In fact, you can check all ASGs your EKS Cluster has in place with the following command, which asks for the regular MinSize, MaxSize, and DesiredCapacity values.
IRSA is based on a Kubernetes Service Account and IAM Role pair. In turn, the Kubernetes Deployment should refer to the Service Account, which has the IAM Role set as an Annotation. Finally, the IAM Role allows the Deployment to access AWS Services, including, in our case, Auto Scaling Group (ASG) services.
Here is an IAM Policy example that allows Roles to access the ASG Services:
aws iam create-policy \
--policy-name AmazonEKSClusterAutoscalerPolicy \
--policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["autoscaling:DescribeAutoScalingGroups","autoscaling:DescribeAutoScalingInstances","autoscaling:DescribeLaunchConfigurations","autoscaling:DescribeScalingActivities","autoscaling:DescribeTags","ec2:DescribeInstanceTypes","ec2:DescribeLaunchTemplateVersions"],"Resource":["*"]},{"Effect":"Allow","Action":["autoscaling:SetDesiredCapacity","autoscaling:TerminateInstanceInAutoScalingGroup","ec2:DescribeImages","ec2:GetInstanceTypesFromInstanceRequirements","eks:DescribeNodegroup"],"Resource":["*"]}]}'
#### Service Account and IAM Role
With the IAM Policy created we can run another `eksctl` command to create both Kubernetes Service Account and IAM Role:
With the existing Load Generator still running (if you don't have it, please start one), you should see a new status for both ASG and the Konnect Data Plane Kubernetes Deployment:
% kubectl top node --selector='eks.amazonaws.com/nodegroup=nodegroup-kong'
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
ip-192-168-11-188.us-west-1.compute.internal 2000m 103% 6641Mi 93%
ip-192-168-53-177.us-west-1.compute.internal 54m 2% 1256Mi 17%
And then, the Pending Pods, after getting scheduled, are finally running:
% kubectl get pod -n kong
NAME READY STATUS RESTARTS AGE
kong-kong-789ffd6f86-bmgh8 1/1 Running 0 15m
kong-kong-789ffd6f86-fcnts 1/1 Running 0 15m
kong-kong-789ffd6f86-k7cnm 1/1 Running 0 16m
kong-kong-789ffd6f86-nsqnn 1/1 Running 0 5m14s
kong-kong-789ffd6f86-sf65t 1/1 Running 0 7m10s
kong-kong-789ffd6f86-tv96x 1/1 Running 0 22m
kong-kong-789ffd6f86-twzd8 1/1 Running 0 16m
## Submit the Konnect Data Plane to an even higher throughput
So, what happens if we submit our Konnect Data Plane Deployment to a longer and higher throughput? For instance, we change the HPA policy like this, allowing up to 20 replicas to run:
In the rapidly evolving landscape of API management, understanding the raw performance and reliability of your API gateway is not just an expectation — it's a necessity. At Kong, we're dedicated to ensuring our users have access to concrete, action
Kong
# Kong Konnect DP Node Autoscaling with Karpenter on Amazon EKS 1.29
In this post, we're going to explore Karpenter, the ultimate solution for Node Autoscaling. Karpenter provides a cost-effective capability to implement your Kong Konnect Data Plane layer using the best EC2 Instances Types options available for your
Claudio Acquaviva
# Kong Konnect Data Plane Elasticity on Amazon EKS 1.29: Pod Autoscaling with VPA
In this series of posts, we will look closely at how Kong Konnect Data Planes can take advantage of Autoscalers running on Amazon Elastic Kubernetes Services (EKS) 1.29 to support the throughput the demands API consumers impose on it at the lowest c
Claudio Acquaviva
# How to Test Gateway APIs Directly from Kong Konnect with Insomnia
What You'll Build
To explore the new integration, I'll build a realistic API platform workflow using Konnect, Kong Gateway, and Insomnia.
By the end of this tutorial, I'll have:
A Konnect Control Plane (KongAir Dev)
A local Kong Gateway Data Pl
Juhi Singh
# Migrating Your Collections and Requests from Postman to Insomnia
Local-first: your data stays with you: Insomnia stores everything on your machine by default. No forced cloud sync, no account needed just to send a request. This is helpful if privacy or working in a regulated environment is a priority for you Fre
Juhi Singh
# Why Your API Gateway Should Be Your Testing Environment
You invested in Kong Konnect. You centralized your API governance, locked down your routing, enforced your security policies, and gave your organization a single source of truth for every API in your estate. That work is done, and it is working. So
Haley Giuliano
# Insomnia 13: Native Kong Konnect Integration for Real-Time API Testing
Have you ever…. Copied an API spec out of Kong Konnect, or where you manage your APIs, pasted it into your API client, and immediately wondered if it’s the latest version? Sent an email to your platform team with the subject line “ which endpoint sh
Haley Giuliano
# Kong Gateway Performance Benchmarks and Open Source Test Suites
In the rapidly evolving landscape of API management, understanding the raw performance and reliability of your API gateway is not just an expectation — it's a necessity. At Kong, we're dedicated to ensuring our users have access to concrete, action
Kong
# Kong Konnect DP Node Autoscaling with Karpenter on Amazon EKS 1.29
In this post, we're going to explore Karpenter, the ultimate solution for Node Autoscaling. Karpenter provides a cost-effective capability to implement your Kong Konnect Data Plane layer using the best EC2 Instances Types options available for your
Claudio Acquaviva
# Kong Konnect Data Plane Elasticity on Amazon EKS 1.29: Pod Autoscaling with VPA
In this series of posts, we will look closely at how Kong Konnect Data Planes can take advantage of Autoscalers running on Amazon Elastic Kubernetes Services (EKS) 1.29 to support the throughput the demands API consumers impose on it at the lowest c
Claudio Acquaviva
# How to Test Gateway APIs Directly from Kong Konnect with Insomnia
What You'll Build
To explore the new integration, I'll build a realistic API platform workflow using Konnect, Kong Gateway, and Insomnia.
By the end of this tutorial, I'll have:
A Konnect Control Plane (KongAir Dev)
A local Kong Gateway Data Pl
Juhi Singh
# Migrating Your Collections and Requests from Postman to Insomnia
Local-first: your data stays with you: Insomnia stores everything on your machine by default. No forced cloud sync, no account needed just to send a request. This is helpful if privacy or working in a regulated environment is a priority for you Fre
Juhi Singh
# Why Your API Gateway Should Be Your Testing Environment
You invested in Kong Konnect. You centralized your API governance, locked down your routing, enforced your security policies, and gave your organization a single source of truth for every API in your estate. That work is done, and it is working. So
Haley Giuliano
# Insomnia 13: Native Kong Konnect Integration for Real-Time API Testing
Have you ever…. Copied an API spec out of Kong Konnect, or where you manage your APIs, pasted it into your API client, and immediately wondered if it’s the latest version? Sent an email to your platform team with the subject line “ which endpoint sh
Haley Giuliano
# Kong Gateway Performance Benchmarks and Open Source Test Suites
In the rapidly evolving landscape of API management, understanding the raw performance and reliability of your API gateway is not just an expectation — it's a necessity. At Kong, we're dedicated to ensuring our users have access to concrete, action
Kong
# Kong Konnect DP Node Autoscaling with Karpenter on Amazon EKS 1.29
In this post, we're going to explore Karpenter, the ultimate solution for Node Autoscaling. Karpenter provides a cost-effective capability to implement your Kong Konnect Data Plane layer using the best EC2 Instances Types options available for your
Claudio Acquaviva
# Kong Konnect Data Plane Elasticity on Amazon EKS 1.29: Pod Autoscaling with VPA
In this series of posts, we will look closely at how Kong Konnect Data Planes can take advantage of Autoscalers running on Amazon Elastic Kubernetes Services (EKS) 1.29 to support the throughput the demands API consumers impose on it at the lowest c
Claudio Acquaviva
# How to Test Gateway APIs Directly from Kong Konnect with Insomnia
What You'll Build
To explore the new integration, I'll build a realistic API platform workflow using Konnect, Kong Gateway, and Insomnia.
By the end of this tutorial, I'll have:
A Konnect Control Plane (KongAir Dev)
A local Kong Gateway Data Pl
Juhi Singh
# Migrating Your Collections and Requests from Postman to Insomnia
Local-first: your data stays with you: Insomnia stores everything on your machine by default. No forced cloud sync, no account needed just to send a request. This is helpful if privacy or working in a regulated environment is a priority for you Fre
Juhi Singh
# Why Your API Gateway Should Be Your Testing Environment
You invested in Kong Konnect. You centralized your API governance, locked down your routing, enforced your security policies, and gave your organization a single source of truth for every API in your estate. That work is done, and it is working. So
Haley Giuliano
# Insomnia 13: Native Kong Konnect Integration for Real-Time API Testing
Have you ever…. Copied an API spec out of Kong Konnect, or where you manage your APIs, pasted it into your API client, and immediately wondered if it’s the latest version? Sent an email to your platform team with the subject line “ which endpoint sh
Haley Giuliano
## Ready to see Kong in action?
Get a personalized walkthrough of Kong's platform tailored to your architecture, use cases, and scale requirements.