Update Ingress policies to enable EKS deployments using Fargate
Problem to solve
It is not currently possible to deploy containers to Fargate pods when using an EKS cluster as the default security policy of Fargate is incompatible with our Ingress installation (GitLab Managed Apps)
Intended users
Developers, operators, devops engineers
Further details
https://aws.amazon.com/blogs/aws/amazon-eks-on-aws-fargate-now-generally-available/
Proposal
Configure our ingress installation with updated policies that allow use of Fargate pods
What does success look like, and how can we measure that?
TBD - would be nice to measure deployments for regular EC2 nodes vs Fargate to gauge popularity
What is the type of buyer?
Logs
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling <unknown> fargate-scheduler Pod not supported on Fargate: invalid SecurityContext fields: AllowPrivilegeEscalation
Links / references
https://github.com/kubernetes/ingress-nginx/issues/4888
https://aws.amazon.com/blogs/opensource/using-pod-security-policies-amazon-eks-clusters/
https://github.com/helm/charts/tree/master/stable/nginx-ingress#configuration
Edited by João Alexandre Cunha