EKS News 020

Kubernetes birthday was this week. Hard to believe this technology is already eight years old. 🎉🎂🥳

In this issue, we’ll look at Delivery Hero using Amazon EKS with EC2 Spot Instances, OpenCost, Karpenter, Argo CD 2.4 breaking changes, 3.6 million exposed MySQL servers, and more.

Amazon EKS now supports DNS resolution of the cluster private endpoint in AWS GovCloud (US) regions

  • You can now resolve the private Kubernetes API server endpoint of your Amazon Elastic Kubernetes Service (EKS) cluster in AWS GovCloud (US) regions
  • This allows you to easily connect to an EKS cluster that is only accessible within a VPC, including when using AWS services such as AWS Direct Connect and VPC peering.

Amazon EKS and Spot Instances in action at Delivery Hero

  • Describes new eksctl features which automatically diversifies spot instances in managed node groups using the amazon-ec2-instance-selector
  • Describes an alternative approach to using Amazon Elastic Compute Cloud (Amazon EC2) Spot managed node groups with Karpenter (Karpenter Workshop)
  • Describes how Delivery Hero is making use of Spot (over-provisioner with cluster-autoscaler’s priority expander)
  • Delivery Hero blog

Get started with Chaos Engineering with Litmus

  • Start practicing Chaos Engineering safely with the open source Litmus project
  • Litmus is a Chaos Engineering platform that enables teams to identify weaknesses & potential outages in infrastructures by inducing chaos tests in a controlled way
  • Get started at https://github.com/litmuschaos/litmus

OpenCost: Open Source Collaboration on Kubernetes Cost Standards

  • “Kubernetes cost management company Kubecost, working with cloud, vendor and user partners, has submitted an open source project for managing Kubernetes costs to the Cloud Native Computing Foundation
  • OpenCost models give teams visibility into current and historical Kubernetes spend and resource allocation. These models provide cost transparency in Kubernetes environments that support multiple applications, teams, departments, etc.”
  • “This project combines a specification as well as a Golang implementation of these detailed requirements.”

Breaking Changes in Argo CD 2.4

  • Argo CD 2.4 removes Helm 2 and Ksonnet support, as these have reached end of life. Editor’s Note: See article for help migrating
  • Update your RBAC to handle Web Terminal
  • As a security enhancement, Argo CD 2.4’s install manifests include a dedicated Service Account for the repository server Deployment.
  • AND MANY MORE things you should read before upgrading to Argo CD 2.4

Zero to GitOps: Terraform and the AWS EKS Blueprints Project

  • Makes use of the new EKS Blueprint: aws-ia/terraform-aws-eks-blueprints
  • Gets you up and running Argo CD
  • “In general, our recommendation is to avoid using Terraform to install software into a Kubernetes cluster, however, this workflow is a very nice compromise, since we can limit Terraform’s goal to simply getting the cluster into a state where Argo CD can take over and manage everything else.”

Enabling AWS IAM Group Access to an EKS Cluster Using RBAC

  • “A deep dive into Amazon’s Elastic Kubernetes Service (EKS) user authentication and authorization using AWS IAM”
  • The time invested in managing our EKS permissions model grew significantly, encouraging us to seek out a comprehensive and sustainable solution to this problem
  • Highlights a few different paths and then the path Grip engineers chose with complete step-by-step guide

Useful utilities and toys over DNS

  • Legit useful command line fun
  • dig detroit.weather @dns.toys
  • Because it’s Friday!