Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade CA version in aws example and fix autodiscover example #1864

Merged
merged 1 commit into from
Apr 5, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cluster-autoscaler/cloudprovider/aws/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ If you'd like to scale node groups from 0, an `autoscaling:DescribeLaunchConfigu
```

## Common Notes and Gotchas:
- The `/etc/ssl/certs/ca-certificates.crt` should exist by default on your ec2 instance. If you use Amazon Linux 2 (EKS worker node AMI by default), use `/etc/kubernetes/pki/ca.crt` instead for the volume hostPath in your cluster autoscaler manifest.
- The `/etc/ssl/certs/ca-bundle.crt` should exist by default on ec2 instance in your EKS cluster. If you use other cluster privision tools like [kops](https://github.com/kubernetes/kops) with different operating systems other than Amazon Linux 2, please use `/etc/ssl/certs/ca-certificates.crt` or correct path on your host instead for the volume hostPath in your cluster autoscaler manifest.
- Cluster autoscaler does not support Auto Scaling Groups which span multiple Availability Zones; instead you should use an Auto Scaling Group for each Availability Zone and enable the [--balance-similar-node-groups](../../FAQ.md#im-running-cluster-with-nodes-in-multiple-zones-for-ha-purposes-is-that-supported-by-cluster-autoscaler) feature. If you do use a single Auto Scaling Group that spans multiple Availability Zones you will find that AWS unexpectedly terminates nodes without them being drained because of the [rebalancing feature](https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.html#arch-AutoScalingMultiAZ).
- EBS volumes cannot span multiple AWS Availability Zones. If you have a Pod with Persistent Volume in an AZ, It must be running on a k8s/EKS node which is in the same Availability Zone of the Persistent Volume. If AWS Auto Scaling Group launches a new k8s/EKS node in different AZ and moves this Pod into the new node, The Persistent volume in previous AZ will not be available from the new AZ. The pod will stay in Pending status. The Workaround is using a single AZ for the k8s/EKS nodes.
- By default, cluster autoscaler will not terminate nodes running pods in the kube-system namespace. You can override this default behaviour by passing in the `--skip-nodes-with-system-pods=false` flag.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ spec:
spec:
serviceAccountName: cluster-autoscaler
containers:
- image: k8s.gcr.io/cluster-autoscaler:v1.3.6
- image: k8s.gcr.io/cluster-autoscaler:v1.12.3
name: cluster-autoscaler
resources:
limits:
Expand All @@ -142,9 +142,7 @@ spec:
- --cloud-provider=aws
- --skip-nodes-with-local-storage=false
- --expander=least-waste
- >-
--node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,
k8s.io/cluster-autoscaler/<YOUR CLUSTER NAME>
- --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/<YOUR CLUSTER NAME>
volumeMounts:
- name: ssl-certs
mountPath: /etc/ssl/certs/ca-certificates.crt
Expand All @@ -153,4 +151,4 @@ spec:
volumes:
- name: ssl-certs
hostPath:
path: "/etc/ssl/certs/ca-certificates.crt"
path: "/etc/ssl/certs/ca-bundle.crt"
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ spec:
spec:
serviceAccountName: cluster-autoscaler
containers:
- image: k8s.gcr.io/cluster-autoscaler:v1.3.6
- image: k8s.gcr.io/cluster-autoscaler:v1.12.3
name: cluster-autoscaler
resources:
limits:
Expand All @@ -152,4 +152,4 @@ spec:
volumes:
- name: ssl-certs
hostPath:
path: "/etc/ssl/certs/ca-certificates.crt"
path: "/etc/ssl/certs/ca-bundle.crt"
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ spec:
spec:
serviceAccountName: cluster-autoscaler
containers:
- image: k8s.gcr.io/cluster-autoscaler:v1.3.6
- image: k8s.gcr.io/cluster-autoscaler:v1.12.3
name: cluster-autoscaler
resources:
limits:
Expand All @@ -150,4 +150,4 @@ spec:
volumes:
- name: ssl-certs
hostPath:
path: "/etc/ssl/certs/ca-certificates.crt"
path: "/etc/ssl/certs/ca-bundle.crt"
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ spec:
nodeSelector:
kubernetes.io/role: master
containers:
- image: k8s.gcr.io/cluster-autoscaler:v1.3.6
- image: k8s.gcr.io/cluster-autoscaler:v1.12.3
name: cluster-autoscaler
resources:
limits:
Expand All @@ -157,4 +157,4 @@ spec:
volumes:
- name: ssl-certs
hostPath:
path: "/etc/ssl/certs/ca-certificates.crt"
path: "/etc/ssl/certs/ca-bundle.crt"