AWS EKS Fargate compatibility
Overview Copied
Amazon Elastic Kubernetes Service (EKS) can run workloads on AWS Fargate, a serverless compute layer where each pod runs in an isolated micro-VM rather than on EC2 worker nodes you manage. In a Fargate-only EKS cluster there are no EC2 nodes; pods are scheduled through Fargate profiles that match namespace and label selectors.
Geneos Gateway, Netprobe, and Collection Agent can be deployed to Fargate-only EKS clusters using the ITRS Helm charts. The deployment model differs from the default EC2-backed EKS setup: you must use StatefulSet mode for Netprobe and API-based Kubernetes monitoring rather than DaemonSet or host filesystem collection.
Note
This behaviour was validated using Helm chart version7.9.0+7.9.0.
For general Helm installation steps, see Installation using Helm. For Kubernetes Collection Agent plugin configuration, see the Kubernetes plugin documentation.
Expected behaviour on Fargate Copied
Gateway Copied
Gateway runs as a standard Kubernetes workload (StatefulSet). On Fargate it behaves the same as on EC2-backed clusters for connectivity, licensing, and setup management.
If you enable persistent storage for Gateway setup or data (persistence.enabled: true), the persistent volume claim (PVC) must use an Amazon EFS-backed StorageClass or static persistent volume (PV).
Important
Do not usegp2orgp3EBS-backed StorageClasses as Fargate pods cannot attach EBS volumes.
Netprobe Copied
Deploy Netprobe with mode: StatefulSet. One Netprobe pod collects Kubernetes metrics and events for the entire cluster through the Kubernetes API.
DaemonSet mode is not supported on Fargate because Fargate does not provide customer-managed worker nodes for DaemonSet scheduling.
Collection Agent Copied
In StatefulSet mode on Fargate, the Collection Agent:
- Collects Kubernetes metrics and events via the Kubernetes API (
KubernetesMetricsCollectorconfiguration). - Collects container logs only when
logs.readModeis set toapi. Filesystem log collection (readMode: filesystem) is not available because Fargate blockshostPathmounts and privileged containers. - Runs the
unprivilegedCollection Agent image when API log mode is used without outbound routing store persistence. - Exposes plugin receivers (OpenTelemetry, Fluentd, StatsD, Prometheus remote write, Prometheus Alertmanager) as ClusterIP Services, not host ports.
Fargate platform restrictions Copied
The following are AWS Fargate platform limits that affect Geneos deployment. They apply to every Fargate-only EKS cluster, not just a specific cluster configuration.
| Restriction | Impact on Geneos |
|---|---|
| No DaemonSets | Netprobe mode: DaemonSet cannot run |
No hostPath volumes |
Filesystem log collection and hostPath persistence cannot run |
| No privileged containers | Filesystem log mode (which requires privileged Pod Security) cannot run |
No hostNetwork or hostPort |
DaemonSet-style plugin receivers bound to node ports cannot run |
| No EBS volumes for pods | Default gp2/gp3 PVCs fail; use EFS for persistence |
| No NUMA / CPU pinning | Leave all numa settings empty in Helm values |
Persistent storage on Fargate Copied
Fargate pods support ephemeral storage (default 20 GiB, configurable up to 175 GiB) and EFS volumes via the EFS CSI driver. EBS volumes are not supported.
Any Geneos feature that writes state to a persistent volume, including API log collection cursors, outbound routing queues, and Gateway setup persistence, requires:
- The EFS CSI driver installed in the cluster
- An EFS file system created in the same VPC as the cluster
- An EFS-backed StorageClass or static PV referenced by
persistence.storageClassName(or the chart default StorageClass set to EFS)
Important
Do not usegp2orgp3EBS-backed StorageClasses for Geneos PVCs on Fargate. PVCs bound to EBS will not attach to Fargate pods and the workload will fail to start.
Netprobe Helm chart compatibility Copied
The following table summarises Netprobe Helm chart settings validated using chart version 7.9.0+7.9.0.
| Feature or setting | Compatibility | Notes |
|---|---|---|
mode: StatefulSet |
Supported | Recommended and required for Fargate-only clusters |
| Kubernetes metrics and events | Supported | Collected via the Kubernetes API |
| Prometheus receivers and scraper | Supported | Inbound receivers and outbound scrapers use Services or outbound HTTP; no host ports. StatefulSet mode only |
| StatsD | Supported | StatefulSet mode via Service |
| OpenTelemetry metrics and traces | Supported | StatefulSet mode via Service (port 4317) |
| Fluentd receiver | Supported | StatefulSet mode via Service (port 24224) |
| Non-privileged pod settings | Supported | Default unprivileged Collection Agent image with API log mode |
API log collection (logs.readMode: api) |
Supported; requires EFS for persistent cursor | Works on Fargate with logs.readMode: api. Set persistence.enabled: true and use an EFS-backed PVC to retain log read position across pod restarts |
| Log pipeline delivery | Supported; requires EFS for persistent delivery | Requires persistence for store-and-forward queues unless using in-memory mode |
Outbound routing (routing.outbound.enabled: true) |
Requires EFS | Requires persistence.enabled: true with an EFS-backed PVC |
mode: DaemonSet |
Not supported | Fargate does not schedule DaemonSets |
Filesystem log collection (logs.readMode: filesystem) |
Not supported | Requires hostPath mounts and privileged containers |
hostPath volumes |
Not supported | Not allowed on Fargate |
| Privileged containers | Not supported | Blocked on Fargate |
hostPort / hostNetwork |
Not supported | Not allowed on Fargate; affects DaemonSet plugin receiver mode |
| NUMA pinning | Not supported | Not applicable on Fargate micro-VMs |
EBS-backed PVCs (gp2, gp3) |
Not supported | Fargate pods cannot use EBS volumes |