The AWS re:Invent conference is happening again, and as usual AWS is announcing a lot of products and tools to help customers be successful with their cloud infrastructure. It’s often hard to keep up with all the recent announcements, so in this post we’ll go over some of the notable Kubernetes and EKS- specific news.
First up is EKS Distro (EKS-D) which allows you to run Kubernetes with the same control plane bits that Amazon uses in EKS. All of the components have been open sourced so you can see the patches AWS applies as well as create your own fork if necessary.
EKS-D packages and publishes all the required components (e.g. kube-api-server, kube-proxy) so you can run Kubernetes on-prem, in the cloud, or even on your local system.
Here’s an unboxing video and demo so you can see it in action.
EKS-D lets you bring your own installer to run Kubernetes however you want. If you want an opinionated installer to run EKS-D then you should check out the preview announcement about EKS Anywhere below.
EKS Anywhere (EKS-A) is a preview announcement which should be available in the second half of 2021. EKS-A will take all of the components of EKS-D and provide an installer that will let you run EKS anywhere you choose.
If you’re curious about more details, I highly recommend you checkout the re:Invent talk about EKS-A. The talk outlines some details about GitOps deployment workflows planned as well as CLI installers and connection models supported for EKS-A.
Spot instances in Managed Node Groups
EKS has had Managed Node Groups for a while which allow you to run EKS without needing to deploy and manage your own worker nodes. It even supports custom launch templates and custom AMI images.
Now Managed Node Groups supports spot instances! This means if you would like some of your EKS worker nodes to use the AWS Spot Market to keep costs down you can do that without needing to manage nodes.
The EKS console traditionally has allowed you to see clusters and node groups as part of your clusters. The brand new EKS console now lets you see your Kubernetes workloads in the cluster too!
You can see many of the built in resource types (e.g. deployments, pods), and more will be coming over time. It’s a great way to visually check what’s running in your cluster without needing to deploy or manage another dashboard, because it’s completely managed by AWS and integrated with SSO and IAM credentials in your AWS account.
EKS Managed Add-ons
EKS Managed Add-ons lets you take common Kubernetes add-ons (e.g. the VPC CNI plugin) and will manage the lifecycle of them for you. Historically, with Kubernetes any add-ons had to be upgraded independently from the control plane. This model was fine initially, but with lots of different add-ons and multiple cluster versions it’s easy to lose track of which version each should be.
Managed add-ons let you define which add-ons you want deployed to your cluster. r and IiIt’ll make sure to keep those add-ons up to date and the correct version for your cluster control plane. Whenever you upgrade your cluster managed add-ons will make sure your add-ons get upgraded too.
Fluent Bit for EKS on Fargate
Applications need logging. In traditional Kubernetes clusters there’s usually a log shipping service or daemon that takes all of the logs and puts them somewhere where they can be centrally stored and searched.
With EKS on Fargate, each pod acts as an isolated Kubernetes node so the only way to get logs was to run a sidecar along with your application. This was a lot to manage for cluster operators and application developers.
The new announcement of Fluent Bit for EKS on FargateFluent bit for EKS on Fargate allows you to define a Kubernetes ConfigMap and namespace for pods you want to have an automatic “hidecar” attached to your application pod.
The hidecar is completely managed by AWS and allows you to send your logs to any destination supported by Fluent Bit. As a matter of fact, it doesn’t even show up in your Kubernetes pod resources or spec. This allows you to focus on your application whileand AWS handles the logging.
Karpenter is a new open source Kubernetes cluster autoscaler from AWS. Kubernetes has a cluster autoscaler that many people are familiar with. The traditional cluster autoscaler works by watching for pods that cannot be scheduled due to resource constraints and attempts to add instances to the cluster.
Karpenter is different because it is a pluggable metrics-based autoscaler. It can watch various metrics producers and scale up or down based on configurable rules you define. One of the clearest examples is scaling based on a queue.
If you have an SQS queue and want to proactively scale up your cluster when there are too many jobs in the queue, Karpenter can do that!
It’s still early for all of the things you can do with Karpenter, but now is a great time to get involved.
AWS Load Balancer Controller
The AWS Load Balancer Controller is an open source controller for Kubernetes that lets you provision load balancers needed to expose Kubernetes resources. The new controller replaces the AWS ALB Ingress Controller which previously could provision Application Load Balancers (ALB) for Kubernetes ingress rules.
The new controller can still do that, but it also can provision Network Load Balancers (NLB) for your Kubernetes services and group ALBs based on annotations you set in your Kubernetes resources.
There’s plenty of other new features and announcements from AWS … and re:Invent isn’t over yet. Registration is free and the talks are available on-demand at the end of each week. If you want to keep up to date you can register for re:Invent, follow the AWS blog, and subscribe to the Containers From the Couch series where we do regular unboxings and discuss the new services and features.
Learn how to automate your Kubernetes security
Wondering how to make Kubernetes more secure? Pod Security Policies can beef up security in your cluster with customized, secure defaults. Check out the on-demand webinar Automating Kubernetes Security to learn how they work and what it looks like to implement them in a real K8s cluster.