< eo >



In this edition we feature support for Kubernetes 1.28, VPC CNI support for Network Policies and several blogs on components such as etcd, CoreDNS.

New AWS services and features

• Amazon EKS and Amazon EKS Distro now support Kubernetes version 1.28

  • Kubernetes 1.28 expands the support skew between worker nodes and control plane components from n-2 to n-3. This release also includes stable support for recovery from non-graceful node shutdowns and automatic retroactive assignment of a default StorageClass.
  • As of September 26, you can create new 1.28 clusters or upgrade your existing clusters to 1.28 using the Amazon EKS console, the eksctl command line interface, or through an infrastructure-as-code tool.

• Amazon VPC CNI now supports Kubernetes Network Policies

  • With native support for network policy in Amazon VPC CNI, when running Kubernetes on AWS, you can now create policies that isolate sensitive workloads and protect them from unauthorized access.
  • When Kubernetes network policies were first introduced, the default and widely adopted implementation was iptables. Managing a large number of iptables rules can be challenging, and performance issues may arise as the number of rules increase due to the sequential evaluation of rules for each packet.
  • Amazon EKS adopted an advanced approach by implementing network policies using extended Berkeley Packet Filter (eBPF).

• Amazon EKS makes it easier to configure and use Amazon EFS for persistent shared file storage

  • With this launch, Amazon EKS now supports the EFS CSI driver as an EKS add-on, enabling you to install, configure, and update the EFS CSI driver with just a few clicks in the EKS Console, or using the AWS CLI, EKS API, or IAC tools.
  • This capability eliminates the need to manually install and configure the EFS CSI driver using command line tools such as kubectl or helm, and makes it easy to keep your cluster up-to-date with the latest version of this driver

• Amazon EMR on EKS now supports Amazon Linux 2023

  • You can now use AL2023 as the operating system together with Java 17 as Java runtime to run Spark workloads on Amazon EMR on EKS.

AWS blogs

• [Blog] Recent changes to the CoreDNS add-on

  • Amazon Elastic Kubernetes Service (Amazon EKS) add-ons were originally introduced in December 2021. The add-on for CoreDNS was amongst the first add-ons we released because DNS plays such a pivotal role in Kubernetes. In the last few months the “coredns” add-on has undergone major improvements. We added new components like PodDisruptionBudget (PDB), implemented opinionated defaults (e.g., using health plugin for pod health checks) and enhanced the JSON configuration schema to allow customers to customize more parameters of the add-on.

• [Blog] Explore etcd Defragmentation in Amazon EKS

  • Explains about de-fragmentation functionality in etcd, the intricacies of the process and the strategies to minimize its impact on Amazon EKS components.

• [KB Article] How do I prevent configuration conflicts when I create or update my Amazon EKS managed add-ons?

• [Tutorials] Istio on EKS

  • This repository, organized in modules, will guide you step-by-step in setting Istio on EKS and working with the most commonly observed service-mesh use cases.

• [Blog] Amazon EKS now supports Kubernetes version 1.28

  • The Amazon Elastic Kubernetes Service (Amazon EKS) team is pleased to announce support for Kubernetes version 1.28 for Amazon EKS and Amazon EKS Distro. Amazon EKS Anywhere (release 0.18.0) also supports Kubernetes 1.28. The theme for this version was chosen as a play on words that combines plant and Kubernetes to evoke the image of a garden. Hence, the fitting release name, Planternetes. In their official release announcement, the Kubernetes release team said this of the release, “people behind this release come from a wide range of backgrounds.”

• [Blog] How to import existing resources into AWS CDK Stacks

  • Blog post covers how to import existing AWS Resources into an AWS CDK Stack.

• [Blog] Accelerating development with AWS CDK plugin – CfnGuardValidator

  • CfnGuardValidator is an AWS CDK plugin that allows developers to locally validate their AWS CDK code using AWS Control Tower proactive controls or AWS CloudFormation Guard rules before deploying the AWS infrastructure
  • Blog post covers how to integrate the CfnGuardValidator plugin into your existing AWS CDK application and validate it against organizational policies to accelerate your development process.

Community news

• On Amazon EKS and Kyverno

  • Kubernetes admission controllers increase the layered defences we can apply to our Amazon EKS cluster: Kyverno, a CNCF project for Kubernetes native policy management, deploys as a dynamic admission controller that implements validating, generating, and mutating policies to strengthen the “perimeter” of our Kubernetes clusters.

• Kubernetes 1.27 MemoryThrottling Factor

  • Kubelet configuration that controls how much memory a pod can use before it is throttled.

• Local Kubernetes Development Tools

  • Local K8S Development Tools enhance the Kubernetes development experience by connecting locally running components to the Kubernetes cluster.
  • Telepresence, Gefyra, and mirrord are compared in this article.

• Gateway API: Can I replace my Ingress Controller with Cilium?

  • Gateway API is an open source project managed by the SIG-NETWORK community. It is an API (collection of resources) that model service networking in Kubernetes
  • Article dives deep into Gateway API and how it represents an evolution from the Ingress API.

• Network Policies with VPC CNI on Amazon EKS

  • Articles goes over native support for Network Policies to VPC CNI and a demo of the same.

Videos and webinars

• Run Spark on EKS with DoEKS (Data on EKS)

• Building SaaS on AWS - Streamlined provisioning and deployment in SaaS

• CNCF Kubernetes Book Club

Open source projects

• Digma Digma Continuous Feedback (CF) enables developers to uncover code runtime regressions, anomalies and code smells, right from their IDE.

• Copacetic copa is a CLI tool written in Go and based on buildkit that can be used to directly patch container images given the vulnerability scanning results from popular tools like Trivy.

• Logging Operator for Kubernetes The Logging operator solves your logging-related problems in Kubernetes environments by automating the deployment and configuration of a Kubernetes logging pipeline.