Welcome to the 50th edition of the EKS newsletter! Thank you for being a subscriber. Our charter from the very beginning has been to provide our readers with the latest news and announcements about Amazon EKS, Kubernetes, and the cloud native ecosystem. This year, we promise to continue giving you timely, useful information.

In this edition, we feature a 3 part series about a GitOps approach to multi-cluster management with Flux, Crossplane, and Git. There are also a couple of blogs about the AWS Gateway API controller for Amazon VPC Lattice. Enjoy!

As part of Kubecon EU, Amazon will be hosting Container Day on April 18th! Topics include cost optimization, monitoring and logging, governance/compliance, and GitOps. Register today.

New AWS services and features

• EMR on EKS now supports Apache Spark with Java 11
  • Customers can now leverage Java 11 as a supported Java runtime to run Spark workloads on Amazon EMR on EKS. Previously, EMR on EKS ran Spark with Java 8 as the default Java runtime.
• AWS Controllers for Kubernetes (ACK) for Amazon MemoryDB is now generally available
  • Customers can provision and manage MemoryDB resources using the ACK service controller .
• Announcing the ACK Controllers for Amazon EventBridge and Pipes
  • Customers can manage EventBridge resources, such as event buses, rules, and pipes, using the Kubernetes API using the controller for EventBridge . EventBridge event buses and pipes enable you to create scalable event-driven applications by routing events between your own applications, third-party SaaS applications, and other AWS services.

AWS Blogs

• Part 1: Multi-Cluster GitOps using Amazon EKS, Flux, and Crossplane
  • Part 1 introduces the high-level architecture of the solution, and the main components of it (Flux, Crossplane, and Git).
• Part 2: Multi-Cluster GitOps — Cluster fleet provisioning and bootstrapping
  • Part 2 dives into the mechanics of how Flux and Crossplane are used for provisioning Amazon EKS clusters and bootstrapping it with the needed tools.
• Part 3: Multi-Cluster GitOps — Application onboarding
  • Part 3 discusses the application onboarding flow and how to use Kubernetes role-based access control (RBAC) and AWS Identity and Access Management (AWS IAM) Roles for Service Accounts (IRSA) to address security and multi-tenancy requirements.
• Behind the Scenes on AWS Contributions to Cloud Native Open Source Projects
  • Highlights several of Amazon’s open source contributions to Kubernetes and the Cloud Native ecosystem and the importance of keeping those projects healthy, growing, and successful.
• Using Open Source Grafana Operator on your Kubernetes cluster to manage Amazon Managed Grafana
  • The grafana-operator is a Kubernetes operator for managing your Grafana instances inside Kubernetes. It enables you to create and manage resources like dashboards and data sources, declaratively between multiple instances in an easy and scalable way.
  • AWS team worked with the grafana-operator team to create a mechanism that allows you to add external Prometheus data sources, such as Amazon Managed Service for Prometheus, and create Grafana dashboards in external Grafana instances, e.g., Amazon Managed Grafana.
  • The blog demonstrates how to use Grafana Operator to add Amazon Managed Service for Prometheus as a data source and create dashboards in Amazon Managed Grafana in a Kubernetes native way.
• Introducing AWS Gateway API controller for Amazon VPC Lattice, an implementation of Kubernetes Gateway API
  • This blog introduces the AWS Gateway API controller , an implementation of the Kubernetes Gateway API. The AWS Gateway API controller extends custom resources, defined by Gateway API, allowing you to create VPC Lattice resources using Kubernetes APIs.
  • The blog demonstrates how to install Gateway API controller and configure a sample Amazon VPC Lattice service network using Gateway class implemented by the controller. It explains the Gateway API resources and their mapping to Amazon VPC Lattice objects and shows how to implement a simple traffic routing pattern between services within EKS cluster.
• Application Networking with Amazon VPC Lattice and Amazon EKS
  • This post describes a use case where a service in one EKS cluster communicates with a service in another cluster and VPC, using VPC Lattice. It shows how service discovery works, with support for using custom domain names for services. It also demonstrates how VPC Lattice enables services in EKS clusters with overlapping CIDRs to communicate with each other without the need for any networking constructs like private NAT Gateways and Transit Gateways.
  • The blog describes how to secure access to EKS services using SSL/TSL as well as VPC Lattice authorization policies.

New videos and webinars

• GuardDuty: EKS Runtime Monitoring

Community news

• Let’s talk about Kubelet authorization
• Access Kubernetes Objects Data From /Proc Directory
• Enforcing Security Best Practices for Amazon EKS using Kyverno
• Building and Securing Containers with Slim.ai
• Build Software Supply Chain Trust with a DevSecOps Platform
• How to monitor Kubernetes controllers
• Use containerd to handle k8s.gcr.io deprecation
• Pod rebalancing and allocations in Kubernetes

GitHub Projects

• kubelog a graphical log viewer for Kubernetes that works with your existing logging infrastructure