Sky Cone

This site is scheduled for a series of major/minor upgrades, including optimizations and architectural revisions. The entire process will be documented, and this post will serve as a comprehensive index. For detailed information, please refer to the respective individual posts.

Release Note of 2024Q1 7^th Upgrade (Feb. 25, 2024)

Re-architecture

[Major update]
- Integrated Kubecost with AWS Managed Prometheus (AMP), moving away from its previously self-contained Prometheus server.

FinOps

- Replaced the AWS-managed collector with a self-managed collector (Prometheus server) for the EKS and AMP integration, resulting in a 87% reduction in costs.
- Changed this Prometheus suite into Agent Mode, resulting in a 88% reduction in costs.
- Decreased Prometheus metric samples by 99%, resulting in a corresponding 99% reduction in costs.
- Reduced one Prometheus server (Pod) for Kubecost, with an 32GiB gp2 EBS volume, resulting in a 52% reduction in costs.

Release Note of 2024Q1 6^th Upgrade (Feb. 17, 2024)

Version upgrades

[Major upgrade]
- Upgraded Kubernetes: v1.28 → v1.29.
- Upgraded Istio: v1.19 → v1.20.
- Upgraded Knative: v1.12 → v1.13.

[Minor upgrade]
- Updated EKS add-ons version to latest.

Security hardening

- Periodically reviewed and narrowed down security rules related to the Kubernetes setup. Refer to Amazon EKS Security Group Setup.
- Enabled GuardDuty EKS runtime monitoring. Refer to Amazon GuardDuty EKS Runtime Monitoring.

FinOps

- Terminated one EC2 instance (t4g.medium). The corresponding RI has expired and the current Savings Plans is sufficient to cover the current EC2 usages.

Re-architecture

[Major update]
- Integrating AWS EKS with with Amazon Managed Service for Prometheus and Amazon Managed Grafana. Refer to Integrate AWS EKS with AMP using Self-managed Collector.

Housekeeping

- Cleaned up security rules related to the Kubernetes setup. Refer to Amazon EKS Security Group Setup.