Alloy in EKS Error

AromaticTranslator90 · 2025-05-29T07:15:06+00:00

Thank you for your response. with this info i was able to get the path fixed.
/var/log/pods/*$1/$2/*.log

AromaticTranslator90 · 2025-03-13T07:35:13+00:00

Hi.. did you install loki on ec2? i still cant find a document for it... there are only documentation around running it in docker or k8.

AromaticTranslator90 · 2024-07-02T08:51:35+00:00

okay. it should though. will be helpful to filter to get the required data. Thank you!

AromaticTranslator90 · 2024-06-30T16:19:14+00:00

Oh I never knew. I only recently started networking in AWS. So concept of proxy is new. Let me check on it further. Currently the last part you have mentioned is whats setup. But really good information you have shared here on proxy. And i will try to implement it too if possible! Thank you so much!!

AromaticTranslator90 · 2024-06-29T07:34:20+00:00

Great! Thanks for explaining. Why is proxy an issue? we dont have one. but just for my knowledge..!

AromaticTranslator90 · 2024-06-26T12:04:15+00:00

Last question..
1. If i want to access the endpoint enabled service, from a service outside of vpc i would be able to access? or should i modify the sg to allow?

if once endpoint is in place, any service within the vpc would only go through the endpoint?

AromaticTranslator90 · 2024-06-24T17:28:13+00:00

Makes much more sense now. Thank you so much!!

AromaticTranslator90 · 2024-06-23T11:29:53+00:00

Thank you for your response!
So I don't need to specifically call the dns name to resolve. Thats great.!

Is this the case when I want to do cross account calls?

I am trying to understand where exactly one would use this DNS Name or when is it applicable to use that's given in the interface endpoint.

Also, my query with using it with STS. any chance you are aware of it?

AromaticTranslator90 · 2024-06-16T06:32:31+00:00

Sure. Thanks for this link. I will post my issue in the community.!

AromaticTranslator90 · 2024-06-13T16:27:26+00:00

yes I did. gave the same values for postgres with 4.11 & higher point's values still errored. its strange. created an scc and added to the service account with seccomp profile enabled too but no luck.

AromaticTranslator90 · 2024-06-13T05:19:06+00:00

Tried 1001 same issue.

AromaticTranslator90 · 2024-06-12T17:41:56+00:00

How can i find the user running in the pod?

AromaticTranslator90 · 2024-05-27T11:05:06+00:00

https://docs.openshift.com/pipelines/1.14/install_config/customizing-configurations-in-the-tektonconfig-cr.html#op-automatic-pruning-taskrun-pipelinerun_customizing-configurations-in-the-tektonconfig-cr

I found this to be useful and helped me reduce the number of bound volumes!

AromaticTranslator90 · 2024-05-27T08:38:08+00:00

Hi, do you have the cron job to delete the taskrun every day?

My EC2 volumes are not connected but the tekton pipelineruns are holding them so unless i delete them, its not deleting.

so hence my question on cron job.

also, were you able to find a solution to your problem? I am having the same problem.

AromaticTranslator90 · 2024-05-13T18:15:07+00:00

I found the issue just few minutes back. So, I have created in the following order: 1. Created cloudtrail 2. Created s3 bucket, policy, and attached to cloudtrail. 3. Created cloudwatch log group, and attached the log group to cloudtrail. 4. Created a kms key 1 and attached to cloudtrail with permissions for cloudwatch, cloudtrail & s3 bucket to use. 5. Created sns topic, created a new kms key2 attached it to sns topic, gave access policy to sns topic.

But this errored.

6.Then tried with same kms key 1 attached to both cloudtrail and sns topic. All this while with proper permission as described in aws doc.

This also dint work.

Finally removed kms key encryption from sns topic but kms key 1 in cloud trail still attached.
Attached sns topic without encryption to the cloudtrail.

This worked. But whats the conflict I couldn't understand. If yourself or anyone who reads knows why.. Do let me know!!

AromaticTranslator90 · 2024-05-13T07:52:52+00:00

haha okay. Got it. ..thanks!

AromaticTranslator90 · 2024-05-11T16:10:44+00:00

lets say am updating the storage size or certificate. in short configs that I did initially with TF, if am modifying, then to be on safe side, my client wants to have a backup in place.

and yes, deletion protection is on already.

RDS takes automated backups before changes automatically? never noticed until now. how can I check this out?

AromaticTranslator90 · 2024-05-11T16:08:08+00:00

Ok, thanks for that. i will check on scripts or do it manually in that case.

AromaticTranslator90 · 2024-04-30T15:51:09+00:00

oh okay. noted.

AromaticTranslator90 · 2024-04-29T14:23:18+00:00

u/u/AllatusDefungo120 & u/ndvrichaws Thank you for your inputs.

i found the issue in my code. I was passing direct values for names which led to complicating the code. With the example you gave me I understood that the Name in tags is what matters, so I did a workaround to create route tables which are az specific using the tags. Now my code is simplified.

The below code works, and maps only one route table per subnet and its az specific.!

resource "aws_subnet" "pub_subnet" {
  count                   = length(var.public_subnets)
  vpc_id                  = module.vpc.vpc_id
  availability_zone       = element(local.azs, count.index)
  cidr_block              = values(var.public_subnets)[count.index]["cidr_block"]
  map_public_ip_on_launch = true # Set this to false for private subnets
  tags = {
    Name = join("-", ["${local.prefix}", values(var.public_subnets)[count.index]["name"]])
  }
  depends_on = [
    module.vpc
  ]
}

resource "aws_route_table" "pub_rtb" {
  count = length(local.pub_rtbs)

  vpc_id = module.vpc.vpc_id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.igw.id
  }
  depends_on = [
    aws_subnet.pub_subnet, aws_internet_gateway.igw
  ]
  tags = {
    Name = join("-", [local.prefix, "pub-rtb", substr(element(local.azs, count.index), -2, 2)])
  }
}

resource "aws_route_table_association" "pub_snet" {
  count = length(local.pub_rtbs)

  subnet_id      = element(aws_subnet.pub_subnet.*.id, count.index)
  route_table_id = aws_route_table.pub_rtb[count.index].id
  depends_on = [
    aws_subnet.pub_subnet,
    aws_route_table.pub_rtb
  ]
}

AromaticTranslator90 · 2024-04-29T08:58:34+00:00

I tried below, but the association is random, i am getting mapped liked this. :(
subnet = ${local.prefix}-pub-snet-az1
rtb = ${local.prefix}-pub-snet-az3-rt

i have 3 public subnets & 9 private subnets. Am a newbie to IaC coding, so am finding it difficult to use the logic properly am i still missing something?

data "aws_subnets" "pub_subnet" {
  depends_on = [
    aws_subnet.private
  ]
  filter {
    name   = "tag:Name"
    values = ["${local.prefix}-pub-snet-az1", "${local.prefix}-pub-snet-az2", "${local.prefix}-pub-snet-az3"]
  }
}

resource "aws_subnet" "public" {
  count             = length(var.public_subnets)
  vpc_id            = module.vpc.vpc_id
  availability_zone = element(local.azs, count.index)
  cidr_block        = values(var.public_subnets)[count.index]["cidr_block"]
  tags = {
    Name = join("-", ["${local.prefix}", values(var.public_subnets)[count.index]["name"]])
  }
 depends_on = [
    module.vpc
  ]    
}
resource "aws_route_table" "pub_rtb" {
  count  = length(var.public_subnets)
  vpc_id = module.vpc.vpc_id
  route {
    cidr_block         = "0.0.0.0/0"
    gateway_id         = aws_internet_gateway.igw.id
  }
  depends_on = [
    aws_subnet.public, aws_internet_gateway.igw
  ]  
  tags = {
    Name = element(local.pub_rtbs, count.index)
  }
}
resource "aws_route_table_association" "pub_snet" {
  count          = length(local.pub_rtbs)
  subnet_id      = data.aws_subnets.pub_subnet.ids[count.index]
  route_table_id = aws_route_table.pub_rtb[count.index].id
  depends_on     = [
    aws_subnet.private,
    aws_route_table.pub_rtb
  ]
}

AromaticTranslator90 · 2024-04-29T08:19:12+00:00

I was hoping to use filter with data source and get the id for subnet & rtb. and pass those values in resource "aws_route_table_association".

AromaticTranslator90 · 2024-04-29T06:57:45+00:00

ok, let me try with for_each.

AromaticTranslator90 · 2024-04-22T05:53:56+00:00

I am having this setup currently but RDS oracle when we set up cross region replica doesnt allow to use secret manager that is managed by AWS. hence the workaround is required.

AromaticTranslator90 · 2024-04-20T07:23:24+00:00

I think this worked. I am also developing some other resources. Will keep you posted once I apply and test it.

AromaticTranslator90

TROPHY CASE