AL2023 is finally here. Read about it in this week’s edition of the newsletter. An EKS optimized AMI should be available in the coming months.

Attention readers: On Monday, March 20th, traffic from the older k8s.gcr.io registry will be automatically redirected to registry.k8s.io with the eventual goal of sunsetting k8s.gcr.io. If you think you will be impacted by this change, please see k8s.gcr.io Redirect to registry.k8s.io - What You Need to Know under Community News. Please stop using k8s.gcr.io before the April 3rd deadline.

New AWS services and features

• Annoucing Amazon Linux 2023
  • With AL2023, there will be a new major release every 2 years and each major release will be supported for up to 5 years. AL2023 comes bundled with several security features such as running SELinux in permissive mode, IMDSv2 (enabled by defautl), and live patching of the Linux kernel.

New videos and webinars

• How to troubleshoot registry.k8s.io in EKS
• Differences between k8s.gcr.io and registry.k8s.io
• Deploy Third-party Software with Amazon EKS Add-ons ft. Tetrate Istio
• Update images to registry.k8s.io

Community news

• You’ll Soon Be Using Vulnerability Exploitability eXchange (VEX)
  • VEX is a machine readable specification to report vulnerabilities in open source software components and offer ways to remediate them.
• Container security fundamentals part 2: Isolation & namespaces
  • An good explanation about how containers utilize Linux namespaces.
• Oops! The end of Docker Free Teams
  • Docker says this effects less than 2% of their users. The changes do not effect Docker Personal, Pro, Docker Teams, Docker Business accounts, Docker-Sponsored Open Source members, Verified Publishers, or Official Images.
• Kubernetes CPU Requests & Limits VS Autoscaling
• A directory of Kubernetes tools and resources
  • What’s your favorite?
• Cloud-native projects usage stats in 2022 based on CNCF Survey data
• Forensic container analysis
  • Checkpoint running containers and perform a forensic analyze against them
• How to use Kubernetes events for effective alerting and monitoring
  • See also kubernetes-event-exporter

k8s.gcr.io Registry Update

• k8s.gcr.io Redirect to registry.k8s.io - What You Need to Know
• k8s.grc.io Image Registry Will Be Frozen From the 3rd of April 2023
• Find clusters that are referencing images from the old registry with this Krew plugin
• Kyverno and OPA/Gatekeeper policies for detecting images that use k8s.gcr.io
• New Registry url for Kubernetes (registry.k8s.io)