https://nahuelhernandez.com/categories/kubernetes/ Recent content in Kubernetes on Nahuel Hernandez Hugo -- gohugo.io en Wed, 22 Apr 2026 00:00:00 +0000 https://nahuelhernandez.com/blog/translating_eks_to_aks_migration/ Wed, 22 Apr 2026 00:00:00 +0000 https://nahuelhernandez.com/blog/translating_eks_to_aks_migration/ There is a comforting table on Microsoft Learn that maps AWS services to Azure services. RDS to Flexible Server. Cognito to Entra ID B2C. SQS to Service Bus. ECR to ACR. S3+CloudFront to Blob+Front Door. The table is correct. It is also misleading, because it implies the migration is a translation problem. It is not. The translation is the easy part. The hard part is the sequence of architectural decisions you have to make once you accept that some services do not translate cleanly, that some Azure equivalents are better, that some are worse, and that doing a literal one-to-one mapping is the most expensive way to ship. https://nahuelhernandez.com/blog/mcp_servers_on_eks_production/ Thu, 19 Feb 2026 00:00:00 +0000 https://nahuelhernandez.com/blog/mcp_servers_on_eks_production/ For most of 2025, MCP servers lived on developer laptops. You connected your editor or your local Claude client to a stdio process, the process held a session, you were the only user. Production was not a concern because there was no production. That changed quickly. By the back half of 2025, internal teams started exposing MCP servers as shared infrastructure. Wrap an internal API, an EKS cluster, a Postgres database, or a SaaS account in MCP, deploy it, point an agent or a fleet of agents at it. https://nahuelhernandez.com/blog/argocd_karpenter_design_eks/ Fri, 14 Nov 2025 00:00:00 +0000 https://nahuelhernandez.com/blog/argocd_karpenter_design_eks/ Most EKS clusters I have audited in the last two years have ArgoCD installed and Karpenter installed. Almost none of them have those two things designed to work together. ArgoCD is set up by the platform team, Karpenter is set up later by the cost-optimization initiative, and the two run side by side without anyone owning the gap between them. That gap is where you get the weird Sunday-night incidents. A new app rolls out, ArgoCD marks it as Healthy, Karpenter is busy consolidating the cluster, and 15% of your replicas end up Pending for 90 seconds. https://nahuelhernandez.com/blog/building_production_ready_eks_cluster/ Thu, 20 Feb 2025 00:00:00 +0000 https://nahuelhernandez.com/blog/building_production_ready_eks_cluster/ In this comprehensive guide, we’ll walk through setting up a production-ready Kubernetes cluster on Amazon EKS (Elastic Kubernetes Service). We’ll explore each component and understand why they’re essential for a robust, scalable, and maintainable infrastructure. Table of contents Introduction Core Components 1. Amazon EKS 2. Karpenter 3. AWS Load Balancer Controller 4. ArgoCD 5. Istio 6. EFS CSI Driver Infrastructure Setup 1. Variables Configuration 2. EKS Cluster Creation 3. Component Installation Component Integration Best Practices Reference Introduction Creating a production-ready Kubernetes cluster requires more than just spinning up a basic EKS cluster. https://nahuelhernandez.com/blog/effortless_eks_monitoring_with_botkube_chatops/ Sat, 24 Feb 2024 00:00:00 +0000 https://nahuelhernandez.com/blog/effortless_eks_monitoring_with_botkube_chatops/ This updated version revisits a blog post I authored two years ago, during which time Botkube has incorporated additional features and undergone changes to its installation process. Also, this post show how to do it with AWS EKS, but is similar for any K8S flavor. BotKube is a messaging bot for monitoring and debugging K8S clusters in real-time. Some features are: Allow us to execute Kubectl commands on our chat clients. https://nahuelhernandez.com/blog/aws_ingress_controller_integration_with_externaldns_and_acm_on_eks/ Sat, 27 Jan 2024 00:00:00 +0000 https://nahuelhernandez.com/blog/aws_ingress_controller_integration_with_externaldns_and_acm_on_eks/ This POC demonstrates the integration of Amazon EKS with the Application Load Balancer (ALB) Ingress Controller. The primary goal is to expose multiple applications through a single ALB efficiently. This setup utilizes ExternalDNS in conjunction with Route53 to dynamically create DNS records using Ingress annotations within Kubernetes. The architecture also includes SSL termination, leveraging the certificates generated and managed by AWS Certificate Manager (ACM). By employing the ALB Ingress Controller, ingress resources, ExternalDNS, and Route53, this setup streamlines the process of exposing services running on EKS clusters while ensuring secure and manageable access to these applications via a unified Application Load Balancer. https://nahuelhernandez.com/blog/chatops_on_eks_using_botkube/ Thu, 08 Sep 2022 00:00:00 +0000 https://nahuelhernandez.com/blog/chatops_on_eks_using_botkube/ BotKube is a messaging bot for monitoring and debugging K8S clusters in real-time. Some features are: Allow us to execute Kubectl commands on our chat clients. By Default uses a ReadOnly Service Account, thus is only possible to execute read commands. Can monitor any K8S resource, including Custom Resources (like certificate expiry or backup failure). Pretty easy to configure, less than 5 minutes. Let us do a quick debug using only our chat client mobile app. https://nahuelhernandez.com/blog/ex180_red_hat_certified_specialist_in_containers_and_kubernetes_exam_tips/ Mon, 29 Aug 2022 00:00:00 +0000 https://nahuelhernandez.com/blog/ex180_red_hat_certified_specialist_in_containers_and_kubernetes_exam_tips/ The EX180 certification is a 2 hours hands-on exam and tests your skills on Containers, Kubernetes and Openshift. The exam is based on Openshift 4, and Redhat 8. Also we need to use Podman instead of Docker. If you use Docker and Kubernetes in your daily, is not a hard exam, you will need to learn some particular aspect of Podman and Openshift such S2Image, Templates, Routes and so on. https://nahuelhernandez.com/blog/eks_with_autoprovisioning_nodes_using_karpenter_and_eksctl/ Mon, 04 Jul 2022 00:00:00 +0000 https://nahuelhernandez.com/blog/eks_with_autoprovisioning_nodes_using_karpenter_and_eksctl/ Note: This post is an updated and reduced version of an old blog post if you want to know more about Karpenter you should check it https://nahuelhernandez.com/blog/karpenter_kubernetes_node_autoscaling/ Requirements: AWS Account Eksctl >= 0.99 AWS cli >= 2.6 Kubectl >= 1.23 Configuring cluster variables: > export CLUSTER_NAME=eks-with-karpenter > export VERSION=1.22 > export REGION=us-east-1 Creating the cluster using Eksctl: > cat <<EOF | eksctl create cluster -f - --- apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: $CLUSTERNAME region: $REGION version: $VERSION tags: karpenter. https://nahuelhernandez.com/blog/karpenter_kubernetes_node_autoscaling/ Mon, 24 Jan 2022 00:00:00 +0000 https://nahuelhernandez.com/blog/karpenter_kubernetes_node_autoscaling/ A Kubernetes node autoscaling solution is a tool that automatically adjusts the size of the Kubernetes cluster based on the demands of our workloads. Because of this, we don’t need to create manually a new Kubernetes Node every time we need it (or delete it). Karpenter automatically provisions new nodes in response to unschedulable pods. It does this by observing events within the Kubernetes cluster, and then sending commands to the underlying cloud provider. https://nahuelhernandez.com/blog/ingress_and_external_dns_with_route53_on_eks/ Mon, 17 Jan 2022 00:00:00 +0000 https://nahuelhernandez.com/blog/ingress_and_external_dns_with_route53_on_eks/ Normally when we expose an application on EKS we use a LoadBalancer service to expose the application, the problem with this is every time we create a new LoadBalancer service, AWS will create a new ELB. Ingress controllers on EKS allow us to use one ELB and configure the application access using Kubernetes resources. By default an ingress controller doesn’t come with EKS, we need to install it. We’ll use nginx-ingress ingress controller to do that. https://nahuelhernandez.com/blog/eksctl_creating_a_k8s_cluster_the_aws_way/ Mon, 10 Jan 2022 00:00:00 +0000 https://nahuelhernandez.com/blog/eksctl_creating_a_k8s_cluster_the_aws_way/ EKSCTL it is written in Go and makes use of CloudFormation under the hood. Also, it allows us to specify a manifest to replicate if we want to, and we can add it to our codebase just as almost any other IAC does. In my opinion, EKSCTL is the easiest and the best way to create EKS clusters. Main Features: Create, get, list and delete clusters Create, drain and delete nodegroups Scale a nodegroup Update a cluster Configure VPC Networking Configure access to API endpoints Spot instances and mixed instances IAM Management and Add-on Policies Write kubeconfig file for a cluster In this tutorial, you learn how to: https://nahuelhernandez.com/blog/cks_kubernetes_security_specialist_certification/ Sun, 12 Dec 2021 00:00:00 +0000 https://nahuelhernandez.com/blog/cks_kubernetes_security_specialist_certification/ Certified Kubernetes Security Specialist The Certified Kubernetes Security Specialist or CKs is a hands-on test and consists of a set of performance-based items (15 problems) to be solved using a command line and is expected to take approximately two (2) hours to complete. The exam for me was the most challenging Kubernetes exam. I recommend studying using the Kim course and KodeKloud, and practicing a lot to be very fast. I finish the exam in the last minute. https://nahuelhernandez.com/blog/cka_kubernetes_administrator_certification/ Wed, 03 Nov 2021 00:00:00 +0000 https://nahuelhernandez.com/blog/cka_kubernetes_administrator_certification/ Certified Kubernetes Administrator The Certified Kubernetes Administrator or CKA is a hands-on test and consists of a set of performance-based items (17 problems) to be solved using a command line and is expected to take approximately two (2) hours to complete. The exam is challenging. However, if you purchased your CKA, two Killer.sh simulator sessions will be already included. The Killer.sh simulator is more complicated than the actual exam. So, after doing the Killer. https://nahuelhernandez.com/blog/deploy_kubernetes_apps_on_raspberrypi4/ Sun, 29 Aug 2021 00:00:00 +0000 https://nahuelhernandez.com/blog/deploy_kubernetes_apps_on_raspberrypi4/ Deploy Kubernetes Apps on Raspberry PI 4 I need to deploy applications to a Self-hosted K8S Cluster. Also, I need to automate the deployments using Jenkins and an own Git server for the applications code using Gitlab CE. I will use 2 Raspberry PI for the solution. On the first Raspberry PI (aka rpi4a) I will install Kubernetes and Docker, and on the second (aka rpi4b), I will install Gitlab and Jenkins. https://nahuelhernandez.com/blog/ckad_kubernetes_application_developer_certification/ Wed, 23 Dec 2020 00:00:00 +0000 https://nahuelhernandez.com/blog/ckad_kubernetes_application_developer_certification/ Kubernetes Application Developer Certification Notes (CKAD) The Certified Kubernetes Application Developer or CKAD is a hands-on test and consists of a set of performance-based items (19 problems) to be solved in a command line and is expected to take approximately two (2) hours to complete. Is a very hard exam, not because of the exercises, is because 19 problems in 2 hours are so little time, you need to be very fast with the exercises and you can’t stop on any exercises for a lot of time, in that case, I recommend you go with the next exercise.