In this week’s newsletter we feature an episode of Containers from the Couch on API Priority and Fairness (APF) . APF is a way to give priority to certain API calls over other, lower priority, calls. The idea is to prevent the Kubernetes API server from becoming overwhelmed and unresponsive. If you have an application that calls the Kubernetes API and it receive a 429 (too many requests) error, it could be an indication that your application has been “throttled”. The remedy might involve updating your application to re-try the request, reducing the number of calls your application makes to the API by implementing a watch, or creating a new “flow” that gives the calls from your application a higher priority.

The other big announcements this week include the launch of security groups for Network Load Balancers and a deploy-to-Kubernetes action for CodeCatalyst!

New AWS services and features

• Network Load Balancer now supports security groups
  • This long awaited feature is now available! You can finally assign security groups to Network Load Balancers. Support for assigning security groups to Network Load Balancers has been added to v2.6.0 of the AWS Load Balancer Controller .
• Amazon CloudWatch announces ML backed Logs Insights pattern query command
  • Easily identify trends and patterns in your logs. The feature uses ML to automatically recognize patterns in your log data and aggregates related logs into grouping which makes it easier to spot trends.
• Amazon CodeCatalyst supports deployments to Elastic Kubernetes Service
  • Tutorial: Deploy an application to Amazon EKS
  • A new deploy-to-Kubernetes action is available for CodeCatalyst. The new action allows you to apply Kubernetes manifests to a cluster.
• Tracing - AWS Observability Accelerator for Terraform
  • AWS Observability Accelerator for Terraform now supports Tracing in addition to Prometheus metrics

AWS blogs

• Using SBOM to find vulnerable container images running on Amazon EKS clusters
  • The focus of this post is on the transparency aspect of software supply chain and how Software Bill of Materials (SBOM) can provide visibility into the software packages that are embedded in your container images, which allow you to quickly and easily determine whether your containerized application is at any potential risk of a newly discovered vulnerability.
  • In this post, the authors present an approach of using SBOM to find container images running in your Amazon EKS cluster that have vulnerable software component inside.
  • Exporting SBOMs with Amazon Inspector

Community news

• Carbon aware spatial shifting of Kubernetes workloads using Karmada
• Exploring OCI Container Registries: Chapter 1: Pull a Public Image from Kubernetes
• Kubernetes Improves Environmental Impact, Even for Small Companies
• THEY DID WHAT!? Auditing a security breach using Enterprise OPA decision logs and AWS Athena
• Dynamic GPU Memory: Solving the Problem of Inefficient Resource Allocation in Inference Servers
  • Dynamic GPU Memory with Run:ai
• Unleashing Chaos. Navigating the Turbulence with Essential Chaos Engineering Tools for Robust and Resilient Systems
• TerminationMessagePolicy: Determine the Reason for Pod Failure
• Kubernetes 1.28 - What’s new?
• Solving the Crossplane Provider CRD Scaling Problem with Provider Families

New videos and webinars

• Kubernetes Priority and Fairness
  • Kubernetes API Priority and Fairness (short)
• The Routing Loop: Automated Network Creation with VPC Lattice and Tags

Open source projects

• GitHub - StyraInc/regal: a linter for Rego
  • v0.7.0 features a new ‘custom’ category of rules for teams and organizations to enforce things like their own naming conventions with just a few lines of configuration
• Preevy : provision preview environments for Docker Compose applications