+++
author = "AWS Kubernetes Developer Advocates"
categories = ["Archive", "2022", "Weekly"]
date = 2022-09-09T07:00:00Z
description = "#031 edition of the EKS newsletter"
draft = false
slug = "031"
title = "EKS News 031"
+++
<br/><br/><br/><br/>

## AWS Container Announcements

* [Introducing Seekable OCI for lazy loading container images](https://aws.amazon.com/about-aws/whats-new/2022/09/introducing-seekable-oci-lazy-loading-container-images/)
  * SOCI enables containers to launch faster by lazily loading files from the container image. Ordinarily, a container image has to be fully downloaded and de-compressed before it can start. With SOCI, an index of the container image is created, stored in the registry as another OCI artifact, and then linked back to the container image by OCI reference types. This avoids having to convert container images or update image signatures as the digest of the image does not change.
  * SOCI and the soci-snapshotter are open sourced under Apache 2.0, and you can learn more about the project on [GitHub](https://github.com/awslabs/soci-snapshotter).
* [AWS Fargate announces migration of service quotas to vCPU-based quotas](https://aws.amazon.com/about-aws/whats-new/2022/09/aws-fargate-announces-migration-service-quotas-vcpu-based/)
  * Fargate quotas are moving from pod count to vCPU based starting October 3rd.
  * You can now opt-in the the new vCPU based quotas, giving you additional time to get familiar with the new vCPU-based quotas and make modifications to your quota management tools. If you run into issues with vCPU-based quotas, you can temporarily opt-out of vCPU quotas until October 31, 2022 and remediate your systems.
* [AWS Controllers for Kubernetes (ACK) for Amazon RDS, AWS Lambda, AWS Step Functions, Amazon Managed Service for Prometheus, and AWS KMS now generally available](https://aws.amazon.com/about-aws/whats-new/2022/09/aws-controllers-kubernetes-ack-rds-lambda-step-functions-prometheus-kms/)
  * [Deploy an RDS database with ACK](https://aws.amazon.com/blogs/database/deploy-amazon-rds-databases-for-applications-in-kubernetes/)
  * [Deploy a Lambda function with ACK](https://aws.amazon.com/blogs/compute/deploying-aws-lambda-functions-using-aws-controllers-for-kubernetes-ack/)
* [Amazon Managed Service for Prometheus Alert Manager & Ruler logs now available in Amazon CloudWatch Logs](https://aws.amazon.com/about-aws/whats-new/2022/09/amazon-managed-service-prometheus-alert-manager-ruler-logs-available-amazon-cloudwatch-logs/)
  * AMP now provides Alert Manager & Ruler logs to help customers troubleshoot their alerting pipeline and configuration in Amazon CloudWatch Logs. It includes the ability to filter alarms before they're sent to SNS and define recording and alerting rules.
* [AWS Fargate is now available in the Middle East (UAE) Region](https://aws.amazon.com/about-aws/whats-new/2022/09/aws-fargate-available-middle-east-uae-region/)

## AWS Container Blogs

* [Understanding and Cost Optimizing Amazon EKS Control Plane Logs](https://aws.amazon.com/blogs/containers/understanding-and-cost-optimizing-amazon-eks-control-plane-logs/)
  * After describing the different information captured in the control plane logs, this blog proposes several ways you can optimize the cost of retaining and analyzing those logs.
    * Disable or filter control plane logging in non-production environments.
    * CloudWatch Logs retains logs indefinitely by default. To lower your costs, impose a retention policy.
    * Export your logs to S3 for long term archival purposes and/or use Anthena to analyze logs in S3
    * Enable GuardDuty KAL
* [Introducing vended logs for Amazon Managed Service for Prometheus](https://aws.amazon.com/blogs/mt/introducing-vended-logs-for-amazon-managed-service-for-prometheus/)
  * This blog demonstrate how you can troubleshoot your alert manager pipeline via vended logs to correct common misconfigurations, such as not having the correct permissions, having an invalid alert manager template, and rule evaluation failures.
  * Vended logs are basically Prometheus logs that are routed to CloudWatch Logs.
* [How to Apply GitOps to Everything Using Amazon Elastic Kubernetes Service (Amazon EKS), Crossplane, and Flux](https://aws.amazon.com/blogs/opensource/how-to-apply-gitops-to-everything-using-amazon-elastic-kubernetes-service-amazon-eks-crossplane-and-flux/)
  * Walks through how to use a GitOps approach to vend workload clusters and then deploy composite applications, e.g. an application that interfaces with an RDS database, onto those clusters using Crossplane and Flux.
* [Scaling AI and Machine Learning Workloads with Ray on AWS](https://aws.amazon.com/blogs/opensource/scaling-ai-and-machine-learning-workloads-with-ray-on-aws/)
  * Describes the AWS contributions to the Ray community to enable enterprise-scale AI and machine learning deployments with Ray on AWS. These contributions and AWS service integrations allow AWS customers to scale their Ray-based workloads utilizing secure, cost-efficient, and enterprise-ready AWS services across the complete end-to-end AI and machine learning pipeline with both CPUs and GPUs.
  * EKS supports Ray on Kubernetes through the KubeRay [EKS Blueprint](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples/ai-ml/ray), contributed by the Amazon EKS team, that quickly deploys a scalable and observable Ray cluster on your Amazon EKS cluster. As compute-demand increases or decreases, Ray works with the Kubernetes-native autoscaler (CAS) to resize the Amazon EKS cluster as needed.

## Videos

* [Kubernetes node autoscaling with cluster autoscaler](https://www.youtube.com/shorts/-BZzalke9GM)
* [Workload Consolidation with Karpenter](https://www.youtube.com/watch?v=BnksdJ3oOEs&t=1256s)
* [What is GitOps? | GitOps vs DevOps](https://www.youtube.com/watch?v=lI03nh0EmaQ)
* [Difference between Docker and Kubernetes](https://www.youtube.com/shorts/gbfypnRuqKo)
* [How Karpenter node consolidation works in Kubernetes](https://www.youtube.com/shorts/xX3aBgpY3B4)

## Ecosystem News

* [The 2minute test for Kubernetes Pod security](https://www.cncf.io/blog/2022/09/06/the-2-minute-test-for-kubernetes-pod-security/)
* [6 Key Ideas Shaping GitOps Today](https://www.weave.works/blog/-6-ideas-shaping-gitops)
* [Securing Kubernetes cluster using Kubescape and kube-bench](https://www.cncf.io/blog/2022/09/09/managing-vulnerabilities-using-dependency-track/)
* [4 challenges retailers face when adopting Kubernetes at the edge](https://www.cncf.io/blog/2022/09/08/4-challenges-retailers-face-when-adopting-kubernetes-at-the-edge/)
* [Abusing pod priority](https://nunoadrego.com/posts/abusing-pod-priority/)
* [A basic security checklist for Kubernetes](https://kubernetes.io/docs/concepts/security/security-checklist/)
* [Project Bophades?](https://twitter.com/QuinnyPig/status/1565777131740704771)

## GitHub Projects

* [GitHub - airwallex/k8s-pod-restart-info-collector](https://github.com/airwallex/k8s-pod-restart-info-collector)
* [GitHub - Ramilito/kubediff: Source VS Deployed](https://github.com/Ramilito/kubediff)

## For Fun

* [Waterkube](https://waterkube.dev/)
{{< eo >}}