A few weeks have past since we published our last newsletter. Since then, we’ve released a handful of new features, including a new open-source way to do identity and access management called Cedar. This edition also features a couple of interesting case studies from Conde Naste and Sentra.
New AWS services and features
- Amazon Managed Service for Prometheus now available in 4 additional AWS regions
- AMP is now available in Asia Pacific (Mumbai), Asia Pacific (Seoul), South America (Sao Paulo) and Europe (Paris)
- Amazon EMR on EKS launches vertical autoscaling to auto-tune application resources
- EMR on EKS now supports vertical autoscaling, a feature to automatically tune the memory and CPU resources of EMR Spark Applications to adapt to the needs of the provided workload
- Vertical autoscaling uses VPA to track resource utilization for EMR jobs. It specifically configures VPA to track the
container_memory_working_set_bytesmetric for the Spark executor pods that have vertical autoscaling enabled. - The major use-cases of vertical autoscaling is to aggregate usage data across different runs of EMR Spark jobs to derive resource recommendations. For additional information see Improve reliability and reduce costs of your Apache Spark workloads with vertical autoscaling on EMR on EKS
- Amazon EMR on EKS now supports self-hosted notebooks for managed endpoints
- EMR on EKS now lets customers control the notebook execution environment, decide where it runs, and change how to access it
- Introducing Cedar, an open-source language for access control
- With Cedar, you can express fine-grained permissions as easy-to-understand policies enforced in your applications, and decouple access control from your application logic
- It supports RBAC and ABAC and follows a new verification-guided development process to give you high assurance of Cedar’s correctness and security
- For additional information see, How we built Cedar with automated reasoning and differential testing and Using Open Source Cedar to Write and Enforce Custom Authorization Policies
AWS Blogs
- How Condé Nast modernized its container platform on Amazon Elastic Kubernetes Service
- [case study] This post discusses how Condé Nast modernized their container platform with Amazon EKS to support their growth, improved operational efficiency, and developer experience
- How Sentra manages data workflows using Amazon EKS, Dagster, and Karpenter to maximize cost-efficiency with minimal operational overhead
- Start Pods faster by prefetching images
- For shorter pull times, it may be advantageous to pre-cache images onto your worker nodes. This post proposes a design that allows you to pre-pull images on nodes without managing additional infrastructure or Kubernetes resources
- The solution uses AWS Systems Manager State Manager to cache container images on nodes. To keep the cache current, the solution uses an event-driven architecture to update the cache as new images get pushed to the image registry.
- See also Using eStargz to reduce container startup time on Amazon EKS and Dragonfly
- Kubernetes 1.27: updates on speeding up Pod startup
New videos and webinars
- A Case for SPIFFE & SPIRE - Software Identity Management
- Hands on with EKS Observability (2023) | Amazon EKS Workshop
- How To Build A Control Plane To Manage Kubernetes Clusters With kcp?
Community news
- The Global Home for Platform Engineers
- eBPF Observability Tools Are Not Security Tools
- Capturing container packets from EKS worker nodes using tcpdump
- See alsoKubeshark and Inspektor Gadget
- Official CVE Feed
Open source projects
- Cedar Language
- kube-green , An operator to reduce CO2 footprint of your clusters
- KubeStellar , Mutlicluster Configuration Management for Edge, Multi-Cloud, and Hybrid Cloud
- mirrord , A tool that lets developers run local processes in the context of their cloud environment