Hello, my backend is configured with ECS Service connect.. my service and task definition health status is healthy but my discovery instance status is unknown. So I am not able to communicate from frontend to backend
@komronuКүн бұрын
Good afternoon! Very cool explanation, thank you. There is one problem with this approach: it often happens that more than one application works in the same namespace (for example, there can be more than one Deployment in the same namespace). Since Pod Identity assigns a Role that allows S3 access at the level of a particular namespace, this gives other Deployments and StatefulSets the ability to use this access, doesn't it?🤔 For now, it is better to create a service account in the old way and then hardcode it only to a specific Deployment. Alternatively, create a separate namespace for each Deployment so that access for one namespace is not used by other services as well. Correct me if I'm wrong about something. 🙏
@svennam92Күн бұрын
Good question-Pod Identity works directly with service accounts within a namespace, so only the pods associated with the Kubernetes service account get the IAM permissions.
@tuapuikia2 күн бұрын
Currently, my game server (UDP) is in a public subnet. I'm going to experiment with an EKS dual-stack cluster to make the game server accessible to an IPv6 audience.
@DevOpsGang3 күн бұрын
Thanks it is working fine kzfaq.info/get/bejne/iM2Bhbx1ns3aaIE.html
@imharry4044 күн бұрын
great
@balamurugant647912 күн бұрын
Thanks Sai, Sahar and Nirmal Can you give me step by step tutorial link to learn eBpf
I've said it before and I'll say it again: Hardware is to a VM what an OS Kernel is to a container
@mohanpannirselvam410213 күн бұрын
Truning open source into a money making cow.Well done AWS
@thechunwu15 күн бұрын
It wasn’t clear what the added value of using eks pod identity was? Maybe it’s my misunderstanding, thanks in advance!
@svennam92Күн бұрын
While IRSA also let you connect pods to IAM roles, the added value is a number of optimizations: 1) With IRSA you had to make an OIDC endpoint to setup the trust relationship-now you don't have to make an OIDC endpoint and roles can be easily scoped to many clusters. 2) Cluster admins tend to not be the same admins that have privileged AWS IAM access-EKS Pod Identity means less back and forth. 3) Operators can setup EKS clusters in one step-with IRSA you had to wait for cluster to be "Ready" before configuring it.
@jayshah861816 күн бұрын
Hello Team, great explanation thank you for it :) Just had a question that if we enable image scanning for our all production private ECR repositories, will there be any downtime or an impact for those repositories? As they are production repositories had a bit concern on it.
@ahmedsaif454117 күн бұрын
Thank you for this valuable video
@MrVicky8918 күн бұрын
It's great tool. I've reduced my container pull time from 40s to 20s. But I think option, Creating SOCI Index, should be integrated as part of the ECR container registry. Somthing simple as an option to create SOCI Index for customer.
@ramoss.a.266918 күн бұрын
Very nice explanation. Thank you
@peterbratu20 күн бұрын
You should feel bad for making this video.
@mark-white-66621 күн бұрын
Wow! Talking about hiding the sun with a finger. ;) You can use Terraform to do that better but if you are only focused on containers this might be the way to go.
@chris062822 күн бұрын
AWS Pricing for managed Airflow instance is daylight robbery 🙄
@sdaoud3123 күн бұрын
You’re the best 😂😂😂
@flyingwings-learningisfun27 күн бұрын
Should end to end demo makes sense what is the iam role added etc
@tosinfaleyimu840527 күн бұрын
Great analogy!
@marota123Ай бұрын
I wish it was that easy, just spent 2 full days trying to get a simple env.subdomain or env-subdomain or anything subdomain to work and it's just impossible with copilot.
@rorschach3285Ай бұрын
Me on my way to use Fargate and Saving Plans
@oe5019Ай бұрын
Great Content! Please keep with the Good Job, as Monitoring is crucial, especially in the cloud.
@DheerajYadav-pf1yvАй бұрын
Hi @Containers from the Couch ..... I have tested the same polices as described in the video, enforce mode is working correctly but when use Audit mode, then it is still blocking the container creation, also for any container signing check, whether it is Enforce mode or in Audit mode, policyreports are not being logged, So can please help me, if possible.
@lexiaontubeАй бұрын
thanks!!!
@sirharis7462Ай бұрын
for us visual learners - animations are great but this guys day-to-day objects for visualization is even better ! 🎉 just went through a dozen shorts and decided to comment the support here
@amirshadmani4830Ай бұрын
AMAZING
@user-bb9hf5ud9bАй бұрын
can you please tell me how do i build those ubuntu images and hooks as well
@emiliomiller4040Ай бұрын
What whiteboard are you using? That is so amazing for presentations! Great content!
@joserslealАй бұрын
"across the board" there goes another developer tool into management hawking over the shoulder
@MikhailPolitaevАй бұрын
Awesome, best explanation of aws docs!!! Thanks a lot! How to donate you, man?
@rajgkumar6172Ай бұрын
ECS on outposts vs ECS Anywhere?
@JeremyBouseАй бұрын
When answering the question asked at 39:45 timestamp about authenticating to Vault from multiple kubernetes clusters, I don't think the question was really answered. The answer explained how VSO could point to multiple Vault instances but not how to authenticate to Vault from the multiple kubernetes clusters. Authenticating to Vault from within the same kubernetes cluster is relatively easy with the kubernetes auth engine but not so clear-cut when trying to authenticate using the kubernetes auth engine in Vault deployed in cluster A from cluster B.
@user-rt4io8km5pАй бұрын
I wonder about Hashicorp's future after its acquisition by IBM.
@hlearningkidsАй бұрын
😂❤
@kishorbammidi8619Ай бұрын
Very helpful. thank you so much.
@geliya58662 ай бұрын
Nice demostration!
@Khader-rz5mj2 ай бұрын
In case of cross region replication, is it possible to use same url to pull images either from source or replicated region based on the geo location
@MrKumargopalan2 ай бұрын
what is the difference between a service catalog and the compositions?
@rosscousens62632 ай бұрын
Love this content and the solution blueprints offered, but gosh it is expensive to do all of this with AWS vs manage an equivalent yourself!
@sil0_o2 ай бұрын
While the first example is sort of accurate, the second one leads to confusion.. Containers share the OS kernel while being isolated from it.
@kadhireshgajindren69922 ай бұрын
Will that secret stored again in etcd?
@letscode83202 ай бұрын
keep doing
@neilteng17352 ай бұрын
Why do we need to reserve 1 ip for the node in the ENI? What do we need to do about ?
@Mohamedka51162 ай бұрын
Useful short
@logeshshanmugavel43812 ай бұрын
Genius
@darontan2222 ай бұрын
How can we enable app mesh integration with the new console? The only option I can think of is to use the json editor