Category: Technical How-to

Introduction Amazon Elastic Kubernetes Service (Amazon EKS) is a managed container service to run and scale Kubernetes applications in the cloud or on-premises. Kubernetes Ingress is an API resource that allows you manage external or internal HTTP(S) access to Kubernetes services running in a cluster. The AWS Load Balancer Controller in Amazon EKS creates Application […]

Per Microsoft documentation: Windows-based networks commonly use Active Directory (AD) to facilitate authentication and authorization between users, computers, and other network resources. Enterprise application developers often design their apps to be AD-integrated and run on domain-joined servers to take advantage of Integrated Windows Authentication, which makes it easy for users and other services to automatically […]

Introduction Currently, customers are given two main options for end users to access Amazon Elastic Kubernetes Service (Amazon EKS) clusters when using utilities like kubectl – AWS Identity and Access Management (AWS IAM), or OpenID Connect (OIDC). However, some customers leverage X.509 certificates to authenticate their end-users for access to Amazon EKS clusters, especially those […]

Introduction Image source: https://ipfscluster.io/ IPFS (InterPlanetary File System) is a popular decentralized storage solution used for many use cases like decentralized applications, p2p data sharing, or immutable file systems. For more usage ideas see these examples. IPFS Cluster is another application that runs alongside IPFS and provides data orchestration across a swarm of IPFS daemons […]

Introduction Amazon Elastic Kubernetes Service (Amazon EKS) managed node groups automate the provisioning and lifecycle management of Kubernetes nodes (Amazon Elastic Compute Cloud (Amazon EC2) instances) for Amazon EKS Kubernetes clusters. Managed nodes are provisioned as part of an Amazon EC2 Auto Scaling group that’s managed for you by Amazon EKS. Amazon EKS doesn’t enable […]

Introduction The Center for Internet Security (CIS) Benchmarks are best practices for the secure configuration of a target system. They define various Benchmarks for Kubernetes control plane and the data plane. For Amazon EKS clusters, it is strongly recommended to follow the CIS Amazon EKS Benchmark. If the data plane of an Amazon EKS cluster uses Amazon Linux […]

Introduction Customers are moving to cloud thanks to its scalability and cost-effectiveness. Some are adopting Kubernetes to modernize their workloads for a more agile way to iterate and deliver time-to-market services or product features to their customers. As the number of clusters to be managed increases, customers struggle with different deployment mechanisms and application programming […]

Introduction Securely adopting Kubernetes includes preventing unwanted changes to clusters. Unwanted changes can disrupt cluster operations and even compromise cluster integrity. Introducing pods that lack correct security configurations is an example of an unwanted cluster change. To control pod security, Kubernetes provided Pod Security Policy (PSP) resources. PSPs specify a set of security settings that […]

Introduction Bottlerocket is a security focused operating system (OS) image that provides out-of-the-box security options to protect host or worker nodes. While Bottlerocket is useful, the security of the pods and the containers is still the responsibility of the application developer or provider. KubeArmor, a CNCF (Cloud Native Computing Foundation) sandbox project, is a runtime […]

Updated Oct. 19, 2022: Amazon ECR’s Enhanced Scanning, powered by AWS Inspector, now supports scanning zstd compressed container images AWS Fargate is a serverless compute engine for containerized workloads running on Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS). Once a containerized workload has been scheduled by a container orchestrator, […]