mode. In auto mode AWS will charge an hourly rate for the ec2 instances in addition to the standard instance charge. While some folks may find this a fair trade off, I would not choose this mode myself. I run clusters using Karpenter as the autoscaler and use bottlerocket-os for the underlying nodes. In this configuration the management overhead is extremely low. I even gave a short talk on this setup for AWS a while back. IMO, if you are already running an EKS cluster using Karpenter and Bottlerocket you have little to gain from auto mode relative to the price premium. ...

December 9, 2024 · 1 min · dschaaff

Lets Encrypt Bug Requires Reissue of Certificates by Cert-Manager in Kubernetes

I received a fun email from Lets Encrypt today letting me know that they were revoking all of my certificates on March 4. The bug is described here. All of my certificates are managed by cert-manager inside Kubernetes. This led to the fun challenge of figuring out how to force a reissue of every certificate. There were 2 approaches that came up in the Kubernetes community slack. Delete all secrets containing cert-manager issued certificates. ...

March 3, 2020 · 1 min · dschaaff