Containers

ICYMI: Container Day EU

In case you missed it, on August 17th, at the first ever virtual KubeCon, AWS held our day zero event, Container Day. The day covered technical deep dives, product demos, and launches all on how Amazon EKS makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. If you weren’t able to join us on the 17th, slides and records are available on-demand!

Keynote

Bob Wise, GM of Kubernetes

Recording

Amazon EKS Roadmap & Vision

Nathan Taber, Sr Product Manager, Amazon EKS

Kubernetes is being rapidly adopted by organizations to help simplify how they deploy and manage their applications across cloud and on-premises environments. With Amazon EKS, AWS offers customers a highly-reliable, scalable, and fully-managed Kubernetes service that makes it easy to migrate to or scale on Kubernetes. In this session, Nathan Taber, Sr. Product Manager for Amazon EKS will cover the vision and plan for how AWS is innovating its flagship Kubernetes service to simplify managing Kubernetes in production, help customers adopt Kubernetes throughout their organizations, and enable new workloads.

Slides | Recording

AWS Controllers for Kubernetes: The AWS universe of services, now Kubeified!

Jay Pipes, Principal Open Source Engineer, Kubernetes

Do you love the Kubernetes API and user experience? Do you love declaratively defining your application as a Deployment or Daemonset, a Service, and maybe an Ingress manifest, and letting the magic of Kubernetes handle the orchestration of your application deployment?

We do too!

Until now, if you had some dependencies on an AWS managed service resources — an S3 Bucket, an SNS Topic, a DynamoDB Table, etc — you needed to use a tool like Terraform or CloudFormation to manage the creation and life-cycle of those resource dependencies.

However, with AWS Controllers for Kubernetes (ACK), you can now define your application’s AWS managed service resources using your cozy Kubernetes API and manifests! No need to use a different configuration system or log into the AWS Console!

Come learn about the design of the AWS Controllers for Kubernetes, what features this new project provides, and the roadmap for service integration over the coming months.

Recording

Kubernetes Networking on AWS

Mike Stefaniak, Sr Product Manager, Amazon EKS

Mastering networking in Kubernetes requires a deep understanding multiple concepts including DNS, routing, iptables, and network policies, and even the most experienced practitioners can find it challenging to understand exactly how all the pieces fit together.

In this session, we’ll delve into the unique approach AWS has taken to simplify Kubernetes networking. Learn how exposing VPC native networking into Kubernetes clusters improves application performance and removes complexities from network configuration.

Slides | Recording

Application Networking on Service Mesh,

Shubha Rao, Principal Product Manager, App Mesh

AWS App Mesh provides service mesh features to Kubernetes service, provided using Envoy proxies and App Mesh controllers for Kubernetes. This session covers use cases, recent launches, and the upcoming roadmap for AWS App Mesh.

Slides | Recording

AWS Inferentia on Amazon EKS

Mike Stefaniak, Sr Product Manager, Amazon EKS

In deep learning applications, inference accounts for up to 90% of total operational costs, and applications can benefit from infrastructure optimized to execute machine learning algorithms. Inferentia is a custom built chip by AWS that delivers high performance and the lowest cost machine learning inference in the cloud.

In this session, we’ll walk through Amazon EKS support for AWS Inferentia, and how Kubernetes makes it easy to combine multiple Inferentia devices to run high performance and cost-effective inference workloads at scale.

Slides | Recording

Saying Goodbye to YAML Engineering with the CDK for Kubernetes

Nathan Taber, Sr Product Manager, Amazon EKS

Eli Polonsky, Software Development Engineer, CDK

The CDK for Kubernetes (cdk8s) is a new open-source software development framework for defining Kubernetes applications and resources using familiar programming languages.

In this session, we will show you how to define your first cdk8s application, define reusable components called “constructs” and generally say goodbye (and thank you very much) to writing in YAML. We’ll also introduce our construct library cdk8s+ and show you how you can accelerate application development and adoption using cdk8s for any Kubernetes cluster.

Slides | Recording

Customizing Managed Node Groups

Jesse Butler, Senior Developer Advocate

Managed Node Groups provide for automated provisioning and lifecycle management of nodes within Amazon EKS clusters. This means the responsibility of instance provisioning and node upgrade tasks falls on EKS. While this feature solves a number of problems, until now it has been limited regarding configuration options and customizations for your nodes.

In this session, we’ll demonstrate the use of Launch Templates and Custom AMIs for Managed Node Groups. Launch templates provide a declarative method for specifying EC2 instance configuration, including user data and base environment modifications. For deeper customization requirements, custom AMIs are now supported as well, establishing a full range of customization options for use with managed node groups.

Slides | Recording

Bottlerocket: an Open Source Container Host OS

Justin Haynes, Software Development Manager

More workloads are moving to orchestrated containers every day. Initially, this was business line applications and the management of the compute and storage was handled separately. As more and more features are added to orchestrators or provided as containerized solutions by third parties, the underlying operating system that runs your containers can become very focused.

This is why we built Bottlerocket. It has just enough software to start OCI containers, we can harden it in many ways that are very difficult on a traditional OS and we can provide pre-validated updates that move from a known working state to a new state and rollback if needed. Bottlerocket is open source on github and has been designed to be modular so it can be extended to work on prem, in a hybrid cloud scenario and with many combinations of software.

Slides | Recording

CloudWatch Container Insights now monitors Prometheus Metrics

Sudeeptha Jothiprakash, Principal Product Manager, Cloudwatch

You can use Amazon CloudWatch to monitor Prometheus metrics from Amazon Elastic Kubernetes Service (EKS) and Kubernetes clusters, now available in beta. With this new feature, DevOps teams can automatically discover services for containerized workloads such as AWS App Mesh, NGINX, HAProxy, Memcache, and Java/JMX, and use Automatic Dashboards that visualize the health of these workloads. The new Container Insights console experience also provides the ability to manage resources and visualize the hierarchy of your containerized applications.

Slides | Recording

Persistent File Storage for Amazon EKS with Amazon EFS

Will Ochandarena, Principal Product Manager, EFS

Containerizing applications that require data persistence or shared storage is often challenging since containers are ephemeral in nature, are scaled in and out dynamically, and typically clear any saved state when terminated. In this session you will learn about Amazon Elastic File System (EFS), a fully managed, elastic, highly-available, scalable, secure, high-performance, cloud native, shared file system that enables data to be persisted separately from compute for your Amazon Elastic Kubernetes Service (EKS) deployments. You’ll gain an understanding of the EFS Container Storage Interface (CSI) driver, and how it simplifies configuring elastic file storage for Kubernetes clusters.

Slides | Recording

Running Arm Nodes with AWS Graviton on Amazon EKS

Michael Hausenblas, Sr Developer Advocate

A primary goal of running containers is to improve the cost efficiency for your applications. AWS Graviton2 processors deliver a major leap in performance and capabilities as well as significant cost savings. In this talk we will cover what you need to know to start using AWS Graviton2 instances with your Amazon EKS clusters. We will discuss good practices for writing and operating multi-architecture applications as well as add-ons.

Slides | Recording

Security Best Practices for Amazon EKS 

Jeremy Cowan, Principal Solutions Architect, Containers

Containers provide a convenient mechanism for packaging and deploying applications. It also changes the way the you secure your environment in significant ways. As you explore moving to containers you are likely to discover that security software originally designed to run on hosts is no longer applicable in a containerized environment. A new set of best practices are necessary to account for the changes that containers bring. This session will review the essential best practices and features available within Kubernetes and EKS to secure your containerized environments.

Slides | Recording

CIS Amazon EKS Benchmark

Paavan Mistry, Sr Developer Advocate

CIS EKS Benchmark allows customers to conform to security configuration good practices aligned with CIS Kubernetes Benchmark for their Amazon EKS clusters. In this session, we gain understanding of the recently released benchmark and get hands-on with Kubernetes security configuration assessment against an EKS cluster using an open-source tool – kube-bench – and review the node security report.

Slides | Recording

Amazon EKS and AWS Fargate: Better Together

Massimo Re Ferre, Principal Developer Advocate

In this brief demo-led session we are going to show you how it is possible to use EKS and Fargate together. The combination of EKS and Fargate allows you to move away from managing infrastructure resources. In fact, EKS provides a robust fully managed Kubernetes control plane while Fargate, an AWS managed serverless environment for containers, allows you to focus on deploying your Kubernetes pods rather than having to size, scale, manage and life-cycle your Kubernetes worker nodes. This session will introduce these concepts and will show how you can use the two services together.

Slides | Recording