This week’s newsletter features an important network related announcement. After several years of anticipation, the NLB finally supports AWS Security Groups
! For those who are using Global Accelerator
(GA) to route traffic between a service deployed in different AWS regions, you can now configure GA to preserve the IP address of the client. We’ve also updated ADOT
to enrich metrics and traces with Kubernetes metadata and Finch
now support SOCI
. If you’re interested in learning how you can verify the authenticity of container images, there’s also video
on container image signing and validation with AWS Signer and OPA/Gatekeeper/Ratify
.
New AWS services and features
- EKS supports Amazon EC2 M7i Instances
- These new general purpose instances boast having the best performance among comparable Intel processors in the cloud
- M7i-flex instances efficiently use compute resources with the ability to scale up to full compute performance a majority of the time
- Kubernetes Metadata Enrichment now available in AWS Distro for OpenTelemetry
- Configure the Kubernetes attributes processor in the pipeline to enrich the telemetry signals with Kubernetes-specific metadata.
- At analysis time, use this metadata to enable the filtering of traces and metrics from Kubernetes workloads
AWS blogs
- Network Load Balancers now support Security groups
- The long awaited feature is here. You can finally assign Security Groups to a Network Load Balancer (NLB)!
- The AWS Load Balancer Controller has been updated (v2.6.0) to support this functionality; The controller can be configured to automatically create and assign Security Groups for the frontend (LB) based on your application’s exposed ports/protocols or you can manually assign an existing Security Groups to the NLB using the
aws-load-balancer-security-groupsannotation.
- Measure cluster performance impact of Amazon GuardDuty EKS Agent
- This blog provides an overview of the GuardDuty Runtime Monitoring agent, how to measure its performance impact on the cluster’s worker nodes, and how to interpret GuardDuty findings.
- Serve distinct domains with TLS powered by ACM on Amazon EKS
- This tutorial shows how a single ALB can be configured to securely serve multiple websites using host based routing and Server Name Indication (SNI).
- Configuring client IP address preservation with a Network Load Balancer in AWS Global Accelerator
- This feature allows you to maintain the source IP address of the original client for packets that arrive at Network Load Balancers configured as Global Accelerator endpoints.
- This blog discusses use cases and benefits for using Global Accelerator client IP address preservation, reviews best practices and requirements for setting up this feature with Network Load Balancer endpoints, and shares examples of test scenarios.
Community news
- Cloud Native Computing Foundation Announces Graduation of Kubernetes Autoscaler KEDA
- Kubernetes the Right Way: Observability With OpenTelemetry Collector
- Observability at the Edge: How Chick-fil-A provides observability for 2,800+ k8s clusters
- EKS node autoscaling with large container images and a warm pool: A tragedy in 3 parts
- Announcing the Kubernetes Operator for Dragonfly
- Running a database on kubernetes
- The Kubernetes 1.28 release interview
- For those who miss Craig Box as the host of the Kubernetes Podcast, Craig has started his own podcast. In this episode he speaks to Grace Nguyen, the release team lead for Kubernetes 1.28 and houseplant aficionado
- Prometheus metrics at 37signals
- Architecting Kubernetes clusters — choosing a worker node size
New videos and webinars
- Container Image Signing with AWS Signer and Amazon EKS
- Kubernetes Observability Accelerated! Grafana, Prometheus, CloudWatch, CDK and Terraform
- Komoplane - UI for Crossplane - YouTube
- Amazon GuardDuty EKS Protection Overview & Demo
- Kubernetes Roadmap - Complete Step-by-Step Learning Path