In this edition we feature Amazon EKS support for Amazon Application Recovery Controller (ARC), enhanced control plane observability and Kubernetes sessions to watch out for at re:Invent 2024.

Important Announcement

Annual Amazon Web Services conference AWS re:Invent 2024 is fast approaching!

This year’s event will feature a full track of sessions focused on Kubernetes and other cloud-native technologies. To help you navigate the extensive session catalog, we’ve compiled a list of sessions around Kubernetes and cloud-native related topics .

Come by the Expo Hall to visit the Kubernetes kiosk in the AWS Village or the Modern Apps and Open Source Zone in the Developer Pavilion to ask our experts questions about building modern applications on AWS, watch demonstrations, and meet with our open source teams. Stop by, say hello, have fun, grab a snack, and win prizes from the claw machine!

Can’t make it to re:Invent in person? No problem! Join us online for the livestream of our Keynotes & Leadership Sessions by registering for a virtual-only pass. And, don’t miss out on our Breakout Sessions – they’ll be available on-demand on AWS Events YouTube after the event.

New AWS services and features

• Amazon EKS now supports Amazon Application Recovery Controller (ARC)

  • Amazon Elastic Kubernetes Service (Amazon EKS) now supports Amazon Application Recovery Controller (ARC) zonal shift and zonal autoshift. ARC helps you manage and coordinate recovery for your applications across AWS Regions and Availability Zones (AZs).
  • With EKS support for ARC zonal shift and zonal autoshift, you can better maintain Kubernetes application availability by automating the process of shifting in-cluster network traffic away from an impaired AZ.

• Amazon EKS enhances Kubernetes control plane monitoring

  • Amazon EKS enhances visibility into the Kubernetes control plane by offering new intuitive dashboards in EKS console and providing a broader set of Kubernetes control plane metrics.
  • In the cloud, Amazon EKS automatically manages the availability and scalability of the Kubernetes control plane nodes responsible for scheduling containers, managing application availability, storing cluster data, and other key tasks. However, maintaining the health and performance of the workloads running in the cluster is a collaborative effort between Amazon EKS and users.
  • This enhancement enables cluster administrators to quickly detect, troubleshoot, and remediate issues. All EKS clusters on Kubernetes version 1.28 and above will now automatically display a curated set of dashboards visualizing key control plane metrics within the EKS console, making it easy to observe the health and performance of the control plane.

• Amazon EKS simplifies providing IAM permissions to EKS add-ons

  • Amazon Elastic Kubernetes Service (EKS) now offers a direct integration between EKS add-ons and EKS Pod Identity, streamlining the lifecycle management process for critical cluster operational software that needs to interact with AWS services outside the cluster.
  • EKS add-ons integration with Pod Identities is generally available in all commercial AWS regions.

• Bottlerocket announces new AMIs that are preconfigured to use FIPS 140-3 validated cryptographic modules

  • AWS has announced new AMIs for Bottlerocket that are preconfigured to use FIPS 140-3 validated cryptographic modules, including the Amazon Linux 2023 Kernel Crypto API and AWS-LC .
  • The FIPS-enabled Bottlerocket AMIs are now available in all commercial and AWS GovCloud (US) Regions.

AWS blogs

• [Blog] Cedar Access Controls for Kubernetes

  • Cedar is a language for defining permissions as policies, which describe who should have access to what. It is also a specification for evaluating those policies.
  • A new open source project, Cedar access controls for Kubernetes aims to brings the power of Cedar to Kubernetes authorization and admission validation.
  • This blog article serves as walkthrough deep dive of how Cedar policies can be used to enforce authorization in Kubernetes.

• [Blog] Introducing kro: Kube Resource Orchestrator

  • Kube Resource Orchestrator (kro) is a new experimental open source project that simplifies and empowers the use of custom APIs and resources with Kubernetes.
  • Kro lets you create reusable APIs for deploying multiple resources as a single unit through fundamental custom resource, the ResourceGroup . With Kro, you can create a ResourceGroup which defines a new Kubernetes resource that encapsulates all the necessary resources for a base application environment, including Kubernetes objects, managed cloud resources.
  • The blog article serves as walkthrough deep dive of how Kro helps you manage the lifecycle of the entire stack of dependencies, and keeps everything in sync with the desired state.

• [Blog] Monitoring and automating recovery from AZ impairments in Amazon EKS with Istio and ARC Zonal Shift

  • Today, a number of customers use a service mesh implementation such as Istio to manage the network infrastructure of their application environment. As of Nov 2024, Amazon EKS included support for Amazon ARC to aid in your resiliency and recovery strategy.
  • This blog post focuses on how you can monitor and automate quick application recovery in the event of an unhealthy or degraded AZ using metrics from Istio as signals to manage your zonal shifts.

Community news and articles

• What Karpenter v1.0.0 means for Kubernetes autoscaling

  • AWS created and open sourced Karpenter in 2021 to help automate how customers select, provision, and scale infrastructure in their clusters and provide more flexibility for Kubernetes users to take full advantage of unique infrastructure offerings across different cloud providers.
  • In 2024, AWS released Karpenter version 1.0.0 that marks the final milestone in the project’s maturity. This article covers how Karpenter works and whats next with Karpenter.

• Announcing Kyverno release 1.13!

  • This article covers Kyverno 1.13 release
  • Kyverno 1.13 comes with Sigstore bundle verification, exceptions for validatingAdmissionPolicies, new assertion trees, enhanced ValidatingAdmissionPolicy and PolicyException support to list a few.

• A beginners guide to contributing to CNCF open source projects

  • This article covers ways to get involved in CNCF (Cloud Native Computing Foundation) open source projects, what knowledge you need to contribute, and how to become part of this community.

• Troubleshooting Amazon EKS networking issues at scale in an Enterprise scenario

  • This article explores some of the potential recurring issues that can happen when Kubernetes networking isn’t properly configured.
  • The article also outlines a preemptive approach to address these issues, regardless of your workload size or cloud footprint.

Videos and webinars

• KubeCon+CloudNativeCon Salt Lake City 2024 Playlist

Open source projects

• Numaproj

  • Numaproj is a collection of Kubernetes-native tools for doing real-time operational data analytics.

• asdf

  • asdf is a tool version manager. All tool version definitions are contained within one file (.tool-versions) which you can check in to your project’s Git repository to share with your team, ensuring everyone is using the exact same versions of tools.