+++
author = "AWS Kubernetes Developer Advocates"
categories = ["Archive", "2022", "Weekly"]
date = 2022-01-07T08:00:00Z
draft = false
slug = "000"
title = "EKS News 000"
aliases = [
    "/blog/eks-news-000",
    "/archive/eks-news-006"
]
+++
<br/><br/><br/><br/>
Welcome to the first ever issue of [EKS News](https://eks.news)! This being the very first issue, please allow me to introduce myself and the folks behind the newsletter. I'm Chris Short, among many things I'm a Kubernetes contributor, fascinated by GitOps, and a Senior Developer Advocate on the EKS team. My team of fellow developer advocates are *significant* contributors to this newsletter. I have the distinct pleasure of assembling this newsletter for you. This newsletter will evolve based on feedback we receive (hit reply, it comes to me), issues opened on [GitHub](https://github.com/chris-short/eks.news/), and any other data points we observe.

On to this issue's news and other interesting things in the broader Kubernetes and Cloud Native ecosystem.

## New service announcements and features

[Amazon EMR on EKS releases Custom Image Validation Tool to simplify testing of your customized docker container images](https://aws.amazon.com/about-aws/whats-new/2022/01/amazon-emr-custom-image-validation-tool-images/)

* With EMR on EKS, customers can create their own images that include specific packages, libraries, and runtimes that are not available by default, e.g. a specific version of Java
* Validation tool runs an automated suite of tests to validate those images
* Download the custom image validation tool from our [GitHub repository](https://github.com/awslabs/amazon-emr-on-eks-custom-image-cli)

[EBS CSI driver now available in EKS add-ons in preview](https://aws.amazon.com/about-aws/whats-new/2021/12/eks-add-ons-ebs-csi-driver/)

* Offers a simple experience for attaching persistent storage to an EKS cluster
* The driver can be installed, managed, and updated through the EKS console, AWS CLI and SDKs

[IPv6 on EKS](https://aws.amazon.com/about-aws/whats-new/2022/01/amazon-eks-ipv6/)

* With EKS support for IPv6, pods are assigned only a globally routable IPv6 address, and you easily scale applications in your cluster without consuming limited private IPv4 address space.
* IPv6 support is enabled through the Amazon [VPC CNI plugin](https://github.com/aws/amazon-vpc-cni-k8s)
* If you're ready to implement IPv6, please read this blog from Sébastien Stormacq, [Amazon Elastic Kubernetes Service Adds IPv6 Networking](https://aws.amazon.com/blogs/aws/amazon-elastic-kubernetes-service-adds-ipv6-networking/)
* Not dual-stack but [we'd love to hear more about how you want to use IPv6](https://github.com/aws/containers-roadmap/issues/835)

## New and notable blogs

[Onfido’s Journey to a Multi-Cluster Amazon EKS Architecture](https://aws.amazon.com/blogs/containers/onfidos-journey-to-a-multi-cluster-amazon-eks-architecture/)

* Had concerns about in-place cluster upgrades and its impact on service availability
* Decided to move to from a single production clusters to a single region, multi-cluster active-active configuration
* Considered KubeFed and a mutli-cluster service mesh, but decided to operate the clusters independently instead (smaller blast radius)
* Used a single ALB with multiple TGs and weighted routing to distribute traffic between clusters

[Progressive Delivery using AWS App Mesh and Flagger](https://aws.amazon.com/blogs/containers/progressive-delivery-using-aws-app-mesh-and-flagger/)

* A walk through of a canary style deployment using App Mesh and Flagger
* Canaries help customers release features quickly while decreasing risk
* (delegating the control of a feature to the owner responsible for the outcome)
* Canary deployments allow you to test your changes with real users and compare different versions in parallel
* Flagger uses metrics to determine whether the deployment should continue or be rolled back; it is also responsible for shifting the traffic between the current version of the application and canary
* See also [Flagger](https://flagger.app/), [Performing canary deployments and metrics-driven rollback with Amazon...](https://aws.amazon.com/blogs/opensource/performing-canary-deployments-and-metrics-driven-rollback-with-amazon-managed-service-for-prometheus-and-flagger/)

[Chaos Engineering with LitmusChaos on Amazon EKS](https://aws.amazon.com/blogs/containers/chaos-engineering-with-litmuschaos-on-amazon-eks/)

* Involves injecting failures in a controlled environment using well-planned experiments to help engineers find weaknesses in systems
* Experiments should include: a baseline, a hypothesis, a failure scenario, an analysis of the outcome and its deviation from the hypothesis
* Walks through running an experiment with LitmusChaos, e.g. [pod-delete](https://hub.litmuschaos.io/generic/pod-delete), [node-drain](https://hub.litmuschaos.io/generic/node-drain), [node-cpu-hog](https://hub.litmuschaos.io/generic/node-cpu-hog), etc.
* See also [Chaos engineering on Amazon EKS using AWS Fault Injection Simulator](https://aws.amazon.com/blogs/devops/chaos-engineering-on-amazon-eks-using-aws-fault-injection-simulator/)

[Advice on mitigating the Apache log4j security issue for EKS, ECS, and Fargate customers](https://aws.amazon.com/blogs/containers/advice-on-mitigating-the-apache-log4j-security-issue-for-eks-ecs-and-fargate-customers/)

* An overview of the log4j CVE and ways to mitigate it
* Strongly recommend that customers who are running log4j upgrade to v2.16 or high as soon as possible
*, JDKs shipped in AL1 and AL2 will automatically install the hotpatch package
* For EKS, see this [project on GitHub](https://github.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agent)

[Container scanning updates in Amazon ECR private registries using Amazon Inspector](https://aws.amazon.com/blogs/containers/container-scanning-updates-in-amazon-ecr-private-registries-using-amazon-inspector/)

* Offers improved vulnerability management for “cloud native” workloads
* Enhanced scanning provides nearly continues scanning of ECR repositories and scans the OS packages and select language libraries, see <https://docs.aws.amazon.com/inspector/latest/user/supported.html> for a complete list
* scan configurations
* Whenever Inspector adds a new CVE to its database, all eligible container images are scanned in response
* Scan findings for basic and enhanced scanning is available in Amazon ECR and Inspector
* Findings can be shared with other AWS services like AWS SecurityHub and Amazon EventBridge
* Walk through of how to enable and view findings from enhanced scanning

[Best practices for running Spark on Amazon EKS](https://aws.amazon.com/blogs/containers/best-practices-for-running-spark-on-amazon-eks/)

* Goes through the different best practices related to EKS scheduling and provides an end-to-end Spark application example that implements them
* Use the S3A magic committer for writing to S3
* Build Spark 3.1.2 with Hadoop 3.3.1 if IAM Roles for Service Accounts (IRSA) is required
* Use Pod templates to provide Kubernetes specific configuration for driver and executor pods
* Use NVMe locally attached storage for temporary data
* Use Spark dynamic resource allocation to automatically scale executors
* See also [Introduction - EMR Containers Best Practices Guides](https://aws.github.io/aws-emr-containers-best-practices/)

[Autonomous ML-based detection and identification of root cause for incidents in microservices running on EKS](https://aws.amazon.com/blogs/containers/autonomous-ml-based-detection-and-identification-of-root-cause-for-incidents-in-microservices-running-on-eks/)

* Explains how to use the [Zebrium](https://www.zebrium.com/) machine learning (ML) platform to automatically find root cause of issues in logs generated by an application deployed onto [Amazon EKS](https://aws.amazon.com/eks/)
* You can get similar results by instrumenting your microservices and implementing distributed tracing

[Collecting data from edge devices using Kubernetes and AWS IoT Greengrass V2](https://aws.amazon.com/blogs/containers/collecting-data-from-edge-devices-using-kubernetes-and-aws-iot-greengrass-v2/)

* Shows how to: set up a Kubernetes cluster using k3s on a Raspberry Pi 4; install the [AWS Systems Manager](https://aws.amazon.com/ec2/systems-manager) Agent (SSM Agent); and deploy AWS IoT Greengrass V2 using standard Kubernetes tools like kubectl
* Ideal for the connected vehicle use case where reliable and durable ingestion and storage of vehicle telemetry data is needed
* Configuration involves running GG core on k3s

## New videos and webinars

[Karpenter node provisioner for Kubernetes](https://youtu.be/_FXRIKWJWUk?t=52) (Containers from the Couch)

[Amazon Elastic Container Registry (ECR) pull through cache](https://youtu.be/uTyrld7jVrk?t=53) (Containers from the Couch)

## Ecosystem News

[Using Admission Controllers to Detect Container Drift at Runtime](https://kubernetes.io/blog/2021/12/21/admission-controllers-for-container-drift/) (Kubernetes Blog)

[Top 4 cloud native trends in 2022 shaping the future of business](https://www.cncf.io/blog/2022/01/05/top-4-cloud-native-trends-in-2022-shaping-the-future-of-business/) (CNCF Blog)

[CNCF Live Webinar: Kubernetes 1.23 Release](https://community.cncf.io/events/details/cncf-cncf-online-programs-presents-cncf-live-webinar-kubernetes-123-release/) (CNCF)
{{< eo >}}