A relatively quiet news week on the EKS front. AWS published 2 interesting blogs. The first is on using promxy to query across multiple instances of Prometheus. The other covers the latest features that have been added to Karpenter. Thanks to AWS Container Hero Lukonde Mwila for writing it! If you don’t have plans this weekend we’ve added lots of ecosystem news in this edition to keep you busy.

New and notable EKS Blogs

• Visualizing metrics across Amazon Managed Service for Prometheus workspaces using Amazon Managed Grafana

  • provides step-by-step instructions for aggregating and visualizing your EKS monitoring metrics using AMP and AMG across multiple Prometheus workspaces using promxy
  • Promxy works similar to database proxies like ProxySQL for MySQL

• Scaling Kubernetes with Karpenter: Advanced Scheduling with Pod Affinity and Volume Topology Awareness

  • A walk through showing how Karpenter now supports for volume aware scheduling and affinity policies

Ecosystem News

• Kong Gateway Enterprise and Amazon EKS Anywhere Bare Metal | Kong Inc.

  • New version targets bare metal deployments with EKS-A
  • Describes an enterprise deployment where the Kong Control Plane runs on an EKS cluster in the cloud while the Kong Data Plane runs on EKS-A clusters on-premises, allowing you to push Kong Services and Routes to EKS-A clusters downstream.
  • Data Planes can make use of Cogito for OIDC based authN and other AWS services.

• Solution Highlight: Capital One

  • Explains why CapitalOne Dragon, a custom built PaaS, went with Cilium for its CNI

• Cilium 1.12 goes GA

• Why Mercedes-Benz runs on 900 Kubernetes clusters | InfoWorld

  • Operating 900+ on-premises clusters
  • “We put a lot of effort into doing things in a way where we are able to manage it. For us, the surrounding systems are working well if we are managing 500 clusters, or 1,000, because everything is automated … If we were to add 500 more clusters, we would have to add just one more engineer.”
  • CAPI and DevOps were essential for running k8s at scale
  • Preparing to start moving more workloads to the public cloud
  • Working on creating a central developer portal with Backstage

• Two reasons Kubernetes is so complex

  • It aims to abstract an entire data center or cloud
  • Everything runs as a control loop which is good for distributed systems but hard to troubleshoot

• Kubernetes at Scale without GitOps Is a Bad Idea – The New Stack

  • Advocates for using GitOps to manage multiple consistently
  • Avoid creating large “pet” clusters, instead create a larger number of smaller clusters
  • Use RBAC templates to apply and enforce permissions
  • Alarm when clusters deviate from their desired configuration

• Using Argo CD and Kustomize for ConfigMap Rollouts

• Now you can use remote lazy-loading snapshotters such as stargz snapshotter with firecracker-containerd

• Kyverno moves to the CNCF Incubator | Cloud Native Computing Foundation

• The future of Kubernetes – and why developers should look beyond Kubernetes in 2022

  • Lots of bold predictions in this blog, including:
    • k8s will gradually fade into the background as the community builds platforms on top of it
    • Developers will transition to OIDC for workload identities from k8s secrets
    • As service meshes mature, they will become the de facto way to create networks across clusters and clouds
    • Deployments will give way to the Knative-like service resources for routing events
    • Developers will build applications that are largely stateless

• K8s Gateway API is here - what’s in it for you?

  • v0.5.0 of the Gateway API is now available
  • Describes of the components of the Gateway API and its goals, including better separation of concerns
  • Better object definitions and fewer vendor specific annotations
  • Gateways are cluster scoped while HTTPRoutes are scoped to a namespace, giving you the ability to do cross namespace routing

• Introduction to Debugging : locally and live on Kubernetes

  • How to do remote debugging of a Pod running on Kubernetes with VSCode

• 8 open source Kubernetes security tools | Red Hat Developer

• Plain Kubernetes Secrets are fine

  • Study the threat model [to secrets] before you dismiss plain Kubernetes secrets

• SCREAMING IN THE CLOUD: Kubernetes and OpenGitOps with Chris Short

  • Podcast on all things AWS Kubernetes and GitOps

Open source projects

• kudobuilder/kuttl: Kubernetes Test TooL (kuttl)
• opcr-io/policy: CLI for building OPA policies into OCI images

CTFC and community videos

• Haseeb Budhani, Rafay & Kevin Coleman, AWS | AWS Summit New York 2022
• Optimize your containers with slim.ai
• AWS Controllers for Kubernetes with MemoryDB
• Kubernetes application probes
• How Kubernetes RBAC works
• Kubernetes Multi-Region with CDK
• KEDA: Kubernetes Event-Driven Autoscaling

For Fun

• Kubernetes Deployment Hierarchy
• Devops with Grandma Sue: What is Kubernetes and why does it matter? : kubernetes
  • This is for everyone who has tried to explain Kubernetes to a layman
• Webb’s First Images