Not long ago, I kicked off some discussions in the OpenGitOps project
around issues EKS customers have been encountering while implementing GitOps. If you’re not aware, “OpenGitOps
is a CNCF sandbox project
to define a vendor-neutral, principle-led meaning of GitOps. This will establish a foundation for interoperability between tools, conformance, and certification through lasting programs, documents, and code.” The three discussions are around Secrets management
, progressive delivery
, and the concept of management clusters
.
I have strong opinions about secret management . Maybe you have strong opinions about progressive delivery? Feel free to take part in any of these conversations. All you need is a GitHub account and your knowledge. Feedback from folks implementing GitOps in their organizations is much appreciated. Feel free to bring your questions too. OpenGitOps is trying to capture use cases as well as best practices to formulate better guidance for GitOps implementations.
This week we’ll discuss using BotKube to stream Kubernetes events to Slack, using Amazon RDS in Amazon EKS with AWS Controllers for Kubernetes (ACK), the recently updated Kubernetes Hardening Guide, and more!
New and notable blogs
Streaming Kubernetes Events in Slack
- This post describes how you can send events from your Kubernetes cluster to a Slack channel using BotKube , a messaging bot for monitoring and debugging Kubernetes clusters
- BotKube watches Kubernetes events and forwards them to Slack, Microsoft Teams, and MatterMost
- Goes through cluster creation, bot configuration, and Slack setup
Deploy Amazon RDS databases for applications in Kubernetes
- You can get a flexible application deployment environment with ease of database administration by combining Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Relational Database Service (Amazon RDS)
- AWS Controllers for Kubernetes (ACK) provides an interface for using other AWS services directly from Kubernetes
- In this post, we walk you through deploying Jira, a project management tool, into a Kubernetes cluster provided by Amazon EKS. We use Amazon RDS for PostgreSQL as the database system for Jira
MYCOM OSI’s Amazon EKS adoption journey
- The Assurance Cloud Service provides critical end-to-end performance, fault and service quality management, and supports AI/ML-driven closed-loop assurance for hybrid, physical, and virtualized networks, across all domains, within a SaaS model
- Assurance Cloud Service SaaS platform and bring-your-own-cloud (BYOC) option by implementing support for Amazon Elastic Kubernetes Service (Amazon EKS) as the foundational service where their software run
- In just a few months, using a small but effective task force team, we were able to build application support for EKS, innovate on behalf of our customers, and create platform choice and optionality
Events
AWS Community Day Turkey 2022 Hybrid
- AWS Community Day Turkey 2022 coming on March 26th
- Community-led conference for AWS users; learn from hands-on practitioners like yourself
- AWS Kubernetes developer advocate, Justin Garrison , will be doing a talk on “Kubernetes workload native scaling with Karpenter”
- Learn more about Karpenter: https://karpenter.sh
KubeCon EU 2022 Schedule Released
- More cloud native content than you could imagine
- Two Day 0s again to accommodate the number of cloud native communities gathering prior to KubeCon
New videos and webinars
Integrate Fluent Bit into CloudWatch Container Insights for Amazon EKS
- In this video, you’ll see how to integrate Fluent Bit into CloudWatch Container Insights for Amazon Elastic Kubernetes Service (Amazon EKS)
- With this lightweight solution, you can efficiently stream Amazon EKS logs into CloudWatch Logs, reduce your log delivery resource footprint, and track your log stream to prevent bottlenecks and delivery errors
Please Subscribe to the AWS YouTube
Containers from the Couch
Short: How does dynamic storage provisioning work in Kubernetes
Kubernetes policy with Kyverno
- We look at what you can do to enforce your policy as code with Kyverno
- We show how you can create policy to enforce whatever workload and Kubernetes object restrictions you need for your environment
Short: How does dynamic storage provisioning work in Kubernetes
Please Subscribe to Containers from the Couch
Ecosystem News
Kubernetes PVC Guide: Tutorials & Troubleshooting Tips
- Go from zero to ready to go storage in your Kubernetes clusters
- Many troubleshooting tips included
Kubernetes and containerization trends (according to the reports of 2021)
- We compared the results with the other relevant studies of the last year to complement Datadog statistics and see whether their results reflect the general market trend for Kubernetes
- A meta report of sorts that cross references data from several reports from 2021 about containers and Kubernetes
containerdhas seen 2X growth in the past year; Amazon EKS is ending support for Dockershim in version 1.23
NSA & CISA Kubernetes Hardening Guide Version 1.1
- In March 2022, NSA & CISA has issued a new version of the Kubernetes Hardening Guide – version 1.1
- Kubernetes has become a very popular target and therefore requires continuous enhancement of the protection measures
- The approach that NSA & CISA became popular and is used by many because it inspires readers to understand the root cause of each recommendation, why it is essential, and how malicious actors may utilize it
- Secrets Store CSI Driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a Container Storage Interface (CSI) volume
- The Secrets Store CSI Driver secrets-store.csi.k8s.io allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume
- AWS Secrets Manager and Config Provider for Secret Store CSI Driver is a provider for the Secrets Store CSI Driver in Amazon EKS