As we dig out of the snow here on the eastern half of the United States, I’m reminded how calming new fallen snow can be. There’s actually a little bit of science behind it. Snow is a porous substance that can absorb noise, if the snowfall or covering is significant. Snow has all sorts of other interesting characteristics like this. You can learn more from the National Snow & Ice Data Center
.
This week we’ll touch on CDK Pipelines, Kubernetes cluster security, and more!
New service announcements and features
- IPAM is a VPC feature that makes it easier for you to plan, track, and monitor IP addresses for your AWS workloads.
- TF support: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam
Introducing AWS Cloud Map MCS Controller for K8s
- The controller adds a Kubernetes-native (MCS ) service discovery capability that works across Kubernetes clusters
- With the Cloud Map MCS Controller, applications can discover and communicate with services deployed across multiple Kubernetes clusters
- Open sourcing the solution will allow the community to adjust it to work with other service registries for on-premises use cases
- Explains how to create a multicluster DNS service name that can be accessed within and across clusters seamlessly for things like automatic failover, and easier Kubernetes upgrades
Containers from the Couch
Kubernetes manifest management with Monokle
- An IDE-like application to help you visualize the relationship between different objects referenced in a k8s manifests, charts, and kustomize files
- Allows you to model changes to these files before applying them to your cluster
- Subscribe to Containers from the Couch
New and notable blogs
Continuous Delivery of Amazon EKS Clusters Using AWS CDK and CDK Pipelines
- Explains how to use CDK Pipelines , a high-level construct library, to create a pipeline to provision and configure EKS clusters and deploy a sample application
- Deploys an application into 2 separate clusters and uses R53 to shift the traffic between them
Ecosystem News
CNCF Archives the OpenTracing Project
- OpenTracing is only the second project to be archived (rkt was the first)
- Archiving OpenTracing was the project’s intention following the merger of OpenTracing & OpenCensus into OpenTelemetry
- You can use OpenTelemetry as an AWS service via AWS Distro for OpenTelemetry
HOUDINI: Hundreds of Offensive and Useful Docker Images for Network Intrusion
- Curated list of Network Security related Docker Images for Network Intrusion purposes (test your defenses thoroughly before going to prod)
- HOUDINI is an idea of Gaetano Perrone and is developed by the same team that created DockerSecurityPlayground , Security Solutions for Innovation (SecSI)
- You can add additional tools: https://github.com/cybersecsi/HOUDINI#add-a-tool
Kubernetes cluster security assessment with kube-bench and kube-hunter
- How to use two powerful tools to assess your Kubernetes clusters’ security posture
- kube-bench is a Go application that checks whether a Kubernetes cluster meets the CIS Kubernetes Benchmark guidelines
- kube-hunter is a Python tool designed to discover vulnerabilities in a Kubernetes cluster
- “Our default is to go with the open-source option, where we can open-source and it makes sense for us to do so where were feel that the broader community might benefit from it,” Singh explained. “When Amazon or Netflix or Meta build something for their own needs, the first question we ask ourselves is should it be open source? Increasingly, we are all saying yes.”
- “A big part of what we’re doing is to make sure that Graviton is available to you on every compute modality,” Singh said. “Every high-level service that gets built on this now has the option of picking Graviton as the underlying compute infrastructure. There’s never been a better time to be a developer, independent of whatever you are trying to build.”