EKS News 026

AWS Container Announcements

• AWS Fault Injection Simulator now supports ChaosMesh and Litmus experiments
  • Using the new Kubernetes custom resource action for AWS FIS, you can control ChaosMesh and Litmus chaos experiments from within an AWS FIS experiment

AWS Container Blogs

• Using Amazon EBS snapshots for persistent storage with your Amazon EKS cluster by leveraging add-ons

  • A very timely article considering the pending release of EKS 1.23 where installation of the EBS CSI driver will be required
  • The CSI driver includes support for Kubernetes Volume Snapshots which lets you create a copy of your Amazon EBS volume at a specific point in time
  • The snapshotter is a separate component that has to be installed prior to the EKS add-on for the EBS CSI driver
  • Once the snapshotter is installed, you can use a CRD to create an EBS snapshot
  • You can use snapshots to migrate your EBS volumes from gp2 to gp3 as described in this earlier blog

• Using CDK to perform continuous deployments in multi-region Kubernetes environments

  • This post shows you how to create EKS clusters in multiple AWS Regions using CDK and create a continuous deployment pipeline for infrastructure and application changes
  • Kubernetes Multi-Region with CDK Lightboard Video
  • If you prefer a declarative approach to provisioning and managing infrastructure consider these options:
    • Crossplane
    • ACK
    • EKS Blueprints

• Optimize your Spring Boot application for AWS Fargate

  • Shorten the time to bootstrap your container and the application by following these recommendations:
    • Use only the required dependencies
    • Replace Tomcat with Undertow, which is a more lightweight and performant web container
    • Use the standard DynamoDB client instead of the enhanced client
    • Use Amazon Corretto 18 and build your own runtime using jdeps and jlink
    • Add GraalVM with Spring Native, GraalVM is a high-performance distribution of the JDK and transforms bytecode into machine code
    • Use quay.io/quarkus/quarkus-distroless-image as the parent image for x86
  • See also the recent CFTC video on slim.ai

• Amazon Detective Supports Kubernetes Workloads on Amazon EKS for Security Investigations

  • Monitor activities recorded in the EKS audit logs and correlate them to user activity and network traffic happening across your AWS accounts
  • Detective provides a data analysis and a visualization layer that answers common security questions
  • It’s backed by a behavioral graph database that allows you to quickly investigate potential malicious behavior associated with your EKS workloads
  • Free 30-day trial for all customers

Ecosystem News

• Take the CNCF Cloud Native Survey 2022

• Get a free MFA security key

  • Only U.S.-based AWS account root users who have spent more than $100 each month over the past 3 months are eligible to place an order
  • Order the free security key through the ordering portal

• Using Fluent Bit and OpenSearch with Bottlerocket and Kubelet logs

  • Show how to run OpenSearch with the OpenSearch Operator on Kubernetes using Bottlerocket OS
  • Adds the Fluent Bit to collect logs from the nodes of the same Kubernetes cluster and sends them to OpenSearch

• Multi-part blog series on EKS-A

• Gateway API graduates to beta

• What is eBPF

  • Intimidated by eBPF? Try BumbleBee

• Kubernetes Observability in One Command: How to Generate and Store OpenTelemetry Traces Automatically

• Kyverno: The Swiss Army Knife of Kubernetes

GitHub Projects

• Kuberbetes Event Exporter
  • Export your Kubernetes events to different managed services and backends

For Fun

• Turtles all the way down
• Learn and practice Kubernetes security
• Interested in Machine Learning? Try this new course from Amazon Machine Learning University