Welcome to the first ever issue of EKS News
! This being the very first issue, please allow me to introduce myself and the folks behind the newsletter. I’m Chris Short, among many things I’m a Kubernetes contributor, fascinated by GitOps, and a Senior Developer Advocate on the EKS team. My team of fellow developer advocates are significant contributors to this newsletter. I have the distinct pleasure of assembling this newsletter for you. This newsletter will evolve based on feedback we receive (hit reply, it comes to me), issues opened on GitHub
, and any other data points we observe.
On to this issue’s news and other interesting things in the broader Kubernetes and Cloud Native ecosystem.
New service announcements and features
- With EMR on EKS, customers can create their own images that include specific packages, libraries, and runtimes that are not available by default, e.g. a specific version of Java
- Validation tool runs an automated suite of tests to validate those images
- Download the custom image validation tool from our GitHub repository
EBS CSI driver now available in EKS add-ons in preview
- Offers a simple experience for attaching persistent storage to an EKS cluster
- The driver can be installed, managed, and updated through the EKS console, AWS CLI and SDKs
- With EKS support for IPv6, pods are assigned only a globally routable IPv6 address, and you easily scale applications in your cluster without consuming limited private IPv4 address space.
- IPv6 support is enabled through the Amazon VPC CNI plugin
- If you’re ready to implement IPv6, please read this blog from Sébastien Stormacq, Amazon Elastic Kubernetes Service Adds IPv6 Networking
- Not dual-stack but we’d love to hear more about how you want to use IPv6
New and notable blogs
Onfido’s Journey to a Multi-Cluster Amazon EKS Architecture
- Had concerns about in-place cluster upgrades and its impact on service availability
- Decided to move to from a single production clusters to a single region, multi-cluster active-active configuration
- Considered KubeFed and a mutli-cluster service mesh, but decided to operate the clusters independently instead (smaller blast radius)
- Used a single ALB with multiple TGs and weighted routing to distribute traffic between clusters
Progressive Delivery using AWS App Mesh and Flagger
- A walk through of a canary style deployment using App Mesh and Flagger
- Canaries help customers release features quickly while decreasing risk
- (delegating the control of a feature to the owner responsible for the outcome)
- Canary deployments allow you to test your changes with real users and compare different versions in parallel
- Flagger uses metrics to determine whether the deployment should continue or be rolled back; it is also responsible for shifting the traffic between the current version of the application and canary
- See also Flagger , Performing canary deployments and metrics-driven rollback with Amazon…
Chaos Engineering with LitmusChaos on Amazon EKS
- Involves injecting failures in a controlled environment using well-planned experiments to help engineers find weaknesses in systems
- Experiments should include: a baseline, a hypothesis, a failure scenario, an analysis of the outcome and its deviation from the hypothesis
- Walks through running an experiment with LitmusChaos, e.g. pod-delete , node-drain , node-cpu-hog , etc.
- See also Chaos engineering on Amazon EKS using AWS Fault Injection Simulator
Advice on mitigating the Apache log4j security issue for EKS, ECS, and Fargate customers
- An overview of the log4j CVE and ways to mitigate it
- Strongly recommend that customers who are running log4j upgrade to v2.16 or high as soon as possible *, JDKs shipped in AL1 and AL2 will automatically install the hotpatch package
- For EKS, see this project on GitHub
Container scanning updates in Amazon ECR private registries using Amazon Inspector
- Offers improved vulnerability management for “cloud native” workloads
- Enhanced scanning provides nearly continues scanning of ECR repositories and scans the OS packages and select language libraries, see https://docs.aws.amazon.com/inspector/latest/user/supported.html for a complete list
- scan configurations
- Whenever Inspector adds a new CVE to its database, all eligible container images are scanned in response
- Scan findings for basic and enhanced scanning is available in Amazon ECR and Inspector
- Findings can be shared with other AWS services like AWS SecurityHub and Amazon EventBridge
- Walk through of how to enable and view findings from enhanced scanning
Best practices for running Spark on Amazon EKS
- Goes through the different best practices related to EKS scheduling and provides an end-to-end Spark application example that implements them
- Use the S3A magic committer for writing to S3
- Build Spark 3.1.2 with Hadoop 3.3.1 if IAM Roles for Service Accounts (IRSA) is required
- Use Pod templates to provide Kubernetes specific configuration for driver and executor pods
- Use NVMe locally attached storage for temporary data
- Use Spark dynamic resource allocation to automatically scale executors
- See also Introduction - EMR Containers Best Practices Guides
- Explains how to use the Zebrium machine learning (ML) platform to automatically find root cause of issues in logs generated by an application deployed onto Amazon EKS
- You can get similar results by instrumenting your microservices and implementing distributed tracing
Collecting data from edge devices using Kubernetes and AWS IoT Greengrass V2
- Shows how to: set up a Kubernetes cluster using k3s on a Raspberry Pi 4; install the AWS Systems Manager Agent (SSM Agent); and deploy AWS IoT Greengrass V2 using standard Kubernetes tools like kubectl
- Ideal for the connected vehicle use case where reliable and durable ingestion and storage of vehicle telemetry data is needed
- Configuration involves running GG core on k3s
New videos and webinars
Karpenter node provisioner for Kubernetes (Containers from the Couch)
Amazon Elastic Container Registry (ECR) pull through cache (Containers from the Couch)
Ecosystem News
Using Admission Controllers to Detect Container Drift at Runtime (Kubernetes Blog)
Top 4 cloud native trends in 2022 shaping the future of business (CNCF Blog)