EKS News 027

The dog days of summer: Last week the editorial staff for the newsletter was vacation. If you can afford to, we highly recommend taking time away from work to decompress and relax. The big news this week is the release of EKS 1.23!

AWS Container Announcements

• EKS 1.23 is now available
  • Dockershim is still the default in this release
  • The CSIMigrationAWS flag is set to true in this release; if you have PVs, install the EBS CSI driver or the EKS add-on before upgrading to EKS 1.23
  • PSA/PSS moves to beta; if you have PSPs, consider migrating to PSA/PSS or a policy as code solution before PSPs are removed in 1.25
  • Adds support for ephemeral containers for debugging
• Bottlerocket is now available in Amazon Web Services China Regions
  • Bottlerocket is now available in the Beijing and Ningxia regions
  • Join the next Bottlerocket Community Meeting on Wednesday, August 24th at 8:30AM Pacific (US)

AWS Container Blogs

• Running Workload on Amazon EKS in Local Zones with a failover strategy
  • AWS gives you the ability to deploy infrastructure to local zones, including EKS worker nodes
  • Local zones are often used to reduce latency or address data residency requirements
  • Since local zones are single zones, you may need to modify your architecture to achieve high availability
  • This blog describes how to design your infrastructure to be highly available when deploying applications, e.g. Wordpress, onto worker nodes in local zones
• How to containerize legacy code into Red Hat OpenShift on AWS (ROSA)
  • This blog shows how to containerize a COBOL application and run it as a cron job on a ROSA cluster
  • The solution uses GnuCOBOL an open source COBOL compiler for Linux
• Using Amazon EBS snapshots for persistent storage with your Amazon EKS cluster by leveraging add-ons
  • Kubernetes Volume Snapshots lets you create a copy of your EBS volumes at a specific point in time
  • This blog describes how to use the volume snapshots feature to create and attach a volume snaphot to a pod
  • You can use snapshots to migrate from gp2 to gp3 as described in this blog
• Announcing CDK for Terraform on AWS
  • The Cloud Development Kit for Terraform (CDKTF) is a result of a collaboration with Hashicorp that began 2 years ago
  • Built on top of the open source JSII library, CDK for Terraform allows you to write Terraform configurations in your choice of C#, Python, TypeScript, Java, or Go and still benefit from the full ecosystem of Terraform providers and modules
  • You can write your own abstractions to share with your team, or you can browse Construct Hub to discover open source construct libraries for all CDKs
  • Check out this eks demo

Ecosystem News

• Kubernetes Removals and Major Changes In 1.25
• Spotlight on SIG Docs
• GitOps: A Simple Approach to using AWS Secrets Manager with Kubernetes
• Write Your Kubernetes Infrastructure as Go Code — Extend “cdk8s” With Custom Constructs
• Using Karpenter to manage GPU nodes with time-slicing
• How to Handle Kubernetes Health Checks
• Bare Metal K8s Clustering at Chick-fil-A Scale
• Flux adds support for distributing manifests, Kustomize overlays and TF code as OCI artifacts
• Tips for Saving AWS EKS Costs
• Lens 6 Released, Vision for the Future, New Subscription Model and Features Available
  • Continues to be free for people employed by companies with less than 10m in revenue
  • $200 user/year for people employed by comapnies with greater than 10m in revenue
  • Save 50% with the LENS-FOUNDERS-50 coupon code

GitHub Projects

• EKS Multi-cluster GitOps
  • This repo contains the implementation of a multi-cluster GitOps system
  • It shows how to extend GitOps to cover the deployment and the management of cloud infrastructure resources and native Kubernetes resources
  • It also shows how to use GitOps to perform cluster lifecycle management activities
• GoNoGo
  • GoNoGo is a utility to help users determine upgrade confidence around Kubernetes cluster addons
• Secret OPerationS
  • sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP
  • Safely store sensitive configuration like Kubernets secrets in Git by encrypting the value of the specific fields with SOPS

Videos and Webinars

• Why App Modernization Projects Fail: 2022 Research Report
• Multi-Cluster Kubernetes with EKS Anywhere and Istio | Ram Vennam @ solo.io
• Cassandra on 1200 EKS Nodes with DataStax
• Supply Chain Security Best Practices | RedHat OpenShift
• “Making Peace With The Grim Reaper”, Liveness & Readiness Probes Done Right