+++
author = "AWS Kubernetes Developer Advocates"
categories = ["Archive", "2022", "Weekly"]
date = 2022-01-21T08:00:00Z
draft = false
slug = "002"
title = "EKS News 002"
aliases = [
    "/blog/eks-news-002",
    "/archive/eks-news-002"
]
+++
<br/><br/><br/><br/>
Hello EKS News readers! This week's newsletter contains a blog about Kubernetes service discovery using AWS Cloud Map MCS controller, Karpenter on TGIK, tracing traffic through Kubernetes, multiple [Containers from the Couch](https://containersfromthecouch.com/) episodes, and more.

## New and notable blogs

[Kubernetes Multi-cluster Service Discovery using the AWS Cloud Map MCS Controller](https://blog.bytequalia.com/kubernetes-multi-cluster-service-discovery-using-the-aws-cloud-map-mcs-controller/)

* MCS services allow you to share and deploy services across multiple clusters.
* Similar to other network centric approaches such as Cilium’s cluster mesh or Linkerd’s mirrored services
* AWS Cloud Map MCS is an implementation of the [MCS API](https://github.com/kubernetes/enhancements/tree/master/keps/sig-multicluster/1645-multi-cluster-services-api#kep-1645-multi-cluster-services-api), allowing you discover and access services outside a cluster
* 2 primary scenarios: **Different services each deployed to separate clusters** and **Single service deployed to multiple clusters**
* The MCS-Controller is responsible for “syncing” services across multiple clusters with Cloud Map serving as the centralized service registry
* The MCS-Controller release version is [v0.2.2](https://github.com/aws/aws-cloud-map-mcs-controller-for-k8s/releases/tag/v0.2.2) with GA expected in H2 CY2022
* Includes a tutorial that walks through how setup a multi-cluster service with MCS

## Containers from the Couch

Please Subscribe to [Containers from the Couch](https://containersfromthecouch.com/)

[Using Kubecost to monitor your Kubernetes and infrastructure spend](https://youtu.be/2IJntyJy6vY)

* We look at how [Kubecost](https://www.kubecost.com/) can be used to track your infrastructure spending and save you money!
* [`kubectl-cost`](https://github.com/kubecost/kubectl-cost) is a `kubectl` plugin that provides easy CLI access to Kubernetes cost allocation metrics via the kubecost APIs.

[Kubernetes Virtual clusters with Loft Labs](https://youtu.be/a8fIyUd9438)

* We look at benefits and use cases for Kubernetes virtual clusters using [Loft](https://loft.sh/).
* Virtual clusters are completely free at [vcluster.com](https://www.vcluster.com/) and you'll (hopefully) soon be able to use EKS distro for virtual clusters via [loft-sh/vcluster#320](https://github.com/loft-sh/vcluster/pull/320)

## Ecosystem News

[TGI Kubernetes 182: Karpenter](https://youtu.be/zXqrNJaTCrU)

* TGI Kubernetes is a live streaming series that was originally started at Heptio
* This week's episode is covering [**Karpenter**](https://karpenter.sh/)
* "Karpenter simplifies Kubernetes infrastructure with the right nodes at the right time."
* Goes live at 4 PM ET/2100 UTC **TODAY**

[10 real-world stories of how we’ve compromised CI/CD pipelines](https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/)

* "Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum."
* It's almost reads like an OWASP Top 10 for CI/CD
* Everything from Jenkins to Docker to Kubernetes to laptops are mentioned, there's probably something relevant to your environment

[Tracing the path of network traffic in Kubernetes](https://learnk8s.io/kubernetes-network-packets)

* "TL;DR: In this article, you will learn how packets flow inside and outside a Kubernetes cluster. Starting from the initial web request and down to the container hosting the application."
* Complete with code samples, `kubectl` outputs, and graphics
* Deep dive

[Some ways DNS can break](https://jvns.ca/blog/2022/01/15/some-ways-dns-can-break/)

* Julia Evans has been deep diving into DNS lately
* This article covers some of the ways you can "stub your toe" on DNS
* Everything from "NXDOMAIN instead of NOERROR" to Java caching to race conditions in Kubernetes

[CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats](https://www.cisa.gov/uscert/ncas/current-activity/2022/01/18/cisa-urges-organizations-implement-immediate-cybersecurity)

* There has been a sharp increase in malicious activity
* CISA has published [CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats](https://go.usa.gov/xtB8P) (PDF)
* A two-page checklist of strongly suggested security controls for risk reduction

## Because it's Friday

Remember folks, [this used to be what the internet experience](https://youtu.be/ntQ48-d-8x4) was like for several years.
{{< eo >}}