+++
author = "AWS Kubernetes Developer Advocates"
categories = ["Archive", "2022", "Weekly"]
date = 2022-06-10T07:00:00Z
description = "Delivery Hero using Amazon EKS with EC2 Spot Instances, OpenCost, Karpenter, Argo CD 2.4 breaking changes, 3.6 million exposed MySQL servers, and more"
draft = false
slug = "020"
title = "EKS News 020"
+++
<br/><br/><br/><br/>
Kubernetes birthday was this week. Hard to believe this technology is already eight years old. 🎉🎂🥳

In this issue, we'll look at Delivery Hero using Amazon EKS with EC2 Spot Instances, OpenCost, Karpenter, Argo CD 2.4 breaking changes, 3.6 million exposed MySQL servers, and more.

## New service announcements and features

[Amazon EKS now supports DNS resolution of the cluster private endpoint in AWS GovCloud (US) regions](https://aws.amazon.com/about-aws/whats-new/2022/06/amazon-eks-supports-dns-resolution-cluster-private-endpoint-aws-govcloud-us-regions/)

* You can now resolve the private Kubernetes API server endpoint of your Amazon Elastic Kubernetes Service (EKS) cluster in AWS GovCloud (US) regions
* This allows you to easily connect to an EKS cluster that is only accessible within a VPC, including when using AWS services such as [AWS Direct Connect](https://aws.amazon.com/directconnect/) and [VPC peering](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html).

## New and notable blogs

[Amazon EKS and Spot Instances in action at Delivery Hero](https://aws.amazon.com/blogs/containers/amazon-eks-and-spot-instances-in-action-at-delivery-hero/)

* Describes new `eksctl` features which automatically diversifies spot instances in managed node groups using the [amazon-ec2-instance-selector](https://github.com/aws/amazon-ec2-instance-selector)
* Describes an alternative approach to using Amazon Elastic Compute Cloud (Amazon EC2) Spot managed node groups with [Karpenter](https://ec2spotworkshops.com/karpenter.html) (Karpenter Workshop)
* Describes how Delivery Hero is making use of Spot (over-provisioner with cluster-autoscaler's priority expander)
* [Delivery Hero blog](https://tech.deliveryhero.com/spot-instances-at-delivery-hero/)

## Containers from the Couch

[Get started with Chaos Engineering with Litmus](https://youtu.be/5CI8d-SKBfc)

* Start practicing Chaos Engineering safely with the open source Litmus project
* Litmus is a Chaos Engineering platform that enables teams to identify weaknesses & potential outages in infrastructures by inducing chaos tests in a controlled way
* Get started at <https://github.com/litmuschaos/litmus>

## Ecosystem News

[OpenCost: Open Source Collaboration on Kubernetes Cost Standards](https://thenewstack.io/opencost-open-source-collaboration-on-kubernetes-cost-standards/)

* "Kubernetes cost management company [Kubecost](https://www.kubecost.com/), working with cloud, vendor and user partners, has submitted an open source project for managing Kubernetes costs to the [Cloud Native Computing Foundation](https://cncf.io/?utm_content=eks-news)"
* "[OpenCost](https://github.com/kubecost/opencost) models give teams visibility into current and historical Kubernetes spend and resource allocation. These models provide cost transparency in Kubernetes environments that support multiple applications, teams, departments, etc."
* "This project combines a [specification](https://github.com/kubecost/opencost/blob/develop/spec) as well as a Golang implementation of these detailed requirements."

[Breaking Changes in Argo CD 2.4](https://blog.argoproj.io/breaking-changes-in-argo-cd-2-4-29e3c2ac30c9)

* Argo CD 2.4 removes Helm 2 and Ksonnet support, as these have reached end of life. Editor's Note: See article for help migrating
* Update your RBAC to handle Web Terminal
* As a security enhancement, Argo CD 2.4's install manifests include a dedicated Service Account for the repository server Deployment.
* AND MANY MORE things you should read before upgrading to Argo CD 2.4

[Zero to GitOps: Terraform and the AWS EKS Blueprints Project](https://superorbital.io/journal/terraform-aws-eks-blueprints/)

* Makes use of the new EKS Blueprint: [aws-ia/terraform-aws-eks-blueprints](https://github.com/aws-ia/terraform-aws-eks-blueprints)
* Gets you up and running Argo CD
* "In general, our recommendation is to avoid using Terraform to install software into a Kubernetes cluster, however, this workflow is a very nice compromise, since we can limit Terraform's goal to simply getting the cluster into a state where Argo CD can take over and manage everything else."

[Enabling AWS IAM Group Access to an EKS Cluster Using RBAC](https://eng.grip.security/enabling-aws-iam-group-access-to-an-eks-cluster-using-rbac)

* "A deep dive into Amazon's Elastic Kubernetes Service (EKS) user authentication and authorization using AWS IAM"
* The time invested in managing our EKS permissions model grew significantly, encouraging us to seek out a comprehensive and sustainable solution to this problem
* Highlights a few different paths and then the path Grip engineers chose with complete step-by-step guide

[Useful utilities and toys over DNS](https://www.dns.toys/)

* Legit useful command line fun
* `dig detroit.weather @dns.toys`
* Because it's Friday!
{{< eo >}}