A couple big announcements for Karpenter this week. The first of these is consolidation which can improve the utilization of your compute resources. The second allows you to assign weights/priorities to your provisioners.

AWS Container Announcements

• Center for Internet Security (CIS) Benchmark for Bottlerocket is now available
  • Helps you configure or document any non-compliant configurations
  • The CIS Benchmark for Bottlerocket includes both Level 1 and Level 2 configuration profiles
  • Download the benchmark from the CIS website
• Karpenter adds support for consolidation!
  • See PR #2123
  • Documentation
    • Karpenter works to actively reduce cluster cost by identifying when nodes can be removed as their workloads will run on other nodes in the cluster and when nodes can be replaced with cheaper variants due to a change in the workloads
    • Early customer feedback in the Karpenter Slack channel indicates that cluster improved when consolidation was enabled
• Karpenter adds support for weighted provisioners!
  • Describe a logical ordering for provisioners
  • Set defaults and/or fallback orderings for provisioners
  • See PR #2246 for further information

AWS Container Blogs

• AWS and Kubecost collaborate to deliver cost monitoring for EKS customers
  • According to the latest CNCF survey, a quarter of respondents do not monitor Kubernetes spending and about half use only monthly estimates
  • Customers can track their spend with AWS CUR but often need deeper insights to track Kubernetes resource level costs
  • EKS customers can now deploy an EKS optimized bundle of Kubecost for free and get support for it directly from AWS
  • With Kubecost, you can view costs broken down by Kubernetes resources including pods, nodes, namespaces, labels, and more
• Leveraging CNI custom networking alongside security groups for pods in Amazon EKS
  • This blog walks through how to use CNI custom networking and security groups for pods to provide a scalable, secure architecture for Kubernetes workloads
  • A common example for SGs for pods is limiting access to resources within your VPC such as RDS; see the launch blog post for further information
• Continuous Deployment and GitOps delivery with Amazon EKS Blueprints and ArgoCD
  • This blog shows how to use EKS Blueprint Patterns to:
    • Do Git based delivery for EKS configuration across multiple environments
    • Onboard new applications to the cluster and set permissions for end-users
    • Use ArgoCD for deploying applications

Videos and Webinars

• EKS News: Episode #01
  • Catch the latest news on EKS in this bi-weekly series
• Build developer portals using Backstage with guests from Spotify
• EKS wildcards in fargate profiles (short)
• Kubernetes Dynamic admission controllers (short)
• Kubernetes Master Class - Avoiding configuration drift with Argo CD
• VSCode and Flux: Testing the new (unreleased!) OCI Repository feature
• Cloud Native Rejekts EU 2022 Talks

Ecosystem News

• Overview of AWS EKS Security Best Practices
• How did we upgrade our EKS clusters from 1.15 to 1.22 without K8s knowledge?
• Terraform: Deploying an EKS Cluster
• Writing your own scheduler with kube-scheduler-simulator
• PodSecurityPolicy: The Historical Context
• Spotlight on SIG Storage
• Tracking container restarts and termination events in Kubernetes
• Announcing Linkerd 2.12: Zero-trust route-based policy, Gateway API, access logging, and more!
  • Launch webinar

GitHub Projects

• Packet traffic visualization for Kubernetes

For Fun

• Understanding Kubernetes in a visual way: Learn and discover Kubernetes in sketchnotes (Understanding in a visual way)