iCompaas Support

Profile Applicability:

• Level 1
  

Description:

The EventRateLimit admission control plugin in Kubernetes limits the rate at which events are created to avoid overwhelming the Kubernetes API server. By setting this plugin, you can configure a limit on the number of events that can be generated within a specified time period. This helps to manage resources and prevent excessive logging, especially during high-volume workloads.

Rationale:

Enabling the EventRateLimit plugin helps reduce the potential for event storming, where excessive event generation can put unnecessary load on the Kubernetes API server and adversely affect cluster performance. It ensures that only meaningful events are logged, improving the reliability and scalability of the cluster.

Impact:

Pros:

• Helps prevent the API server from being overwhelmed by excessive events.
  

• Provides better control over event generation, ensuring that resources are used efficiently.
  

Cons:

• If misconfigured, legitimate events could be dropped if they exceed the set rate limit, potentially leading to loss of important event data.
  

Default Value:

Not enabled by default.

Pre-requisites:

• The Kubernetes API server must be properly configured to support admission control plugins.
  

• Appropriate rate limits should be defined to balance event tracking and performance.
  

Test Plan:

Using AWS Console:

1. Sign in to the AWS Management Console.
   

2. Navigate to your EKS Cluster.
   

3. Go to the API server configuration (using kubectl or the management console).
   

4. Check the --enable-admission-plugins flag and verify that EventRateLimit is listed among the enabled plugins.
   

Using AWS CLI:

Run the following AWS CLI command to describe your EKS cluster's API server configuration:

aws eks describe-cluster --name <cluster-name> --query "cluster.config"

1. Ensure that the EventRateLimit plugin is listed under --enable-admission-plugins.
   

Implementation Plan:

Using AWS Console:

1. Navigate to the EKS cluster in the AWS Console.
   

2. Under the Cluster Configuration section, modify the API server's settings to enable the EventRateLimit admission control plugin.
   

3. Set appropriate rate limits for event creation (e.g., events per minute).
   

4. Save the configuration and apply the changes.
   

Using AWS CLI:

To enable the EventRateLimit plugin, update the API server configuration using the following CLI command:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --enable-admission-plugins EventRateLimit

Backout Plan:

Using AWS Console:

1. Navigate to the EKS cluster's API server configuration.
   

2. Remove the EventRateLimit plugin from the list of enabled admission control plugins.
   

3. Save the configuration and redeploy the cluster.
   

Using AWS CLI:

If issues occur, revert the change using:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --disable-admission-plugins EventRateLimit

References:

• Kubernetes Admission Control Documentation
  

• EKS Cluster Management