Category: Containers

Introduction As containers move to cloud native production environments, DevOps and security teams increasingly look to deploy DevSecOps pipelines that provide automated real-time visibility into container activity, restrict container access to host and network resources and detect and prevent exploits and attacks on running containers. In this blog post, we implement a solution that demonstrates […]

With Amazon Elastic Kubernetes Service (EKS), you have the choice to run Kubernetes pods on EC2 instances or AWS Fargate. AWS Fargate, a serverless compute engine for containers, allows you to run Kubernetes workloads without creating and managing servers, scaling your data plane, right-sizing EC2 instances, or dealing with worker nodes upgrades. Fargate, thus far, […]

Docker Hub has recently updated its terms of service to introduce rate limits for container image pulls. While these limits don’t apply to accounts under a Pro or Team plan, anonymous users are limited to 100 pulls per 6 hours per IP address, and authenticated free accounts are limited to 200 pulls per 6 hours. […]

Originally, containers were a great fit for stateless applications. However, for many use cases there is a need for persistent storage, without which stateful workloads are not possible. Kubernetes first introduced support for stateful workloads with in-tree volume plugins, meaning that the plugin code was part of the core Kubernetes code and shipped with the […]

This post is contributed by Raj Seshadri and Jimmy Ray As containers are used in cloud native production environments, DevOps and security teams need to gain real-time visibility into container activity, restrict container access to host and network resources, and detect and prevent exploits and attacks on running containers. Kyverno is a policy engine for […]

Recently, we announced features to improve the configuration and metric gathering experience of your tasks deployed via AWS Fargate for Amazon ECS. Based off of customer feedback, we added the following features: Environment file support Deeper integration with AWS Secrets Manager using secret versions and JSON keys More granular network metrics, as well as additional […]

With AWS customers adopting AWS App Mesh with Amazon ECS and Amazon EKS, we have seen them with the following request on multiple occasions. This post will demonstrate the mechanism of getting metrics from Envoy to CloudWatch. “We have adopted AWS App Mesh as a service mesh solution for application-level networking for our micro services […]

Today, many customers are adopting microservices to develop software faster, enable innovation, and accelerate the time-to-market for new features and products. The microservices approach is the implementation of small independent pieces of software that address specific business needs and communicate over well-defined APIs. In order to implement this development model, larger organizations are changing the […]

Michael Brown and Michael Hausenblas Replicating container images across regions in Amazon Elastic Container Registry (ECR) automatically has been one of the most asked features and we’re glad to be able to share the good news with you: it has landed. Where previously you had to implement the replication yourself you can now leave the […]

AWS X-Ray is a managed distributed tracing system that helps customers gain end-to-end visibility of requests and provides rich visualization of connected services. This post will show how customers can integrate AWS X-Ray as a backend for Zipkin traces generated from services in a Istio service mesh.