This week we announce the availability of containerd on Windows worker nodes, new AWS Heroes (congrats 🎉), architecture videos, Karpenter best practices, an updated Kubernetes Hardening Guide, and more.

New service announcements and features

Announcing Windows support for containerd runtime on EKS starting with Kubernetes 1.21

• Amazon Elastic Kubernetes Service now supports the containerd container runtime on Windows worker nodes
• Containerd is a lightweight container runtime and CNCF Graduated Project
• Improves security and pod startup latency in addition to freeing up additional CPU and memory for use by applications

New and notable blogs

Get to know the first AWS Heroes of 2022!

• Welcome new AWS Heroes!
• To learn more, read the AWS Heroes page

Reference Architectures

JFrog Artifactory and JFrog Xray with Amazon EKS

• Universal artifact repository manager on AWS managed Kubernetes
• This Quick Start deploys JFrog Artifactory and JFrog Xray with Amazon Elastic Kubernetes Service (Amazon EKS) in the Amazon Web Services (AWS) Cloud

New videos and webinars

amazee.io: Kubernetes Deployments Made Easy

• Amazee.io uses Amazon EKS to deploy the Lagoon platform and makes Kubernetes accessible to their customers
• They leverage Amazon EC2 Spot instances, Amazon Graviton 2 processors and Amazon EBS gp3 volumes to optimize performance and reduce their cost

Airbnb: Securing Multi-Tenant Kubernetes Clusters at Scale

• To lock down the security controls, Airbnb runs Kubernetes on Amazon EC2 and leverages AWS Security Token Service (STS) tokens to inject the IAM role into the cluster
• Airbnb audits what roles that the pods have by using Amazon CloudTrail that feeds into Amazon ElasticSearch for visualizations and insights

Please Subscribe to the AWS YouTube

Containers from the Couch

Short: Kubernetes Persistent Volumes and Persistent Volume Claims

Why Kubernetes? (2022)

• In this lightboard explainer, Sai takes us back to the basics with containers and Kubernetes
• Scheduling, self-healing, auto-scaling, load balancing and more are covered

Short: Difference between a docker container vs Kubernetes pod

Please Subscribe to Containers from the Couch

Ecosystem News

etcd Integrates Continuous Fuzzing

• Ada Logics has worked on integrating continuous fuzzing into the etcd project
• In total, 18 fuzzers were written, and eight bugs were found, demonstrating the work’s value for etcd both short term and long term

Flagger adds Gateway API Support

• The Flagger team is proud to bring you Kubernetes Gateway API support as part of the 1.19.0 release
• In addition to HTTP host/path matching and TLS, Gateway API can express capabilities like HTTP header manipulation, traffic weighting & mirroring, TCP/UDP routing, and other capabilities that were only possible in Ingress through custom annotations
• Gateway API exposes a more general API than Ingress for proxying and you can use it for more protocols than just HTTP (although most implementations support just HTTP for now). It models more infrastructure components to provide better deployment and management options

Announcing automated multi-cluster failover for Kubernetes

• This feature gives Linkerd the ability to automatically redirect all traffic from a failing or inaccessible service to one or more replicas of that service—including replicas on other clusters
• Any redirected traffic maintains all of Linkerd’s guarantees of security, reliability, and transparency to the application, even across clusters boundaries separated by the open Internet
• Implemented as a Kubernetes operator that can be added to an existing Linkerd deployment

Karpenter - EKS Best Practices Guides

• Best practices are divided into sections on Karpenter itself, provisioners, and pod scheduling
• Avoid using custom launch template and custom AMIs with Karpenter
• Many, many more useful practices for Karpenter

Updated: CISA Kubernetes Hardening Guide

• The National Security Agency (NSA) and CISA have updated their joint Cybersecurity Technical Report (CTR): Kubernetes Hardening Guide
• CISA encourages users and administrators to review the updated Kubernetes Hardening Guide—which includes additional detail and explanations—and apply the hardening measures and mitigations to manage associated risks

Using Argo CD with vclusters

• vcluster is an open source project that allows you to create Kubernetes clusters on a host cluster (Kubernetes in Kubernetes)
• Ability to spin up clusters to develop and test out external cluster deployment scenarios with Argo CD