Tag: Linux

Run Amazon EKS on RHEL Worker Nodes with IPVS Networking

Introduction Amazon Elastic Kubernetes Services (Amazon EKS) provides excellent abstraction from managing the Kubernetes control plane and data plane nodes that are responsible for operating and managing a cluster. AWS offers managed Amazon Machine Images, or AMIs, for Amazon Linux 2, Bottlerocket, and Windows Server. Many customers have requirements, or simply prefer, to use Red […]

Using Windows Authentication with gMSA on Linux Containers on Amazon ECS

UPDATE: On July 17th 2023, AWS launched support for Windows authentication with gMSA on non-domain-joined (domainless) Amazon ECS Linux container instances. This blog post has been updated to cover both modes, making domainless mode the default. Introduction Today, we are announcing the availability of Credentials Fetcher integration with Amazon Elastic Container Service (Amazon ECS). This […]

Building Amazon Linux 2 CIS Benchmark AMIs for Amazon EKS

Building Amazon Linux 2 CIS Benchmark AMIs for Amazon EKS

Introduction The Center for Internet Security (CIS) Benchmarks are best practices for the secure configuration of a target system. They define various Benchmarks for Kubernetes control plane and the data plane. For Amazon EKS clusters, it is strongly recommended to follow the CIS Amazon EKS Benchmark. If the data plane of an Amazon EKS cluster uses Amazon Linux […]

Bottlerocket, A Year in the Life

With the recent launch of Bottlerocket support for Managed Node Groups in Amazon Elastic Kubernetes Service (Amazon EKS), I wanted to take the opportunity to talk about Bottlerocket and its features. At a previous point in my career, I was one of many engineers working on a commercial UNIX operating system. Linux established itself as […]

Introducing multi-architecture container images for Amazon ECR

Containers are a de facto standard in cloud application development and deployment. Publishing software in container images provides developers an integrated packaging solution, bundling software and all required dependencies into a portable image format. This image can then be run anywhere, abstracting away the infrastructure-specific aspects of deployment. However, the promise of running anywhere only […]