This week we’ll touch on Amazon GuardDuty for EKS, AWS App Runner VPC Support, scaling WordPress on EKS, SIG Multicluster, and more!

New service announcements and features

Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters

• Analyzes Kubernetes audit logs from existing and new Amazon EKS clusters in your accounts
• Includes 27 new GuardDuty finding types
• Generates a security findings that includes metadata such as pod ID, container image ID, and associated tags
• Users now have to opt-in to use this feature, and the first 30 days of GuardDuty for EKS Protection are free

Containers from the Couch

AWS App Runner adds support for Amazon VPC!
Dive into App Runner and some of the latest feature releases for the service

Please, subscribe to Containers from the Couch today!

New and notable blogs

Running WordPress on Amazon EKS with Amazon EFS Intelligent-tiering

• By far, the most popular CMS platform today is WordPress
• EFS Intelligent-tiering delivers automatic cost savings for workloads with changing access patterns by placing your file data in the appropriate storage class, at the right time, based on file access patterns
• Deploying WordPress on Amazon EKS can dramatically improve the scalability and manageability of your CMS
• Can achieve the goal of creating both a cost-optimized and performance-optimized solution for high-availability WordPress

Ecosystem News

Argo CD Deals With Our First Zero-Day CVE

• Sharing how improved security policies helped the project respond to CVE-2022–24348
• On January 30, 2022, the security team at Apiiro alerted the Argo team immediately via the responsible disclosure outlined in the Argo CD Security policy
• The Argo team released a fix within 48 hours on Feb 3 in concert with the public disclosure of the CVE and posted a security advisory to Argo CD users.

Spotlight on SIG Multicluster

• SIG Multicluster is the SIG focused on how Kubernetes concepts are expanded and used beyond the cluster boundary.
• In this blog, Jeremy Olmsted-Thompson, Google and Chris Short, AWS discuss the interesting problems SIG Multicluster is solving and how you can get involved.

weaveworks/tf-controller: A GitOps Terraform controller for Kubernetes

• TF-controller is an experimental controller for Flux to reconcile Terraform resources in the GitOps way
• “At your own pace” means you don’t need to GitOps-ify everything at once
• Includes a roadmap; feel free to suggest new items

Traefik Proxy and HTTP/3 on AWS EKS

• An Ingress Controller is usually exposed through a LoadBalancer Service
• Walk through how to use a NodePort Service to deploy a Network Load Balancer (NLB) in AWS and allow TCP and UDP on the same port
• This guide shows one way to configure an Ingress Controller Traefik Proxy with the support of HTTP/3 on an EKS cluster