In the coming weeks, we may slow the frequency we publish new editions of the newsletter as we transition to a new newsletter platform. The big news this week is the upcoming transition from k8s.grc.io to registry.k8s.io. If you are pulling images from the old registry, be sure to update your configurations by April 3rd!

New AWS services and features

• Amazon EMR on EKS is now available in the AWS GovCloud Regions
• Amazon EKS and Amazon EKS Distro now support Kubernetes version 1.25
  • blog
  • Attention: If you’ve configured AWS Load Balancer Controller to use EndpointSlices, you will need to upgrade the controller to v2.4.7 before upgrading to EKS v1.25. Earlier versions of the controller used the v1beta1 version of the discovery API which was removed from Kubernetes v1.25.
  • PSPs are also removed from EKS v1.25. Before upgrading to EKS v1.25, please review the following resources:
    • Migrate from PodSecurityPolicy to the built-in PodSecurity Admission Controller
    • Implementing Pod Security Standards in Amazon EKS
    • Pod security policy (PSP removal FAQ)
  • If your aws-auth ConfigMap includes a key/value pair where the value starts with macro, i.e. the first character is a curly brace, you need to enclose the value in quotes, <key>:"{{SessionName}}"

New AWS blogs

• Deploying Amazon EKS Windows managed node groups
  • MNGs now support full and core AMI (Amazon Machine Image) family versions of Windows Server 2019 and 2022.
• Using Azure Active Directory to authenticate to Amazon EKS
  • This blog explains how to use Azure AD to authenticate users to Amazon EKS clusters using Amazon EKS OIDC authentication.
• Kubernetes as a platform vs. Kubernetes as an API
  • In this thought experiment, the author goes through different configuration options that demonstrate how you can use Kubernetes as a platform for managing cloud services while also using it to run workloads directly on the cluster. Each option presented offers different types of abstractions that either increase/decrease the amount of complexity. It concludes with a description of a fictional “ECS Controller” that allows you to manage Amazon ECS from the Kubernetes API.
• Announcing General Availability of Amazon EKS Anywhere on Snow
  • EKS Anywhere on Snow, or Snowglobe, automates the creation and management of Kubernetes clusters on AWS Snowball Edge Compute Optimized devices with AWS optimization and support for containerized workloads that need to run at edge locations without a reliable internet connection or self-managed hardware.
  • The blog walks through how to order, then install EKS-A on a Compute Optimized Snowball device.
• Case study: How Neeva Uses Amazon EC2 Spot Instances and Karpenter to Simplify and Optimize Kubernetes Infrastructure

New videos and webinars

• How Amazon VPC CNI for k8s works
• Optimize AZ Traffic with Topology Aware Hints

Community news

• k8s.grc.io Image Registry Will Be Frozen From the 3rd of April 2023
  • Find clusters that are referencing images from the old registry with this Krew plugin
• Two ways to access EKS: Kubernetes RBAC and AWS IAM
• Lessons learned while scaling Kubernetes clusters to 1000 pods in AWS EKS
• Amazon EKS Upgrade Journey from 1.24 to 1.25
• Kubernetes Infrastructure at Medium

GitHub Projects

• KWOK: Kubernetes without Kubelet
• Flux Subsystem for Argo

For Fun

• Help Wanted: Killswitch Engineer
• How IKEA was invented