< eo >
In this edition we feature support for Kubernetes 1.28, VPC CNI support for Network Policies and several blogs on components such as etcd, CoreDNS.
New AWS services and features
- Kubernetes 1.28 expands the support skew between worker nodes and control plane components from n-2 to n-3. This release also includes stable support for recovery from non-graceful node shutdowns and automatic retroactive assignment of a default StorageClass.
- As of September 26, you can create new 1.28 clusters or upgrade your existing clusters to 1.28 using the Amazon EKS console, the eksctl command line interface, or through an infrastructure-as-code tool.
- With native support for network policy in Amazon VPC CNI, when running Kubernetes on AWS, you can now create policies that isolate sensitive workloads and protect them from unauthorized access.
- When Kubernetes network policies were first introduced, the default and widely adopted implementation was iptables. Managing a large number of iptables rules can be challenging, and performance issues may arise as the number of rules increase due to the sequential evaluation of rules for each packet.
- Amazon EKS adopted an advanced approach by implementing network policies using extended Berkeley Packet Filter (eBPF).
- With this launch, Amazon EKS now supports the EFS CSI driver as an EKS add-on, enabling you to install, configure, and update the EFS CSI driver with just a few clicks in the EKS Console, or using the AWS CLI, EKS API, or IAC tools.
- This capability eliminates the need to manually install and configure the EFS CSI driver using command line tools such as kubectl or helm, and makes it easy to keep your cluster up-to-date with the latest version of this driver
- You can now use AL2023 as the operating system together with Java 17 as Java runtime to run Spark workloads on Amazon EMR on EKS.
- Amazon Elastic Kubernetes Service (Amazon EKS) add-ons were originally introduced in December 2021. The add-on for CoreDNS was amongst the first add-ons we released because DNS plays such a pivotal role in Kubernetes. In the last few months the “coredns” add-on has undergone major improvements. We added new components like PodDisruptionBudget (PDB), implemented opinionated defaults (e.g., using health plugin for pod health checks) and enhanced the JSON configuration schema to allow customers to customize more parameters of the add-on.
- Explains about de-fragmentation functionality in etcd, the intricacies of the process and the strategies to minimize its impact on Amazon EKS components.
[Tutorials] Istio on EKS
- This repository, organized in modules, will guide you step-by-step in setting Istio on EKS and working with the most commonly observed service-mesh use cases.
- The Amazon Elastic Kubernetes Service (Amazon EKS) team is pleased to announce support for Kubernetes version 1.28 for Amazon EKS and Amazon EKS Distro. Amazon EKS Anywhere (release 0.18.0) also supports Kubernetes 1.28. The theme for this version was chosen as a play on words that combines plant and Kubernetes to evoke the image of a garden. Hence, the fitting release name, Planternetes. In their official release announcement, the Kubernetes release team said this of the release, “people behind this release come from a wide range of backgrounds.”
- Blog post covers how to import existing AWS Resources into an AWS CDK Stack.
- CfnGuardValidator is an AWS CDK plugin that allows developers to locally validate their AWS CDK code using AWS Control Tower proactive controls or AWS CloudFormation Guard rules before deploying the AWS infrastructure
- Blog post covers how to integrate the CfnGuardValidator plugin into your existing AWS CDK application and validate it against organizational policies to accelerate your development process.
- Kubernetes admission controllers increase the layered defences we can apply to our Amazon EKS cluster: Kyverno, a CNCF project for Kubernetes native policy management, deploys as a dynamic admission controller that implements validating, generating, and mutating policies to strengthen the “perimeter” of our Kubernetes clusters.
- Kubelet configuration that controls how much memory a pod can use before it is throttled.
- Local K8S Development Tools enhance the Kubernetes development experience by connecting locally running components to the Kubernetes cluster.
- Telepresence, Gefyra, and mirrord are compared in this article.
- Gateway API is an open source project managed by the SIG-NETWORK community. It is an API (collection of resources) that model service networking in Kubernetes
- Article dives deep into Gateway API and how it represents an evolution from the Ingress API.
- Articles goes over native support for Network Policies to VPC CNI and a demo of the same.
Videos and webinars
Open source projects
Digma Digma Continuous Feedback (CF) enables developers to uncover code runtime regressions, anomalies and code smells, right from their IDE.
Copacetic copa is a CLI tool written in Go and based on buildkit that can be used to directly patch container images given the vulnerability scanning results from popular tools like Trivy.
Logging Operator for Kubernetes The Logging operator solves your logging-related problems in Kubernetes environments by automating the deployment and configuration of a Kubernetes logging pipeline.