Hello EKS News readers! This week’s newsletter contains a blog about Kubernetes service discovery using AWS Cloud Map MCS controller, Karpenter on TGIK, tracing traffic through Kubernetes, multiple Containers from the Couch episodes, and more.

New and notable blogs

Kubernetes Multi-cluster Service Discovery using the AWS Cloud Map MCS Controller

• MCS services allow you to share and deploy services across multiple clusters.
• Similar to other network centric approaches such as Cilium’s cluster mesh or Linkerd’s mirrored services
• AWS Cloud Map MCS is an implementation of the MCS API , allowing you discover and access services outside a cluster
• 2 primary scenarios: Different services each deployed to separate clusters and Single service deployed to multiple clusters
• The MCS-Controller is responsible for “syncing” services across multiple clusters with Cloud Map serving as the centralized service registry
• The MCS-Controller release version is v0.2.2 with GA expected in H2 CY2022
• Includes a tutorial that walks through how setup a multi-cluster service with MCS

Containers from the Couch

Please Subscribe to Containers from the Couch

Using Kubecost to monitor your Kubernetes and infrastructure spend

• We look at how Kubecost can be used to track your infrastructure spending and save you money!
• kubectl-cost is a kubectl plugin that provides easy CLI access to Kubernetes cost allocation metrics via the kubecost APIs.

Kubernetes Virtual clusters with Loft Labs

• We look at benefits and use cases for Kubernetes virtual clusters using Loft .
• Virtual clusters are completely free at vcluster.com and you’ll (hopefully) soon be able to use EKS distro for virtual clusters via loft-sh/vcluster#320

Ecosystem News

TGI Kubernetes 182: Karpenter

• TGI Kubernetes is a live streaming series that was originally started at Heptio
• This week’s episode is covering Karpenter
• “Karpenter simplifies Kubernetes infrastructure with the right nodes at the right time.”
• Goes live at 4 PM ET/2100 UTC TODAY

10 real-world stories of how we’ve compromised CI/CD pipelines

• “Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum.”
• It’s almost reads like an OWASP Top 10 for CI/CD
• Everything from Jenkins to Docker to Kubernetes to laptops are mentioned, there’s probably something relevant to your environment

Tracing the path of network traffic in Kubernetes

• “TL;DR: In this article, you will learn how packets flow inside and outside a Kubernetes cluster. Starting from the initial web request and down to the container hosting the application.”
• Complete with code samples, kubectl outputs, and graphics
• Deep dive

Some ways DNS can break

• Julia Evans has been deep diving into DNS lately
• This article covers some of the ways you can “stub your toe” on DNS
• Everything from “NXDOMAIN instead of NOERROR” to Java caching to race conditions in Kubernetes

CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

• There has been a sharp increase in malicious activity
• CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats (PDF)
• A two-page checklist of strongly suggested security controls for risk reduction

Because it’s Friday

Remember folks, this used to be what the internet experience was like for several years.