Late January through early February are a busy time of year at AWS. We use this time to plan for the coming year and reflect on what we accomplished the previous year. At least, that’s the excuse we’re using for not publishing the newsletter for the last couple weeks. The big news this week is the “grand re-opening” of the EKS workshop . For the last several years, we’ve used the EKS workshop to teach folks about EKS by giving them an opportunity to get hands-on with it. As we added content, it got harder to maintain. The new workshop puts greater emphasis on EKS features and includes a testing framework for testing PRs, making it easier for us to merge changes and keep the workshop up-to-date. While we’re excited about it’s prospects, we’d love to get your feedback .

New AWS services and features

• EMR on EKS adds support for job execution retries
  • You can now configure EMR on EKS to retry failed Spark jobs automatically. You can also set maximum retries and view retries in CloudWatch and the through the DescribeJobRun API.
• EKS is now available in Zurich, Spain, and Hyderabad Regions
• Bottlerocket now supports network bonding and VLAN tagging
  • If you are running Bottlerocket on bare metal with EKS Anywhere, you can use network bonding (NIC teaming) to improve network performance and avoid single points of failure. In addition, you can use VLAN tags to logically separate networks using the same network hardware.
• Amazon Detective adds Amazon VPC Flow Logs visualizations for Amazon EKS workloads
  • GuardDuty KAL monitors the Kubernetes audit log for anomalous behaviors and surfaces its findings in the GuardDuty console. These findings can be investigated with Amazon Detective which correlates GuardDuty findings with other data it collects such as VPC flow logs. With this latest update to Detective, you can visualize all network traffic from your EKS workloads (pods) and answer questions like, “were there any large data transfer from my EKS workloads?” (possible data exfiltration) and “what IP were communicating with my workloads.” This type of information can be useful to investigators who are investigating a suspicious finding.

New AWS blogs

• Introducing the Amazon EKS Workshop
  • The EKS workshop has been revamped. The new version puts greater emphasis on EKS features such as managed node groups, Karpenter, the AWS load balancer controller, and so forth. All of the modules use a common sample app for better consistency. The new version also includes a new test framework that will allow the maintainers to keep the workshop up-to-date while reducing bugs and regressions.
  • Get started with the new EKS workshop today!
• Optimizing your Kubernetes compute costs with Karpenter consolidation
  • An overview of Karpenter workload consolidation for improving the efficiency of your compute resources while optimizing your compute spend.
  • Includes a walk through of workload consolidation along with a node visualizer to see the effects of consolidation in realtime.
• EKS Persistent Volumes for Instance Store
  • Local persistent volumes (LPVs) were first introduced to Kubernetes in 1.7. LPVs allow you to mount a local (direct-attached) disk to a pod. They’re often used for application that require consistently high IO. Unlike a hostPath, pods with LPVs will always be scheduled onto same node.
  • The local volume static provisioner is a provisioner for local volumes. It runs on each node in the cluster and monitors specified directories to look for new local file-based volumes. It then statically creates an LPV for each local volume. It also monitors when the PVs have been released, and will clean up the volume, and recreate the PV. Unlike other provisioners, it does not support dynamic provisioning.
  • This blog walks through how to install and configure the local volume static provisioner. It can also be installed through EKS Blueprints
• Validating Amazon EKS optimized Bottlerocket AMI against the CIS Benchmark
  • This blog explains how to configure Bottlerocket, an OS from Amazon that’s optimized for running containers, to be compliant with the CIS benchmark for Bottlerocket and to continuously monitor compliance using a Kubernetes Job.
• Scale from 100 to 10,000 pods on Amazon EKS
  • OLX Autos explains how they scaled from 100 pods to more that 10,000 pods in this blog post.
  • They use an Internal Development Platform (IDP) to provision new environments. Each environment consists of multiple microservices with thousands of pods. While scaling, they encountered several challenges that they ultimately overcame by optimizing their cluster configuration. These optimizations included: lowering the ndots value (CoreDNS), removing CPU limits , implementing NodeLocal DNS , minimizing IP consumption by utilizing the MINIUM and WARM IP and ENI target values , using a diverse set of instances for Spot, using the least-waste expander for cluster-autoscaler, and using pod priority for system critical pods.
• Dynamic Spark Scaling on Amazon EKS with Argo Workflows and Events
  • This post demonstrate how to build and deploy a data processing platform on EKS with Data on EKS Blueprints . The platform includes all the necessary Kubernetes add-ons like Argo Workflows, Argo Events, the Spark Operator for managing Spark jobs, Apache YuniKorn for Batch Scheduling, Fluent Bit for logging, and Prometheus for metrics. It also explains how to build data processing jobs and pipelines using Argo Workflows and Argo Events, and shows how to trigger workflows on-demand by listening to Amazon Simple Queue Service (Amazon SQS).
• How to deploy your Quarkus application to Amazon EKS
  • Quarkus is a framework/stack for building Java based microservices. It offers fast boot times and low memory usage which is important for fast scale out scenarios. It is also developer friendly in that developers don’t need to create YAML files for Kubernetes resources, as those are generated at build time by the Quarkus framework.
  • The blog walks through building, testing, and deploying a Java application using Quarkus. The application makes use of the Kubernetes extension for generating Kubernetes manifests.
• How to rapidly scale your application with ALB on EKS (without losing traffic)
  • This blog describes how to achieve zero-downtime deployments using pre-stop hooks to update the pod’s readiness probe so that pods are promptly deregistered as load balancing targets.
• GitOps-driven, multi-Region deployment and failover using EKS and Route 53 Application Recovery Controller
  • This blog explains how to deploy an application that can survive widespread operational events within an AWS Region by leveraging Route 53 Application Recovery Controller in conjunction with EKS. It uses Flux to keep the application deployments synchronized across multiple geographic locations.
  • Route 53 Application Recovery Controller (ARC) is a set of capabilities built on top of Amazon Route 53 that helps you build applications that require very high availability levels with recovery time objectives (RTO) measured in seconds or minutes and comprises two distinct but complementary capabilities: readiness checks and routing controls. You can use these features together to give you insights into whether your applications and resources are ready for recovery and to help you manage and coordinate failover.
• Journey to adopt Cloud-Native DevOps platform Series #2: Progressive delivery on Amazon EKS with Flagger and Gloo Edge Ingress Controller
  • This post describes the technical steps OfferUp used to build a DevOps platform that supports the progressive delivery of microservices to EKS. Progressive delivery (aka canary style deployments) is where you progressively increase the amount of traffic sent to the new version of your service while continuously observing key metrics (the 4 golden signals) until all of the traffic is eventually routed to the new version.
  • In this blog, OfferUp uses Gloo for ingress and Flagger for progressive deployments.

New videos and webinars

• EKS Workshop: a hands on introduction (2023)
• Windows Workloads on EKS
  • If you can’t get enough of Windows Containers, we encourage you to read Running Windows Containers on AWS by Marcio Morales.
• Optimize AZ traffic with Istio
• Sessions from CloudNative SecurityCon 2023
• Manage Multi-Cloud Resources With Crossplane - Rise Above The Clouds

Community news

• The efficient way to publish multi-arch containers from GitHub Actions
  • Learn how to publish container images for ARM and Intel machines using GitHub actions.
• How Grafana Labs uses and contributes to OpenCost
  • Monitoring spending is more important than ever. Learn how Gitlab is doing it.
• Security gaps in a managed Kubernetes environment
  • How many times have you read a story about the shared responsibility model? Occasionally, the line between your responsibility and the cloud provider’s responsibility is a little fuzzy. This blog examines the model its potential risks. Additionally, it offers a set of best practices for securing your clusters when using a managed Kubernetes service. See also, the EKS best practices guide .
• Werf joins the CNCF sandbox
  • Werf is an Open Source CLI tool for CI/CD which helps you implement efficient and consistent software delivery
• Sharing GPUs in Kubernetes
• On Amazon EKS and Security
  • This blog looks at how AWS-managed security services can help protect Amazon EKS environments and their supporting AWS resources while being specific enough for Kubernetes environments.
• EKS Security Best Practices - Practical Enforcement Guide
  • In this post, Datree goes over the best practices listed in the EKS best practices guide and show you how to make sure you are following those with the help of the open-source project Datree.

GitHub Projects

• Helm Dashboard
• Hands-on Hacking K8s Workshop by Snyk

For Fun

• k8s on a Radioshack Tandy?!