EKS News 037

There will be no newsletter next week on account on KubeCon NA. The next edition of the newsletter will be published on October 31st.

If you’re attending KubeCon in person this year, join AWS at the Open Source After Dark event. Food trucks, carnival/arcade games, a DJ and dance floor, and more surprises await our guests at the historic Eastern Market! Register now and visit the AWS booth to pick up your wristband to be on the fast track into the party.

  • EKS-A adds support for Apache CloudStack
    • The new CloudStack support for EKS-A uses the Cluster API provider for Apache CloudStack (CAPC)
    • As part of this effort, AWS partnered and joined with the Apache CloudStack community
  • EKS-A adds support for RHEL
    • In addition to Bottlerocket and Ubuntu, you can use Red Hat Enterprise Linux (RHEL) with Amazon EKS Anywhere clusters
  • A container-free way to configure Kubernetes using Lambda
    • In this post the author look at an approach to access the Kubernetes API from an AWS Lambda function using bearer tokens which avoids having to build a container image with kubectl and other executables
  • Amazon ECR in multi-account and multi-region architectures
    • Since Amazon ECR is a regional service, you may want to utilize Amazon ECR registries in multiple Regions to be closer to customers, or for disaster recovery scenarios
    • In this post, the authors cover key considerations for Amazon ECR architectures that span across AWS accounts and AWS Regions, and share some architectures related to hypothetical customer use cases
    • Looks two example Amazon ECR architectures showing a simpler, single registry example, and a more complex example from a large, distributed organization
  • Secure Bottlerocket deployments on EKS with KubeArmor
    • KubeArmor, a CNCF sandbox project, uses eBPF, BPF, and Linux security modules (LSMs) to enforce security policies while abstracting away a lot of the complexities of LSMs
    • While Bottlerocket uses SELinux to lock down the host and provides some inter-container isolation, KubeArmor limits system behavior with respect to processes, files, use of network primitives, etc for a defense in depth strategy
  • Introducing the container build lens for the well-architected framework
    • The Container Build Lens outlines the steps for performing an AWS Well-Architected review (WAR) that empowers customers to assess and identify technical risks of their container build processes
    • The AWS Well-Architected Framework is based on six pillars—operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability
    • Customers who use containers to run their workloads and are searching for guidance on how to build secure, efficient, and reliable container images should use this lens