In this edition we feature EKS Support for Kubernetes version 1.29, Upgrade Insights, enhancements on Networking and Identity and Access Management integrations within EKS.

New AWS services and features

• Amazon EKS and Amazon EKS Distro now support Kubernetes version 1.29

  • The Amazon Elastic Kubernetes Service (Amazon EKS) team is pleased to announce support for Kubernetes version 1.29 in Amazon EKS, Amazon EKS Distro, and Amazon EKS Anywhere (v0.19.0).
  • This blog covers some key changes in v1.29 including the removal of v1beta2 flow control API group and enhancements such as beta support for SidecarContainers and general availability of ReadWriteOncePods access mode for PersistentVolumes.

• Amazon EKS introduces upgrade insights preview

  • Amazon EKS announces the general availability of upgrade insights, a new feature that surfaces insights about issues that may impact your ability to successfully upgrade a cluster to newer versions of Kubernetes.
  • EKS upgrade insights automatically scan clusters against a list of potential Kubernetes version upgrade impacting issues. EKS periodically updates the list of insight checks to perform, based on evaluations of changes in the Kubernetes project, as well as changes introduced in the EKS service along with new versions. EKS upgrade insights surface issues and provide remediation recommendations, accelerating the testing and verification process for upgrades to newer versions of Kubernetes.

• Amazon EKS introduces simplified controls for IAM cluster access management

  • Amazon Elastic Kubernetes Service (EKS) now supports simplified configuration of AWS Identity and Access Management (IAM) users and roles with Kubernetes clusters, through a new set of APIs that tightly integrate IAM identities with Kubernetes authentication and authorization controls.
  • EKS access management controls introduced today simplify the process of mapping IAM to Kubernetes identities, by allowing administrators to fully define authorized IAM principals and their associated Kubernetes permissions directly through an EKS API during or after cluster creation.

• Amazon EKS now supports assigning EC2 security groups to IPv6 Kubernetes pods

  • EKS supports IPv6 enabling customers to scale containerized applications on Kubernetes beyond limits of private IPv4 address space. Until today, they could use network security rules that span pod to pod and pod to external Amazon Web Services service traffic defined in a single place with EC2 security groups, and applied to individual pods in IPv4 clusters.
  • With this launch, customers can apply EC2 security groups for pods in both IPv4 and IPv6 clusters.

• Amazon EKS now surfaces cluster health status details

  • EKS cluster health issues now surface detailed reason codes and descriptions on how to resolve issues. This reduces the time administrators need to spend troubleshooting infrastructure health issues, making it easier to run secure Kubernetes environments.
  • Customers can view cluster health status for any new or existing cluster using the AWS Console, CLI, and language SDKs in all AWS Regions where EKS is available.

• Amazon EKS introduces EKS Pod Identity

  • Amazon EKS introduces EKS Pod Identity, a new feature that simplifies how cluster administrators can configure Kubernetes applications to obtain AWS IAM permissions. EKS Pod Identity makes it easy to use an IAM role across multiple clusters and simplifies policy management by enabling the reuse of permission policies across IAM roles.

AWS blogs

• [Blog] The Journey to IPv6 on Amazon EKS: Foundation (Part 1)

  • Using IPv6 address space is a more elegant way to manage large-scale Kubernetes clusters. IPv6 provides a significantly larger total IP address space that allows cluster administrators scale applications without devoting efforts towards working around IPv4 limits.
  • This three part blog series explains foundational aspects of an Amazon EKS IPv6 cluster, dives deep into implementation patterns and migration strategies.

• [Blog] Train Llama2 with AWS Trainium on Amazon EKS

  • Generative AI offers a range of applications that extend beyond simply executing prompts and facilitating interactive conversations. The escalating scale of Large Language Models (LLMs) and Generative AI greatly increases computational demands, leading to higher costs associated with the development and deployment.
  • The blog article aids as a guide to leverage AWS Trainium for optimized performance in distributed training use-cases while reducing cost of training by up to 50%

• [Blog] Empowering Kubernetes Observability with eBPF on Amazon EKS

  • Kubernetes has emerged as a game-changer, offering seamless scalability and resource management for applications. However, with this abstraction comes the challenge of maintaining comprehensive observability in complex microservices environments.
  • This blog post will explore how eBPF (Extended Berkeley Packet Filter) is revolutionizing Kubernetes observability on Amazon EKS.

• [Blog] Deploying and scaling Apache Kafka on Amazon EKS

  • Kubernetes provides a robust platform for running Kafka. It offers features like rolling updates, service discovery, and load balancing which are beneficial for running stateful applications like Kafka.
  • This blog article explains a pattern to build and deploy a Kafka cluster on Amazon EKS.

• [Blog] Using Istio Traffic Management on Amazon EKS to Enhance User Experience

  • This blog will cover Istio’s powerful features of traffic management capabilities such as A/B testing, gradual rollouts and provides strategies to accomplish sophisticated testing and deployment strategies, downtime reduction, and user experience enhancement.

• [Blog] Amazon EKS Pod Identity: a new way for applications on EKS to obtain IAM credentials

  • In 2019, EKS launched IAM Role for Service Accounts that allows customers to configure Kubernetes (k8s) applications running on AWS with fine-grained AWS Identity and Access Management (AWS IAM) permissions to access other AWS resources. IRSA is widely used by AWS customers, and we plan to continue investing and supporting IRSA.
  • However, to overcome OIDC provider limit issues and provide seamless automation, at AWS reInvent 2023, we launched Amazon EKS Pod Identity. This blog will dive deep into the same.

Community news and articles

• Image Filesystem: Configuring Kubernetes to store containers on a separate filesystem

  • A common issue in running/operating Kubernetes clusters is running out of disk space.
  • This blog post goes into detail on ways that you can configure your container runtime to store its content separately from the default partition.

• Efficiently Scaling Disk Size in StatefulSet on EKS

  • Dealing with stateful sets in Kubernetes, particularly when scaling persistence volume, presents several challenges. This article covers so efficient practices when scaling disk size in StatefulSet objects on EKS

Videos and webinars

• Build Generative AI Models with NVIDIA NeMo on Amazon EKS ft. NVIDIA Experts

• Verify Container Images with Kyverno on Amazon EKS ft. Jim Bugwadia

• Kubernetes deployments with Monokle

Open source projects

• Telepresence Telepresence is a CNCF sandbox open source tool for Kubernetes application developers built by the team at Ambassador Labs. Telepresence lets you perform local development against a remote Kubernetes cluster

• DevSpace DevSpace is a client-only open-source developer tool for Kubernetes that lets you develop and deploy cloud-native software.