EKS News 022

This week, we’ll cover the launch of Bare Metal for EKS Anywhere (🐻🎸), 4x increase in control plane scaling/updating, EKS Observability Accelerator, and much more.

Announcing bare metal support for Amazon EKS Anywhere

  • Today, we are excited to announce the general availability of Amazon Elastic Kubernetes Service (Amazon EKS) Anywhere on bare metal which gives customers broader choice of infrastructure for running Kubernetes on-premises
  • Amazon EKS Anywhere on bare metal enables customers to automate all steps from bare metal hardware provisioning to Kubernetes cluster operations using a bundled open source toolset built on the foundation of Tinkerbell and Cluster API
  • Customers can optionally purchase Amazon EKS Anywhere Subscriptions to get 24/7 support from AWS’ highly-trained subject matter experts for Amazon EKS Anywhere cluster components as well as all bundled open source tooling

AWS Fargate for Amazon Elastic Kubernetes Service is now available in the Amazon Web Services China Beijing and Ningxia Regions

  • AWS Fargate for Amazon Elastic Kubernetes Service (EKS) is now available in the Amazon Web Services China Beijing Region, operated by Sinnet, and the Amazon Web Services China Ningxia Region, operated by NWCD
  • Using AWS Fargate serverless compute in your Amazon EKS clusters removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design

Introducing bare metal deployments for Amazon EKS Anywhere

  • At one time, all servers were bare metal servers
  • We are excited to announce the general availability of Amazon EKS Anywhere on bare metal, which gives you a broader choice of deployment options for running Kubernetes on premises
  • You can configure server bootstrapping, cluster size, networking, storage, and software components through a workflow that uses Tinkerbell (a Cloud Native Computing Foundation sandbox project)
  • Once the cluster is provisioned, you can manage the cluster lifecycle using Amazon EKS Anywhere tooling built on the foundation of Cluster API
  • EKS Anywhere docs: https://anywhere.eks.amazonaws.com/docs/

Getting started with Amazon EKS Anywhere on Bare Metal

  • The new bare metal capability is provided in addition to the existing support for EKS Anywhere running on VMware
  • Many customers have asked for the ability to run EKS Anywhere directly on hardware with no virtualization
  • EKS Anywhere is fully open source and free to use
  • It builds on a variety of existing, open-source projects such as, Tinkerbell for provisioning servers, kind for bootstrapping, and Cluster API for Kubernetes lifecycle managemen

Amazon EKS improves control plane scaling and update speed by up to 4x

  • When EKS launched in 2018, it aimed to reduce our customers’ operational burden by offering a managed control plane for Kubernetes
  • However, as usage of EKS grew, we discovered there were customers who occasionally exceeded the provisioned capacity of the cluster
  • Today, the control plane is scaled automatically when certain metrics are exceeded
  • Since introducing control plane auto scaling, we’ve been looking at ways to further improve the scaling experience for our customers
  • With our latest updates, the control plane can now scale in 10 minutes or less, which represents a 4x improvement
  • These updates will be applied to all new and existing clusters automatically, requiring no customer intervention

Leverage AWS secrets stores from EKS Fargate with External Secrets Operator

  • Secrets management is a challenging but critical aspect of running secure and dynamic containerized applications at scale
  • Many customers choose to centralize the management of secrets outside of their Kubernetes clusters by using external secret stores such as AWS Secrets Manager to improve the security, management, and auditability of their secret usage
  • One example of how to accomplish this is by using the AWS Secrets and Configuration Provider (ASCP) for the Kubernetes Secrets Store CSI Driver
  • External Secrets will be deployed to your EKS cluster as a standard Kubernetes deployment, allowing Fargate to be used as your container compute provider
  • Once configured, External Secrets will sync defined secrets from AWS Secrets Manager back to your EKS cluster

Bare Metal for EKS Anywhere

  • Introducing Bare Metal deployments for Amazon EKS Anywhere, in addition to our support for VMware vSphere
  • EKS Anywhere is a free open-source solution to run and operate Kubernetes clusters on your own infrastructure

EKS Observability Accelerator

  • In this episode we’ll discuss the EKS Observability Accelerator, an easy to deploy, open source package that we built to help customers easily setup monitoring for their containerized workloads, running on Amazon EKS

AWS Controllers for Kubernetes (ACK) Explained

  • What is ACK? AWS Controllers for Kubernetes is an open source project designed to let you manage AWS services directly from Kubernetes
  • In this explainer, Sai outlines exactly how ACK works, how developers and operators work with it, and why you may want to consider using ACK for your project

Please Subscribe to Containers from the Couch

How to Secure Your Kubernetes Clusters with Trivy

  • In this blog, we’ll demonstrate how to use Trivy to scan Kubernetes resources and how to deploy it to your Kubernetes cluster
  • Once you’ve deployed your workloads to Kubernetes, you want to set up automated, continual resource scanning of your running workloads.
  • You’d want to use either the Trivy K8s command or the Trivy Operator.

HashiCorp Vault 1.11 Adds Kubernetes Secrets Engine, PKI Updates, and More

  • Vault adds a new Kubernetes secrets engine to dynamically generate credentials
  • After the Kubernetes secrets engine has been configured and a user has authenticated to Vault with sufficient permissions, you can write to the endpoint and Vault will generate a new service account token
  • We now support generating short-lived dynamic service accounts and associate role bindings to specific Kubernetes namespaces