The newsletter editorial staff was on a summer hiatus for the last few weeks, but now, as the Gene Autry sang long ago, [we’re] “back in the saddle again .” In this latest edition, we’re tried to capture all of the major updates that have occurred since we published our last newsletter on June 9th. As you’ll see, it’s a lot. Given the recent spate of EKS version releases, a lot of folks may be interested in the EKS upgrade workshop and best practices . There are also a couple of interesting AI projects, including AWS Docs GPT (ChatGPT API key not included) and InfraCopilot , an AI assistant that can generate IaC templates, including EKS and Kubernetes. You’ll also find a fair amount of content in this edition on using Kubecost and Karpenter to help monitor and reduce your compute spend. And finally, for those of you who are using EKS Fargate, you can now use the Seekable OCI format to reduce image pull and application start times.

New AWS services and features

• AWS introduces CSI Driver for Amazon FSx for OpenZFS
  • With the FSx for OpenZFS CSI driver, you can dynamically provision and mount an FSx for OpenZFS file system to containers.
  • The CSI driver can be used to mount and share FSx file systems across multiple pods on different nodes.
• Secure Connectivity from Public to Private: Introducing EC2 Instance Connnect Endpoint
  • Tired of running bastion hosts? This is for you.
• AWS Resource Access Manager now supports Customer Managed Permissions for VPC Lattice
  • This allows customers to create fine-grained permissions when sharing Lattice Service Networks and Services using RAM.
• Amazon GuardDuty EKS Runtime Monitoring expands operating systems and processor support
  • The Amazon GuardDuty EKS Runtime Monitoring eBPF security agent now supports EKS workloads that use the Bottlerocket operating system, AWS Graviton processors, and AMD64 processors.
  • The new agent version (1.2.0) introduces performance enhancements, built-in CPU and memory utilization limits , and support for Amazon EKS 1.27 clusters.
• Karpenter now supports Windows containers (announcement)
  • Karpenter now supports Windows containers (blog)
• Amazon EKS increases pod density limits for Windows containers
  • This feature allows you to run up to 16x more Windows pods on a single EKS node, leading to a significant reduction in the cost of running Windows containers on Amazon EKS.
  • Increasing pod density for Windows nodes on Amazon EKS (blog)
• ECR basic scanning now uses version 3 of the Common Vulnerability Scoring System (CVSS) framework
  • Enables customers to get the most recent severity information for vulnerabilities in their ECR container images.
  • Uses CVSS information to determine the severity of a vulnerability when the upstream distribution source does not have this information.
• AWS Fargate enables faster container startup using Seekable OCI (announcement)
  • AWS Fargate Enables Faster Container Startup using Seekable OCI (blog)
  • Speeding up container image launches in AWS Fargate (video)

AWS blogs

• Shift left to secure your container supply chain
• Building better container images
• Application first delivery on Kubernetes with Open Application Model
• Diving into Container Insights cost optimizations for Amazon EKS
• Multi-cluster cost monitoring for Amazon EKS using Kubecost and Amazon Managed Service for Prometheus
• Securing Kubecost access with Amazon Cognito
• Cost monitoring for Amazon EMR on Amazon EKS
• Best Practices for Optimizing Kubernetes Costs on AWS with StormForge and Karpenter
• Fault Injection Simulator
  • AWS Fault Injection Simulator supports chaos engineering experiments on Amazon EKS Pods (blog)
  • Simulating Kubernetes-workload AZ failures with AWS Fault Injection Simulator (blog)
  • EKS Chaos Engineering with AWS Fault Injection Simulator (video)
• Kubernetes Multi-Cluster Service Discovery using the Open Source AWS Cloud Map MCS Controller
• Using Curated Packages and AWS managed Open Source services to observe your On Premises Kubernetes environment
• How eCloudvalley Enables Monitoring and Observability in Amazon EKS with AWS Distro for OpenTelemetry
• Conformitron: Validate third-party software with Amazon EKS and Amazon EKS Anywhere
• How Quora modernized MLOps on Amazon EKS to improve customer experience with scalable ML applications
• MuleSoft Anypoint Runtime Fabric Deployment On Amazon EKS Anywhere
• Simplify Amazon EKS Multi-Cluster Authentication with Open Source Pinniped

Community news

• Weaveworks and AWS Collaborate to Enhance the Official CLI for EKS
  • Weaveworks and AWS Joining Forces to Maintain Open Source eksctl
• Choosing the Right Kubernetes Cluster Approach: Multi-tenancy vs. Multi-cluster
• Kubernetes Project Journey Report | Cloud Native Computing Foundation
• Defending CI/CD environments
• Bolstering Security & Automating Management of Target Australia’s EKS Clusters
• Securing Kubernetes Secrets: Integrating AWS Secrets Manager with EKS
• AWS: EKS, OpenID Connect, and ServiceAccounts
• Scaling CPU Inference on AWS EKS with DeepSparse - Neural Magic
• Monitoring of AWS EKS using AWS Distro for OpenTelemetry (ADOT) and Amazon Managed Service for Prometheus (AMP)
• Deciding Where to Host Your API: AWS Lambda vs. AWS EKS
• InfraCopilot’s upgraded functionalities with Kubernetes

New videos and webinars

• Optimize Kubernetes Cost & Performance with Istio and Service Internal Service
• How to Configure mTLS using SPIRE with Envoy
• Karpenter auto-scaling on EKS: hands-on
• Save $173,000 with Karpenter consolidation
• EKS with IPv6 pods
• Running Dev Containers with DevPod
• GitOps with Amazon EKS Workshop | Flux and ArgoCD
• EKS Security Guide for Containers, Nodes, and Avoiding Misconfigurations
• Kubernetes Disaster Recovery (DR)

GitHub projects and workshops

• Amazon EKS Blueprints for Terraform Update
  • This milestone release addresses shifts from a monolithic structure to a decoupled modular set of components.
  • The introduction of the new v5 structure and modifications brings several advantages, including easier management, increased flexibility, and improved scalability.
• eksdemo: The easy button for learning, testing and demoing EKS
• EKS Upgrades Workshop
• Secure Software Factory on AWS Workshop
• cdk-aws-observability-accelerator
  • A set of opinionated modules to help you set up observability for your AWS environments with AWS Native services and AWS-managed observability services such as Amazon Managed Service for Prometheus, Amazon Managed Grafana, AWS Distro for OpenTelemetry (ADOT) and Amazon CloudWatch.
• AWS Docs GPT