+++
author = "AWS Kubernetes Developer Advocates"
categories = ["Archive", "2023", "Weekly"]
date = 2023-05-15T07:00:00Z
description = "#053 edition of the EKS newsletter"
draft = false
slug = "053"
title = "EKS News 053"
+++
{{< eo >}}

<br/><br/><br/><br/>
A few weeks have past since we published our last newsletter. Since then, we've released a handful of new features, including a new open-source way to do identity and access management called Cedar. This edition also features a couple of interesting case studies from Conde Naste and Sentra. 

## New AWS services and features

* [Amazon Managed Service for Prometheus now available in 4 additional AWS regions](https://aws.amazon.com/about-aws/whats-new/2023/05/amazon-managed-services-prometheus-4-regions/)
    * AMP is now available in Asia Pacific (Mumbai), Asia Pacific (Seoul), South America (Sao Paulo) and Europe (Paris)
* [Amazon EMR on EKS launches vertical autoscaling to auto-tune application resources](https://aws.amazon.com/about-aws/whats-new/2023/05/amazon-emr-eks-vertical-auto-scaling/)
    * EMR on EKS now supports vertical autoscaling, a feature to automatically tune the memory and CPU resources of EMR Spark Applications to adapt to the needs of the provided workload
    * Vertical autoscaling uses VPA to track resource utilization for EMR jobs. It specifically configures VPA to track the `container_memory_working_set_bytes` metric for the Spark executor pods that have vertical autoscaling enabled.
    * The major use-cases of vertical autoscaling is to aggregate usage data across different runs of EMR Spark jobs to derive resource recommendations. For additional information see [Improve reliability and reduce costs of your Apache Spark workloads with vertical autoscaling on EMR on EKS](https://aws.amazon.com/blogs/big-data/improve-reliability-and-reduce-costs-of-your-apache-spark-workloads-with-vertical-autoscaling-on-amazon-emr-on-eks/)
* [Amazon EMR on EKS now supports self-hosted notebooks for managed endpoints](https://aws.amazon.com/about-aws/whats-new/2023/05/amazon-emr-eks-self-hosted-notebooks-managed-endpoints/)
    * EMR on EKS now lets customers control the notebook execution environment, decide where it runs, and change how to access it
* [Introducing Cedar, an open-source language for access control](https://aws.amazon.com/about-aws/whats-new/2023/05/cedar-open-source-language-access-control/)
    * With Cedar, you can express fine-grained permissions as easy-to-understand policies enforced in your applications, and decouple access control from your application logic
    * It supports RBAC and ABAC and follows a new verification-guided development process to give you high assurance of Cedar’s correctness and security
    * For additional information see, [How we built Cedar with automated reasoning and differential testing](https://www.amazon.science/blog/how-we-built-cedar-with-automated-reasoning-and-differential-testing) and [Using Open Source Cedar to Write and Enforce Custom Authorization Policies](https://aws.amazon.com/blogs/opensource/using-open-source-cedar-to-write-and-enforce-custom-authorization-policies/)

## AWS Blogs

* [How Condé Nast modernized its container platform on Amazon Elastic Kubernetes Service](https://aws.amazon.com/blogs/containers/how-conde-nast-modernized-its-container-platform-on-amazon-elastic-kubernetes-service/)
    * [case study] This post discusses how Condé Nast modernized their container platform with Amazon EKS to support their growth, improved operational efficiency, and developer experience
* [How Sentra manages data workflows using Amazon EKS, Dagster, and Karpenter to maximize cost-efficiency with minimal operational overhead](https://aws.amazon.com/blogs/containers/how-sentra-manages-data-workflows-using-amazon-eks-dagster-and-karpenter-to-maximize-cost-efficiency-with-minimal-operational-overhead/)
    * [case study] This post explains how [Sentra](https://www.sentra.io/) utilizes a combination of [Amazon EKS](https://aws.amazon.com/eks/), [Fargate](https://aws.amazon.com/fargate/), [Spot](https://aws.amazon.com/ec2/spot/), [Karpenter](https://karpenter.sh/), and an open-source version of [Dagster](https://dagster.io/), a cloud-native orchestrator, to run efficient and scalable data processing workloads on AWS
* [Start Pods faster by prefetching images](https://aws.amazon.com/blogs/containers/start-pods-faster-by-prefetching-images/)
    * For shorter pull times, it may be advantageous to pre-cache images onto your worker nodes. This post proposes a design that allows you to pre-pull images on nodes without managing additional infrastructure or Kubernetes resources
    * The solution uses AWS Systems Manager [State Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-state.html) to cache container images on nodes. To keep the cache current, the solution uses an event-driven architecture to update the cache as new images get pushed to the image registry. 
    * See also [Using eStargz to reduce container startup time on Amazon EKS](https://blog.realvarez.com/using-estargz-to-reduce-container-startup-time-on-amazon-eks/) and [Dragonfly](https://d7y.io/)
    * [Kubernetes 1.27: updates on speeding up Pod startup](https://kubernetes.io/blog/2023/05/15/speed-up-pod-startup/)

## New videos and webinars

* [A Case for SPIFFE & SPIRE - Software Identity Management](https://www.youtube.com/watch?v=wdK1Ldeqlm0)
* [Hands on with EKS Observability (2023) | Amazon EKS Workshop](https://www.youtube.com/watch?v=ajPe7HVypxg)
* [How To Build A Control Plane To Manage Kubernetes Clusters With kcp?](https://youtu.be/VVfO_2wZADU)

## Community news

* [The Global Home for Platform Engineers](https://platformengineering.org/)
* [eBPF Observability Tools Are Not Security Tools](https://www.brendangregg.com/blog/2023-04-28/ebpf-security-issues.html)
* [Capturing container packets from EKS worker nodes using tcpdump](https://kieranyio.medium.com/capturing-container-packets-from-eks-worker-nodes-using-tcpdump-fce901dff36d)
    * See also[Kubeshark](https://docs.kubeshark.co/en/introduction) and [Inspektor Gadget](https://www.inspektor-gadget.io/)
* [Official CVE Feed](https://kubernetes.io/docs/reference/issues-security/official-cve-feed/)
    * [Updates to the Auto-refreshing Official CVE Feed](https://kubernetes.io/blog/2023/04/25/k8s-cve-feed-beta/)

## Open source projects

* [Cedar Language](https://www.cedarpolicy.com/en)
* [kube-green](https://kube-green.dev/), An operator to reduce CO2 footprint of your clusters
* [KubeStellar](https://docs.kubestellar.io/), Mutlicluster Configuration Management for Edge, Multi-Cloud, and Hybrid Cloud
* [mirrord](https://mirrord.dev/), A tool that lets developers run local processes in the context of their cloud environment