In this edition we feature extended support for Kubernetes versions in EKS, enhancements on Networking and Identity and Access Management integrations within EKS and also cover Karpenter graduation to Beta.
New AWS services and features
Amazon EKS Extended support for Kubernetes Versions now available in preview
- Amazon EKS Extended Support for Kubernetes Versions is now available in preview. Starting with Kubernetes v1.23, you can now use a Kubernetes version for up to 26 months from the time the version is generally available from Amazon EKS.
- During the Extended Support period, Amazon EKS will continue to provide security patches for the Kubernetes control plane. In addition, Amazon EKS will release critical patches for the Amazon VPC CNI, kube-proxy, and CoreDNS add-ons, AWS-published EKS Optimized AMIs for Amazon Linux and Bottlerocket, and EKS Fargate nodes.
Amazon EMR on EKS Interactive Endpoints is now generally available
- With this launch, you will be able to run interactive workloads using an integrated development environment such as EMR Studio.
- An interactive endpoint is a gateway that connects Amazon EMR Studio to Amazon EMR on EKS and you can use interactive endpoints with EMR Studio to run interactive analytics with datasets in data stores like Amazon S3 and Amazon DynamoDB.
Subscribe to Amazon EKS add-ons from independent software vendors in the EKS console
- At AWS re:Invent 2022, AWS announced that customers can deploy operational software on their EKS clusters directly from the Amazon Elastic Kubernetes Service (EKS) console. However, to complete subscription process, previously you were redirected to AWS Marketplace.
- With this launch, AWS customers now have an end to end experience to find, subscribe to, and deploy Kubernetes based operational software directly from the EKS console.
Amazon EKS adds support for customer managed IAM policies
- The EKS create cluster and create node group APIs require IAM roles with permissions attached to perform cluster operations like creating load balancers, describing and tagging EC2 instances, and downloading container images.
- EKS vends AWS managed policies to simplify the process of staying up to date on these required permissions. Now, you can attach customer managed policies to the cluster and node group IAM roles, and more easily meet compliance requirements, especially in highly regulated industries.
Amazon EKS now allows modification of cluster subnets and security groups
- EKS clusters run on Amazon VPC networks, providing a performant and secure environment for running Kubernetes applications. Cluster administrators must specify VPC subnets and security groups during cluster creation, which are used to enable secure communication between the EKS managed Kubernetes control plane and applications.
- With this launch, you can now modify cluster subnets and security groups after cluster creation.
New features for cdk8s include synthesize and import Helm charts and resolve cloud tokens
- cdk8s is an open-source software development framework for defining Kubernetes applications and reusable abstractions using familiar programming languages and rich object-oriented APIs.
- AWS unveils new capabilities for cdk8s, allowing seamless synthesis of applications into Helm charts on one hand, and native import of existing Helm charts into cdk8s applications on the other.
- In addition, cdk8s can now interpret deploy-time tokens of the AWS CDK and CDK For Terraform, all during the cdk8s synthesis phase.
AWS blogs
[Blog] AWS Announces Amazon EC2 Capacity Blocks for ML Workloads
- Advancements in ML have unlocked opportunities for organizations of all sizes and across all industries to invent new products and transform their businesses. Traditional ML workloads demand substantial compute capacity, and with the advent of generative AI, even greater compute capacity is required to process the vast datasets used to train foundation models (FMs) and large language models (LLMs).
- Announcing Amazon Elastic Compute Cloud (Amazon EC2) Capacity Blocks for ML, a new Amazon EC2 usage model that further democratizes ML by making it easy to access GPU instances to train and deploy ML and generative AI models.
[Blog] Use shared VPC subnets in Amazon EKS
- In the ever-changing landscape of cloud computing, organizations continue to face the challenge of effectively managing their virtual network environments.
- To address this challenge, many organizations have embraced shared Amazon virtual private clouds (VPCs) as a means to streamline network administration, and reduce costs.
- This blog article explains key considerations when using shared subnets in Amazon EKS
[Blog] How to upgrade Amazon EKS worker nodes with Karpenter Drift
- Karpenter is an open-source cluster autoscaler that provisions right-sized nodes in response to unschedulable pods based on aggregated CPU, memory, volume requests, and other Kubernetes scheduling constraints (e.g., affinities and pod topology spread constraints), which simplifies infrastructure management.
- The blog article details a mechanism for patching Kubernetes worker nodes provisioned with Karpenter, at a scale, through a gated Karpenter feature called Drift .
[Blog] Operating resilient workloads on Amazon EKS
- Explains resilience practices that can be implemented at different layers in Kubernetes to build systems that are highly available, fault tolerant, and withstand interruptions to maintain business continuity.
[Blog] Build a multi-tenant chatbot with RAG using Amazon Bedrock and Amazon EKS
- With the availability of Generative AI models, many customers are exploring ways to build chatbot applications that can cater to a wide range of their end-customers, with each instance of chatbot specializing on a specific tenant’s contextual information, and run such multi-tenant applications at scale with a cost-efficient infrastructure familiar to their development teams.
- This blog article explains a pattern to build a multi-tenant chatbot with Retrieval Augmented Generation (RAG) by leveraging Amazon Bedrock and Amazon EKS
[Blog] Karpenter graduates to beta
- Karpenter is a Kubernetes node lifecycle manager created by AWS, initially released in 2021 with the goal of minimizing cluster node configurations. It is in the process of being donated to the Cloud Native Computing Foundation (CNCF) as part of Kubernetes Autoscaling Special Interest Group.
- As part of this growth, there is a growing need for Karpenter’s APIs to mature and this article deep dives into Karpenter’s maturity progression from Alpha to Beta
[Blog] Building multi-tenant JupyterHub Platforms on Amazon EKS
- Jupyter Notebooks have become a go-to tool for data scientists and ML engineers, which offers an interactive environment for coding, ML experimentation with training and inference, and data visualization. JupyterHub is an extension of Jupyter Notebooks that takes collaboration and scalability to the next level by providing a multi-user, multi-environment platform and can seamlessly run on Kubernetes
- Blog post covers how to build multi-tenant JupyterHub platform on Amazon EKS
[AWS re:Post Article] Preventing EKS Node Lease Leakage for Smoother Cluster Operation
[AWS re:Post Article] Monitoring and Optimizing EKS Inter-AZ Data Transfer Cost
[AWS re:Post Article] AWS at KubeCon + CloudNativeCon North America 2023
[AWS re:Post Article] Amazon EKS Workshop at KubeCon NA 2023
Community news and articles
- Gateway API is an open source project managed by the SIG-NETWORK community. It is an API (collection of resources) that model service networking in Kubernetes. These resources - GatewayClass, Gateway, HTTPRoute, TCPRoute, etc., as well as the Kubernetes Service resource - aim to evolve Kubernetes service networking through expressive, extensible, and role-oriented interfaces that are implemented by many vendors and have broad industry support.
- If you’re familiar with the older Ingress API, you can think of the Gateway API as analogous to a more-expressive next-generation version of that API.
PersistentVolume Last Phase Transition Time in Kubernetes
- PersistentVolumes in Kubernetes play a crucial role in providing storage resources to workloads running in the cluster. However, managing these PVs effectively can be challenging, especially when it comes to determining the last time a PV transitioned between different phases, such as Pending, Bound or Released
- In the recent Kubernetes v1.28 release, SIG Storage introduced new alpha lastPhaseTransitionTime field into the status of a PV that aims to improve PersistentVolume (PV) storage management
Monitoring AWS EKS Audit Logs with Falco
- AWS EKS Audit Logs provide a detailed record of all activity on your EKS cluster, including user actions, API calls, and system events. Falco is a Kubernetes threat detection engine that can be used to monitor AWS EKS Audit Logs for suspicious activity.