+++
author = "AWS Kubernetes Developer Advocates"
categories = ["Archive", "2022", "Weekly"]
date = 2022-02-11T08:00:00Z
draft = false
slug = "005"
title = "EKS News 005"
aliases = [
    "/blog/eks-news-005",
    "/archive/eks-news-005"
]
+++
<br/><br/><br/><br/>
This week we'll touch on Amazon GuardDuty for EKS, AWS App Runner VPC Support, scaling WordPress on EKS, SIG Multicluster, and more!

### New service announcements and features

[Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters](https://aws.amazon.com/about-aws/whats-new/2022/01/amazon-guardduty-elastic-kubernetes-service-clusters/)

* Analyzes [Kubernetes audit logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) from existing and new Amazon EKS clusters in your accounts
* Includes [27 new GuardDuty finding types](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-kubernetes.html)
* Generates a security findings that includes metadata such as pod ID, container image ID, and associated tags
* Users now have to *opt-in* to use this feature, and the first 30 days of GuardDuty for EKS Protection are free

### Containers from the Couch

[AWS App Runner adds support for Amazon VPC!](https://youtu.be/7sL6BZ5t2Zg)  
Dive into App Runner and some of the latest feature releases for the service

Please, subscribe to [Containers from the Couch](https://www.youtube.com/containersfromthecouch) today!

### New and notable blogs

[Running WordPress on Amazon EKS with Amazon EFS Intelligent-tiering](https://aws.amazon.com/blogs/storage/running-wordpress-on-amazon-eks-with-amazon-efs-intelligent-tiering/)

* By far, the most popular CMS platform today is WordPress
* [EFS Intelligent-tiering](https://aws.amazon.com/blogs/aws/new-amazon-efs-intelligent-tiering-optimizes-costs-for-workloads-with-changing-access-patterns/) delivers automatic cost savings for workloads with changing access patterns by placing your file data in the appropriate storage class, at the right time, based on file access patterns
* Deploying WordPress on Amazon EKS can dramatically improve the scalability and manageability of your CMS
* Can achieve the goal of creating both a cost-optimized and performance-optimized solution for high-availability WordPress

### Ecosystem News

[Argo CD Deals With Our First Zero-Day CVE](https://blog.argoproj.io/argo-cd-deals-with-our-first-zero-day-cve-86e8fb158e8f)

* Sharing how improved security policies helped the project respond to [CVE-2022–24348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24348)
* On January 30, 2022, the security team at Apiiro alerted the Argo team immediately via the [responsible disclosure outlined in the Argo CD Security policy](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md#reporting-a-vulnerability)
* The Argo team released a fix within 48 hours on Feb 3 in concert with the public disclosure of the CVE and posted a [security advisory](https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7) to Argo CD users.

[Spotlight on SIG Multicluster](https://kubernetes.io/blog/2022/02/07/sig-multicluster-spotlight-2022/)

* [SIG Multicluster](https://github.com/kubernetes/community/tree/master/sig-multicluster) is the SIG focused on how Kubernetes concepts are expanded and used beyond the cluster boundary.
* In this blog, Jeremy Olmsted-Thompson, Google and Chris Short, AWS discuss the interesting problems SIG Multicluster is solving and how you can get involved.

[weaveworks/tf-controller: A GitOps Terraform controller for Kubernetes](https://github.com/weaveworks/tf-controller)

* TF-controller is an *experimental* controller for Flux to reconcile Terraform resources in the GitOps way
* "At your own pace" means you don't need to GitOps-ify everything at once
* Includes a roadmap; feel free to suggest new items

[Traefik Proxy and HTTP/3 on AWS EKS](https://traefik.io/blog/traefik-proxy-and-http-3-on-aws-eks/)

* An Ingress Controller is usually exposed through a LoadBalancer Service
* Walk through how to use a NodePort Service to deploy a Network Load Balancer (NLB) in AWS and allow TCP and UDP on the same port
* This guide shows one way to configure an Ingress Controller Traefik Proxy with the support of HTTP/3 on an EKS cluster
{{< eo >}}