EKS News 005

This week we’ll touch on Amazon GuardDuty for EKS, AWS App Runner VPC Support, scaling WordPress on EKS, SIG Multicluster, and more!

Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters

  • Analyzes Kubernetes audit logs from existing and new Amazon EKS clusters in your accounts
  • Includes 27 new GuardDuty finding types
  • Generates a security findings that includes metadata such as pod ID, container image ID, and associated tags
  • Users now have to opt-in to use this feature, and the first 30 days of GuardDuty for EKS Protection are free

AWS App Runner adds support for Amazon VPC!
Dive into App Runner and some of the latest feature releases for the service

Please, subscribe to Containers from the Couch today!

Running WordPress on Amazon EKS with Amazon EFS Intelligent-tiering

  • By far, the most popular CMS platform today is WordPress
  • EFS Intelligent-tiering delivers automatic cost savings for workloads with changing access patterns by placing your file data in the appropriate storage class, at the right time, based on file access patterns
  • Deploying WordPress on Amazon EKS can dramatically improve the scalability and manageability of your CMS
  • Can achieve the goal of creating both a cost-optimized and performance-optimized solution for high-availability WordPress

Argo CD Deals With Our First Zero-Day CVE

Spotlight on SIG Multicluster

  • SIG Multicluster is the SIG focused on how Kubernetes concepts are expanded and used beyond the cluster boundary.
  • In this blog, Jeremy Olmsted-Thompson, Google and Chris Short, AWS discuss the interesting problems SIG Multicluster is solving and how you can get involved.

weaveworks/tf-controller: A GitOps Terraform controller for Kubernetes

  • TF-controller is an experimental controller for Flux to reconcile Terraform resources in the GitOps way
  • “At your own pace” means you don’t need to GitOps-ify everything at once
  • Includes a roadmap; feel free to suggest new items

Traefik Proxy and HTTP/3 on AWS EKS

  • An Ingress Controller is usually exposed through a LoadBalancer Service
  • Walk through how to use a NodePort Service to deploy a Network Load Balancer (NLB) in AWS and allow TCP and UDP on the same port
  • This guide shows one way to configure an Ingress Controller Traefik Proxy with the support of HTTP/3 on an EKS cluster