EKS News 014

Note: There will be no EKS News next week (2022-04-21) due to team meetings. We’ll be back the following week.

This week we’re covering a wide swatch of content. AWS Controllers for Kubernetes for Amazon MemoryDB Preview, an AWS Quick Start for JFrog Artifactory and Xray, SaaS Identity and Routing with Istio, Migrating from Cluster Autoscaler to Karpenter, Containers from the Couch videos, and much more!

Announcing the AWS Controllers for Kubernetes for Amazon MemoryDB Preview

  • AWS Controllers for Kubernetes (ACK) for Amazon MemoryDB enables you to define and use MemoryDB resources directly from your Kubernetes cluster
  • ACK for Amazon MemoryDB is available as a developer preview and is not recommended for production use
  • To get started, you can download the MemoryDB ACK container image from Amazon ECR and install in minutes

JFrog Artifactory and JFrog Xray with Amazon EKS

  • This Quick Start deploys JFrog Artifactory and JFrog Xray with Amazon Elastic Kubernetes Service (Amazon EKS) in the Amazon Web Services (AWS) Cloud
  • For organizations that want to deploy JFrog as their Kubernetes registry without having to install and operate the Kubernetes control plane

SaaS Identity and Routing with Istio Service Mesh and Amazon EKS

  • “In this post, I will develop an architecture based on Amazon EKS that demonstrates a siloed SaaS deployment model, using Istio Service Mesh to manage request authentication and per-tenant routing.”
  • “This post dives deep into identity and routing challenges and how you can use the capabilities of Istio Service Mesh in addressing those challenges.”

Introducing AWS Blueprints for Crossplane

  • Writing your first Composition and debugging can be intimidating
  • To help with this, we have open sourced AWS Blueprints for Crossplane
  • This new project aims to simplify and accelerate your journey to managing AWS resources with Crossplane

Amazon EBS CSI driver is now generally available in Amazon EKS add-ons

  • Currently, storage provider–specific code is kept in the Kubernetes project source code, which is referred to as in-tree (creates complexity)
  • To decouple the lifecycle of storage implementations from the Kubernetes project itself, the Container Storage Interface (CSI) was created
  • Amazon Elastic Kubernetes Service (EKS) support for the Amazon Elastic Block Store (EBS) CSI driver was announced in September 2019 and has gained broad adoption since then
  • The Amazon EBS CSI driver can now be installed, managed, and updated directly through the Amazon EKS console, AWS Command Line Interface (CLI), and Amazon EKS API

Migrating from Cluster Autoscaler

  • Karpenter’s preview documentation shows folks how to switch from the Kubernetes Cluster Autoscaler to Karpenter for automatic node provisioning
  • All the steps you need to make this switch are detailed
  • If you have an pre-prod environment you think might benefit from this setup, consider testing it out and letting us know what you think

Managing Kubernetes Helm charts with reckoner

EKS with Amazon GuardDuty

  • Secure your Amazon EKS clusters with GuardDuty
  • We look at the integrations with EKS and how you can use it to secure your workloads and clusters.

What is a container? (2022)

  • This is the perfect video to watch before learning about Kubernetes!
  • What are containers, why are they used, and what makes them effective for cloud-computing?
  • In this lightboard explainer, Sai Vennam covers a number of advantages, starting with how containers are great for microservices (evolved from SOA, monolithic architectures), a standardized way to package an application (covering OCI, Docker, buildah, containerd, and more), and efficient in sharing resources (compared to VMs).

Please Subscribe to Containers from the Couch

Git security vulnerability announced

  • The Git project released new versions which address a pair of security vulnerabilities
  • CVE-2022-24765: Some configuration variables (such as core.fsmonitor) cause Git to execute arbitrary commands, this can lead to arbitrary command execution when working on a shared machine
  • CVE-2022-24767: This vulnerability affects the Git for Windows uninstaller, any authenticated user can place malicious .dll files in C:\Windows\Temp which are loaded when running the Git for Windows uninstaller when run via the SYSTEM account

Twitter Space: Building with Containers

  • Talked about generic container tooling and AWS container services
  • The benefits of using single container applications with App Runner and Lambda vs. orchestration with ECS and EKS

Awesome Elastic Kubernetes Service (EKS)

  • A curated list for awesome EKS resources Inspired by @sindresorhus’ awesome
  • If you see something that you feel is awesome, submit a PR or reply to this email
  • Pull requests are very welcome

Your GitHub story in 3D

  • Because it’s Friday!
  • You can 3D print it!
  • Suggested method is, “FDM techniques work the best, either as a PLA part on a home printer or binder jetting which is what we use for the steel ones.” (Not being knowledgeable about 3D printing, I have no idea what that sentence means but, it sounds important)