AWS Open Source Blog

Tag: kubernetes

diagram: configure Gravitational’s (https://gravitational.com/) Teleport (https://gravitational.com/teleport/) as an authentication proxy for Amazon Elastic Kubernetes Service (Amazon EKS (https://aws.amazon.com/eks/)) using GitHub as the identity provider for authenticating users.

Authenticating to EKS Using GitHub Credentials with Teleport

This post describes how to configure Gravitational’s Teleport as an authentication proxy for Amazon Elastic Kubernetes Service (Amazon EKS), using GitHub as the identity provider for authenticating users. In this example, Teleport is installed onto a stand-alone EC2 instance and configured to use GitHub authentication to authenticate users identities. Once authenticated, the role assigned to […]

Read More
Setup of the centralized logging demo app

Centralized Container Logging with Fluent Bit

by Wesley Pettit and Michael Hausenblas AWS is built for builders. Builders are always looking for ways to optimize, and this applies to application logging. Not all logs are of equal importance. Some require real-time analytics, others simply need to be stored long-term so that they can be analyzed if needed. It’s therefore critical to […]

Read More
AWS + Kubernetes logos.

Using Pod Security Policies with Amazon EKS Clusters

You asked for it and with Kubernetes 1.13 we have enabled it:  Amazon Elastic Container Service for Kubernetes (EKS) now supports Pod Security Policies. In this post we will review what PSPs are, how to enable them in the Kubernetes control plane and how to use them, from both the cluster admin and the developer perspective. What is a Pod Security Policy and […]

Read More

Using the FSx for Lustre CSI Driver with Amazon EKS

中文版 – The Container Storage Interface (CSI) is a standard for exposing storage on top of container orchestrators such as Mesos or Kubernetes. CSI gives storage providers like AWS the opportunity to create a thin wrapper which will allow a Kubernetes cluster to automatically provision and manage the entire lifecycle of the storage class. Storage […]

Read More

Deploying the AWS IAM Authenticator to kops

This post is an updated version of Deploying the Heptio Authenticator to kops. Heptio Authenticator has since been donated to the Kubernetes Special Interest Group (SIG) AWS, allowing the project to be collaboratively worked on. Now, instead of needing to manually configure the Authenticator, you can use kops primitives to deploy automatically when a cluster […]

Read More

Using Open Policy Agent on Amazon EKS

中文版 – Open Policy Agent (OPA) is a Cloud Native Computing Foundation (CNCF) sandbox project designed to help you implement automated policies around pretty much anything, similar to the way the AWS Identity and Access Management (IAM) works. With OPA, you can write a very slimmed-down policy using a language called rego which is based […]

Read More
AWS + Kubernetes logos.

AWS Service Operator for Kubernetes Now Available 🚀

The AWS Service Operator is an open source project in developer preview which allows to you manage your AWS resources directly from Kubernetes using the standard Kubernetes CLI, kubectl. It does so by modeling AWS Services as Custom Resource Definitions (CRDs) in Kubernetes and applying those definitions to your cluster. This means that a developer can […]

Read More