In this edition we feature Karpenter 1.0 graduation, new controls for Kubernetes Version Policy and expanded regional support for Pod Identity
New AWS services and features
- In November 2021, AWS announced the launch of v0.5 of Karpenter, “a new open source Kubernetes cluster auto scaling project.”
- In the nearly three years since then Karpenter has evolved substantially into a fully featured, Kubernetes native node lifecycle manager.
- This article covers Karpenter’s graduation out of beta to v1.0.0. With this release, the stable Karpenter APIs – NodePool and EC2NodeClass – remains available for future 1.0 minor version releases and will not be modified in ways that result in breaking changes from one minor release to another.
Amazon EKS introduces new controls for Kubernetes version support policy
- Amazon EKS announces new controls for Kubernetes version policy, allowing cluster administrators to configure end of standard support behavior for EKS clusters
- This article covers how controls for Kubernetes version policy makes it easier for you to choose which clusters should enter extended support and which clusters can be automatically upgraded at the end of standard support.
Amazon EKS introduces EKS Pod Identity in the AWS GovCloud (US) Regions
- At AWS reInvent 2023, Amazon EKS announced launch of Pod Identity, purpose built for EKS in the cloud, designed to offer a simplified experience for configuring Kubernetes applications running on AWS with fine-grained AWS Identity and Access Management (AWS IAM) permissions to access other AWS resources such as Amazon Simple Storage Service (Amazon S3) buckets, Amazon DynamoDB tables, and more.
- This simplified experience is made possible by the introduction of a new EKS service principal that can be used to establish trust between IAM roles and EKS service, and the introduction of new APIs on EKS that enables you to setup permissions without the need to execute privileged IAM operations like the setup of an OIDC identity provider
- This article covers expanded regional support for EKS Pod Identity to AWS GovCloud (US) Regions
AWS blogs
[Blog] Karpenter 1.0
- In October 2023, Karpenter project graduated to beta , and AWS contributed the vendor-neutral core of the project to the Cloud Native Computing Foundation (CNCF) through the Kubernetes SIG auto scaling.
- Engagement from the Karpenter community made it one of the top-ten most-popular AWS open source projects by GitHub stars , and contributions by non-AWS community members have increased both in number and scope.
- This blog dives deep into Karpenter 1.0 launch - enhanced disruption controls within it, planned API deprecations and dives deep into migration path from beta to v1.
[Blog] Patterns for TargetGroupBinding with AWS Load Balancer Controller
- AWS Load Balancer Controller is a controller to help manage Elastic Load Balancers for a Kubernetes cluster - satisfying Kubernetes Ingress Resource by provisioning Application Load Balancers and Kubernetes Service Resource by provisioning Network Load Balancers
- AWS Load Balancer Controller supports a functionality, called TargetGroupBinding, which is a custom resource (CR) that can expose your pods using an existing ALB TargetGroup or NLB TargetGroup.TargetGroupBinding lets users decouple the creation and deletion of load balancers from the lifecycle of a service and ingress.
- The blog article aids as a guide to understand various use-cases where there is a need to route the traffic of an existing Application Load Balancer (ALB)/Network Load Balancer (NLB) directly without provisioning a new one.
[Blog] Host the Whisper Model with Streaming Mode on Amazon EKS and Ray Serve
- OpenAI Whisper is a pre-trained model for automatic speech recognition (ASR) and speech translation. The Whisper model is open-sourced under the Apache 2.0 license, making it accessible for developers to build useful applications, such as transcription services, voice assistants, and enhancing accessibility for individuals with hearing impairments.
- Apps such as transcriptions of live broadcast and online meeting warrants need for ASR streaming mode with a lower latency requirement, usually in seconds making scaling a challenge.
- This blog post will explore how Amazon EKS can be utilized as underlying infrastructure for the ML model serving with Karpenter aiding in Node scaling process and KubeRay operator aiding in orchestrating RayServe replicas.
[Blog] Enhancing Kubernetes workload isolation and security using Kata Containers
- Kata Containers is an open-source project that provides a secure container runtime that combines the lightweight nature of containers with the security benefits of VMs.
- In Kata Containers each container is effectively booted with a different guest operating system, as opposed to traditional containers where the Linux Kernel is shared among the workloads and container isolation is achieved by using namespaces and control groups (cgroups).
- This blog article helps as walkthrough on how to setup and run Kata Containers on AWS using Amazon Elastic Kubernetes Service (EKS).
[Blog] Getting Started with Cilium Service Mesh on Amazon EKS
- Cilium is an open source solution for providing, securing, and observing network connectivity between workloads, powered by the revolutionary kernel technology called extended Berkeley Packet Filter (eBPF), that enables the dynamic insertion of security, visibility, and networking logic into the Linux kernel.
- In October 2023, Cilium became the first project to graduate in the cloud native networking category in CNCF.
- As application architectures increasingly rely on dozens of microservices, more and more organizations are exploring and evaluating various service mesh capabilities, such as service to service monitoring, logging, and traffic control, some of which Cilium provides.
- This blog article will act as deep dive into Cilium architecture, and demonstrate some of its capabilities on Amazon EKS.
Community news and articles
- Ten (10) years ago, on June 6th, 2014, the first commit of Kubernetes was pushed to GitHub. That first commit with 250 files and 47,501 lines of go, bash and markdown kicked off the project we have today.
- This article covers past decade of Kubernetes, present day feature set and a hope for even bigger enhancements in future.
Introducing Feature Gates to Client-Go: Enhancing Flexibility and Control
- Kubernetes components, such as kube-controller-manager and kube-scheduler use on-off switches called feature gates to manage the risk of adding a new feature and they leverage client-go library to interact with the API.
- This article covers introduction of feature gates to Client-Go for efficient management
Videos and webinars
Kubernetes Observability with eBPF on Amazon EKS | ft. groundcover
EKS Pod Identity vs IRSA | Securely Connect Kubernetes Pods to AWS Services
Open source projects
K8sGPT K8sGPT is a CNCF sandbox open source tool for scanning your kubernetes clusters, diagnosing and triaging issues in simple english. It has SRE experience codified into its analyzers and helps to pull out the most relevant information to enrich it with AI.
wasmCloud wasmCloud is an open source project from the Cloud Native Computing Foundation (CNCF) that enables teams to build polyglot applications composed of reusable Wasm components and run them—resiliently and efficiently—across any cloud, Kubernetes, datacenter, or edge.