EKS News 007

I know we mentioned the Dockershim removal effort in upstream Kubernetes last week. As I was working on the EKS 1.22 release blog this week, I wanted to make sure EKS customers were aware of what EKS is doing related to Dockershim. EKS has made containerd available as of version 1.21. You can kick the tires on containerd now by adding the --container-runtime containerd option to your user data. Amazon EKS is removing Dockershim support in version 1.23. Quoting the linked User Guide, “The containerd runtime provides better performance and security, and it’s the runtime we’re standardizing on across Amazon EKS. Fargate and Bottlerocket already use containerd only.” I mention this now because it’s never too early to start planning for this significant change.

This week we’ll talk about UDP traffic on Kubernetes (supertuxcart is involved), running Windows workloads on EKS, and some of the latest nuggets from the greater cloud native ecosystem.

How to route UDP traffic into Kubernetes

  • Together, UDP, Kubernetes, and Network Load Balancers give customers the ability to improve their agility while also meeting their low latency requirements
  • In the AWS Cloud, you can use the AWS Load Balancer Controller to configure a Network Load Balancer to route TCP and UDP traffic from the internet to services running in your cluster
  • The article features a step-by-step guide on building a game server on your local workstation using supertuxkart

Running Windows workloads on a private EKS cluster

  • Customers want to scale Windows workloads on Kubernetes alongside their Linux workloads
  • Blog post provides a step by step guide from enabling Windows support in an EKS cluster to allowing Windows worker nodes to utilize cluster internal networking to creating a Windows node group.
  • If you want to jump right into the codebase there’s an AWS sample repository

Introducing Amazon CloudWatch Container Insights for Amazon EKS Fargate using AWS Distro for OpenTelemetry

  • AWS Distro for OpenTelemetry (ADOT) is a secure, AWS-supported distribution of the OpenTelemetry project
  • Discusses the components in an ADOT Collector pipeline
  • Demonstrates how to configure and deploy an ADOT Collector to collect system metrics for workloads on an EKS Fargate cluster and sending them to CloudWatch

Manage and debug Kubernetes manifests with Monokle by Kubeshop

  • Monokle is an open-source desktop UI for managing Kubernetes manifests
  • It also supports Kustomize and Helm
  • Also comes with some basic examples

Restricting cluster-admin permissions

  • Operators of the cluster are assigned to the cluster-admin ClusterRole (which is conceptually like root on Linux; you can do anything)
  • Giant Swarm had an issue with one of their CLI tools that incorrectly deleted more resources than intended
  • Using Kyverno, they were able to deploy a cluster policy that would block ALL ROLES from performing the specific delete all action that was causing the issue

The Top 5 Kubernetes Configuration Mistakes—And How to Avoid Them

  • Configuration mistakes can lead to all sorts of unwanted things
  • This list is a quick top five Kubernetes misconfigurations according to Komodor
  • Some tactics for mitigating these misconfigurations are provided
  • Don’t forget about Justin Garrison’s wonderful Living with Kubernetes: 12 Commands to Debug Your Workloads

Making Crossplane package authoring easy

  • Crossplane users generally interact with a plaintext YAML file
  • Post dives into what Crossplane is doing with Language Server Protocol
  • Crossplane is now providing a preview of its IDE extension