EKS News 016

In this issue we learn that Kubernetes 1.24 “Stargazer” is out, console supporting all standard Kubernetes resources, some save the dates, ways to write less YAML and so much more.

The schedule for AWS Container Days is out! Give it a look and register if you’d like us to send you calendar invites. See the page for more details

Amazon Managed Service for Prometheus is now available in Europe (London) Region

  • Amazon Managed Service for Prometheus is a fully managed Prometheus-compatible monitoring service that makes it easy to monitor and alarm on operational metrics at scale
  • Amazon Managed Service for Prometheus automatically scales the ingestion, storage, alerting, and querying of operational metrics as workloads grow or shrink, and is integrated with AWS security services to enable fast and secure access to data

Amazon EKS console now supports all standard Kubernetes resources to simplify cluster management

Amazon EKS now available in the AWS Asia Pacific (Jakarta) Region

Save the date: Container Day + KubeCon

Save the date: AWS Containers events in May

Introducing Kubernetes Resource View in Amazon EKS console

  • You will now be able to see all Kubernetes API resource types running in your Amazon EKS cluster using the AWS Management Console for Amazon EKS, making it easier to visualize and troubleshoot your Kubernetes applications using Amazon EKS

Using AWS Load Balancer Controller for blue/green deployment, canary deployment and A/B testing

  • In the past, our customers have commonly used solutions such as Flagger, service mesh, or CI/CD to enable blue/green deployment, A/B testing, and traffic management. The AWS Load Balancer Controller (formerly known as ALB Ingress Controller) enables EKS users to realize blue/green deployments, A/B testing, and canary deployments via the Kubernetes ingress resources with the native support of the AWS Application Load Balancer

Addressing latency and data transfer costs on EKS using Istio

  • Data transfer charges are often overlooked when operating Amazon Elastic Kubernetes Service (Amazon EKS) clusters; understanding these charges would help reduce cost while operating your workload on Amazon EKS at production scale
  • Numerous cost savings measures are detailed in this blog post

Metrics and traces Collection from Amazon ECS using AWS Distro for OpenTelemetry with Dynamic Service Discovery

  • Set up an Amazon ECS cluster on Amazon EC2 or AWS Fargate and enable service discovery by creating service registries in AWS Cloud Map
  • Deploy an instance of ADOT Collector to the cluster. The collector has a metrics pipeline that comprises a Prometheus Receiver and an AWS Prometheus Remote Write Exporter as shown in the figure. This enables it to collect Prometheus metrics from workloads and send them to a workspace in Amazon Managed Service for Prometheus
  • Deploy a sidecar application alongside the ADOT Collector to help discover the services registered in AWS Cloud Map and dynamically update the scrape configurations used by the Prometheus Receiver
  • Deploy application services to the cluster and register them with a service registry in AWS Cloud Map. The current implementation uses a stateless web application that is instrumented with Prometheus Go client library as a representative workload. This application exposes a Counter named http_requests_total and a Histogram named request_duration_milliseconds
  • Optionally, deploy an instance of ECS Exporter alongside the application container in order to expose task-level system metrics in addition to custom application metrics
  • Visualize metrics data using Amazon Managed Grafana
  • Deploy application services instrumented with X-Ray SDK and send trace data to the ADOT Collector instance. The collector has a traces pipeline as shown in the figure which comprises an instance of AWS X-Ray Receiver and AWS X-Ray Exporter which enables it to collect the trace segments and send them to AWS X-Ray

Amazon EKS with IPv6 pod networking

Detector for docker socket

  • Kubernetes 1.24 was released this week thus removing dockershim
  • Use Detector for docker socket (DDS) can detect if active Kubernetes workloads are mounting the Docker Engine socket (docker.sock) as a volume

Kubernetes 1.24: Stargazer

  • This release consists of 46 enhancements: fourteen enhancements have graduated to stable, fifteen enhancements are moving to beta, and thirteen enhancements are entering alpha. Also, two features have been deprecated, and two features have been removed
  • Dockershim Removed from kubelet
  • Beta APIs Off by Default
  • CNI Version-Related Breaking Change
  • Many other noteworthy changes this is a MUST READ to get ahead of some of these changes coming to future versions of EKS

Dockershim deprecated with release of Kubernetes 1.24

  • Kubernetes 1.24 “Stargazer” release lead James Laverack answers question about dockershim’s removal
  • A large team of folks came together to update an enormous number of docs and markdown files throughout the Kubernetes ecosystem for this
  • I’m happy to say Chris Negus and Chris Short from the EKS team had a significant impact on this work along with a number of folks from across the Kubernetes ecosystem

Don’t Write Your Own Kubernetes YAML Generator

  • However in the place of watching OS upgrades has come the endless tedium of writing configuration files
  • Discusses many ways that help you write less YAML

Kubernetes Goat

  • Kubernetes Goat is an interactive Kubernetes security learning playground. It has intentionally vulnerable by design scenarios to showcase the common misconfigurations, real-world vulnerabilities, and security issues in Kubernetes clusters, containers, and cloud native environments
  • Don’t run this in prod and/or publicly expose it as it’s sure to be compromised and no one wants that