Containers
ICYMI: Container Day EU
In case you missed it, on August 17th, at the first ever virtual KubeCon, AWS held our day zero event, Container Day. The day covered technical deep dives, product demos, and launches all on how Amazon EKS makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. If you weren’t able to join us on the 17th, slides and records are available on-demand!
Keynote
Bob Wise, GM of Kubernetes
Amazon EKS Roadmap & Vision
Nathan Taber, Sr Product Manager, Amazon EKS
Kubernetes is being rapidly adopted by organizations to help simplify how they deploy and manage their applications across cloud and on-premises environments. With Amazon EKS, AWS offers customers a highly-reliable, scalable, and fully-managed Kubernetes service that makes it easy to migrate to or scale on Kubernetes. In this session, Nathan Taber, Sr. Product Manager for Amazon EKS will cover the vision and plan for how AWS is innovating its flagship Kubernetes service to simplify managing Kubernetes in production, help customers adopt Kubernetes throughout their organizations, and enable new workloads.
AWS Controllers for Kubernetes: The AWS universe of services, now Kubeified!
Jay Pipes, Principal Open Source Engineer, Kubernetes
Do you love the Kubernetes API and user experience? Do you love declaratively defining your application as a Deployment or Daemonset, a Service, and maybe an Ingress manifest, and letting the magic of Kubernetes handle the orchestration of your application deployment?
We do too!
Until now, if you had some dependencies on an AWS managed service resources — an S3 Bucket, an SNS Topic, a DynamoDB Table, etc — you needed to use a tool like Terraform or CloudFormation to manage the creation and life-cycle of those resource dependencies.
However, with AWS Controllers for Kubernetes (ACK), you can now define your application’s AWS managed service resources using your cozy Kubernetes API and manifests! No need to use a different configuration system or log into the AWS Console!
Come learn about the design of the AWS Controllers for Kubernetes, what features this new project provides, and the roadmap for service integration over the coming months.
Kubernetes Networking on AWS
Mike Stefaniak, Sr Product Manager, Amazon EKS
Mastering networking in Kubernetes requires a deep understanding multiple concepts including DNS, routing, iptables, and network policies, and even the most experienced practitioners can find it challenging to understand exactly how all the pieces fit together.
In this session, we’ll delve into the unique approach AWS has taken to simplify Kubernetes networking. Learn how exposing VPC native networking into Kubernetes clusters improves application performance and removes complexities from network configuration.
Application Networking on Service Mesh,
Shubha Rao, Principal Product Manager, App Mesh
AWS App Mesh provides service mesh features to Kubernetes service, provided using Envoy proxies and App Mesh controllers for Kubernetes. This session covers use cases, recent launches, and the upcoming roadmap for AWS App Mesh.
AWS Inferentia on Amazon EKS
Mike Stefaniak, Sr Product Manager, Amazon EKS
In deep learning applications, inference accounts for up to 90% of total operational costs, and applications can benefit from infrastructure optimized to execute machine learning algorithms. Inferentia is a custom built chip by AWS that delivers high performance and the lowest cost machine learning inference in the cloud.
In this session, we’ll walk through Amazon EKS support for AWS Inferentia, and how Kubernetes makes it easy to combine multiple Inferentia devices to run high performance and cost-effective inference workloads at scale.
Saying Goodbye to YAML Engineering with the CDK for Kubernetes
Nathan Taber, Sr Product Manager, Amazon EKS
Eli Polonsky, Software Development Engineer, CDK
The CDK for Kubernetes (cdk8s) is a new open-source software development framework for defining Kubernetes applications and resources using familiar programming languages.
In this session, we will show you how to define your first cdk8s application, define reusable components called “constructs” and generally say goodbye (and thank you very much) to writing in YAML. We’ll also introduce our construct library cdk8s+ and show you how you can accelerate application development and adoption using cdk8s for any Kubernetes cluster.
Customizing Managed Node Groups
Jesse Butler, Senior Developer Advocate
Managed Node Groups provide for automated provisioning and lifecycle management of nodes within Amazon EKS clusters. This means the responsibility of instance provisioning and node upgrade tasks falls on EKS. While this feature solves a number of problems, until now it has been limited regarding configuration options and customizations for your nodes.
In this session, we’ll demonstrate the use of Launch Templates and Custom AMIs for Managed Node Groups. Launch templates provide a declarative method for specifying EC2 instance configuration, including user data and base environment modifications. For deeper customization requirements, custom AMIs are now supported as well, establishing a full range of customization options for use with managed node groups.
Bottlerocket: an Open Source Container Host OS
Justin Haynes, Software Development Manager
More workloads are moving to orchestrated containers every day. Initially, this was business line applications and the management of the compute and storage was handled separately. As more and more features are added to orchestrators or provided as containerized solutions by third parties, the underlying operating system that runs your containers can become very focused.
This is why we built Bottlerocket. It has just enough software to start OCI containers, we can harden it in many ways that are very difficult on a traditional OS and we can provide pre-validated updates that move from a known working state to a new state and rollback if needed. Bottlerocket is open source on github and has been designed to be modular so it can be extended to work on prem, in a hybrid cloud scenario and with many combinations of software.
CloudWatch Container Insights now monitors Prometheus Metrics
Sudeeptha Jothiprakash, Principal Product Manager, Cloudwatch
You can use Amazon CloudWatch to monitor Prometheus metrics from Amazon Elastic Kubernetes Service (EKS) and Kubernetes clusters, now available in beta. With this new feature, DevOps teams can automatically discover services for containerized workloads such as AWS App Mesh, NGINX, HAProxy, Memcache, and Java/JMX, and use Automatic Dashboards that visualize the health of these workloads. The new Container Insights console experience also provides the ability to manage resources and visualize the hierarchy of your containerized applications.
Persistent File Storage for Amazon EKS with Amazon EFS
Will Ochandarena, Principal Product Manager, EFS
Containerizing applications that require data persistence or shared storage is often challenging since containers are ephemeral in nature, are scaled in and out dynamically, and typically clear any saved state when terminated. In this session you will learn about Amazon Elastic File System (EFS), a fully managed, elastic, highly-available, scalable, secure, high-performance, cloud native, shared file system that enables data to be persisted separately from compute for your Amazon Elastic Kubernetes Service (EKS) deployments. You’ll gain an understanding of the EFS Container Storage Interface (CSI) driver, and how it simplifies configuring elastic file storage for Kubernetes clusters.
Running Arm Nodes with AWS Graviton on Amazon EKS
Michael Hausenblas, Sr Developer Advocate
A primary goal of running containers is to improve the cost efficiency for your applications. AWS Graviton2 processors deliver a major leap in performance and capabilities as well as significant cost savings. In this talk we will cover what you need to know to start using AWS Graviton2 instances with your Amazon EKS clusters. We will discuss good practices for writing and operating multi-architecture applications as well as add-ons.
Security Best Practices for Amazon EKS
Jeremy Cowan, Principal Solutions Architect, Containers
Containers provide a convenient mechanism for packaging and deploying applications. It also changes the way the you secure your environment in significant ways. As you explore moving to containers you are likely to discover that security software originally designed to run on hosts is no longer applicable in a containerized environment. A new set of best practices are necessary to account for the changes that containers bring. This session will review the essential best practices and features available within Kubernetes and EKS to secure your containerized environments.
CIS Amazon EKS Benchmark
Paavan Mistry, Sr Developer Advocate
CIS EKS Benchmark allows customers to conform to security configuration good practices aligned with CIS Kubernetes Benchmark for their Amazon EKS clusters. In this session, we gain understanding of the recently released benchmark and get hands-on with Kubernetes security configuration assessment against an EKS cluster using an open-source tool – kube-bench – and review the node security report.
Amazon EKS and AWS Fargate: Better Together
Massimo Re Ferre, Principal Developer Advocate
In this brief demo-led session we are going to show you how it is possible to use EKS and Fargate together. The combination of EKS and Fargate allows you to move away from managing infrastructure resources. In fact, EKS provides a robust fully managed Kubernetes control plane while Fargate, an AWS managed serverless environment for containers, allows you to focus on deploying your Kubernetes pods rather than having to size, scale, manage and life-cycle your Kubernetes worker nodes. This session will introduce these concepts and will show how you can use the two services together.