+++
author = "AWS Kubernetes Developer Advocates"
categories = ["Archive", "2022", "Weekly"]
date = 2022-02-25T08:00:00Z
draft = false
slug = "007"
title = "EKS News 007"
aliases = [
    "/archive/eks-news-007"
]
+++
<br/><br/><br/><br/>
I know we mentioned the `Dockershim` removal effort in upstream Kubernetes last week. As I was working on the EKS 1.22 release blog this week, I wanted to make sure EKS customers were aware of what EKS is doing related to `Dockershim`. EKS has made `containerd` available as of version 1.21. You can kick the tires on `containerd` now by adding the `--container-runtime containerd` option to your user data. [Amazon EKS is removing `Dockershim` support in version 1.23](https://docs.aws.amazon.com/eks/latest/userguide/dockershim-deprecation.html). Quoting the linked User Guide, "The `containerd` runtime provides better performance and security, and it's the runtime we're standardizing on across Amazon EKS. Fargate and Bottlerocket already use `containerd` only." I mention this now because it's never too early to start planning for this significant change.

This week we'll talk about UDP traffic on Kubernetes (supertuxcart is involved), running Windows workloads on EKS, and some of the latest nuggets from the greater cloud native ecosystem.

## New and notable blogs

[How to route UDP traffic into Kubernetes](https://aws.amazon.com/blogs/containers/how-to-route-udp-traffic-into-kubernetes/)

* Together, UDP, Kubernetes, and Network Load Balancers give customers the ability to improve their agility while also meeting their low latency requirements
* In the AWS Cloud, you can use the [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/) to configure a Network Load Balancer to route TCP and UDP traffic from the internet to services running in your cluster
* The article features a step-by-step guide on building a game server on your local workstation using [supertuxkart](https://supertuxkart.net/Download)

[Running Windows workloads on a private EKS cluster](https://aws.amazon.com/blogs/containers/running-windows-workloads-on-a-private-eks-cluster/)

* Customers want to scale Windows workloads on Kubernetes alongside their Linux workloads
* Blog post provides a step by step guide from enabling Windows support in an EKS cluster to allowing Windows worker nodes to utilize cluster internal networking to creating a Windows node group.
* If you want to jump right into the codebase there's an [AWS sample repository](https://github.com/aws-samples/private-eks-for-windows-workloads-with-terraform)

[Introducing Amazon CloudWatch Container Insights for Amazon EKS Fargate using AWS Distro for OpenTelemetry](https://aws.amazon.com/blogs/containers/introducing-amazon-cloudwatch-container-insights-for-amazon-eks-fargate-using-aws-distro-for-opentelemetry/)

* [AWS Distro for OpenTelemetry (ADOT)](https://aws-otel.github.io/docs/introduction) is a secure, AWS-supported distribution of the [OpenTelemetry](https://opentelemetry.io/docs/) project
* Discusses the components in an ADOT Collector pipeline
* Demonstrates how to configure and deploy an ADOT Collector to collect system metrics for workloads on an EKS Fargate cluster and sending them to CloudWatch

## Ecosystem News

[Manage and debug Kubernetes manifests with Monokle by Kubeshop](https://kunalkushwaha.com/manage-and-debug-kubernetes-manifests-with-monokle-by-kubeshop)

* Monokle is an open-source desktop UI for managing Kubernetes manifests
* It also supports Kustomize and Helm
* Also comes with some basic examples

[Restricting cluster-admin permissions](https://www.giantswarm.io/blog/restricting-cluster-admin-permissions)

* Operators of the cluster are assigned to the `cluster-admin` ClusterRole (which is conceptually like `root` on Linux; you can do anything)
* Giant Swarm had an issue with one of their CLI tools that incorrectly deleted more resources than intended
* Using [Kyverno](https://kyverno.io/), they were able to deploy a cluster policy that would block ALL ROLES from performing the specific delete all action that was causing the issue

[The Top 5 Kubernetes Configuration Mistakes—And How to Avoid Them](https://komodor.com/blog/the-top-5-kubernetes-configuration-mistakes-and-how-to-avoid-them/)

* Configuration mistakes can lead to all sorts of unwanted things
* This list is a quick top five Kubernetes misconfigurations according to Komodor
* Some tactics for mitigating these misconfigurations are provided
* Don't forget about Justin Garrison's wonderful [Living with Kubernetes: 12 Commands to Debug Your Workloads](https://thenewstack.io/living-with-kubernetes-12-commands-to-debug-your-workloads/)

[Making Crossplane package authoring easy](https://blog.upbound.io/moving-crossplane-package-authoring-from-plain-yaml-to-ide-aided-development/)

* Crossplane users generally interact with a plaintext YAML file
* Post dives into what Crossplane is doing with Language Server Protocol
* Crossplane is now providing a preview of its IDE extension
{{< eo >}}