In an earlier post I described how to use KinD to run EKS-Distro on your local machine. …

In December 2020, Amazon released EKS-Distro, a distribution of Kubernetes that can be run in variety of different environments, including on premises. This distribution has been battle tested by AWS and includes all of the security patches and updates that EKS uses, giving you secure, reproducible builds of Kubernetes. The…

Introduction Imagine you use an ECR private registry to store your Docker images and you’ve recently developed a piece of software that you’d like to distribute as an image to folks outside of your organization. Pushing the image to ECR public, or another public registry, is not an option because you…

When managed node groups was first introduced, it automated the provisioning of Kubernetes worker nodes and orchestrated the replacement of those nodes when a new version of the EKS optimized AMI was released. Months later, AWS added the ability to use your own custom AMI with managed node groups and…

At re:Invent 2019, AWS released EKS Fargate, a service that allows you to run serverless containers on Kubernetes. As part of the release, AWS built a custom scheduler, along with a set of webhooks to facilitate running pods on Fargate. The key to all this a new AWS resource known…

Introduction This walkthrough explains how to create an AWS role that members of an IAM group can assume. The assumed role is then mapped to a Kubernetes RBAC role in the aws-auth ConfigMap which allows the group members to perform a set of actions against the Kubernetes API, e.g. patch, get…

Update (3/11/20) kube-proxy no longer automatically cleans up network rules created by running kube-proxy in other modes. If you are switching the kube-proxy mode (EG: iptables to IPVS), you will need to run kube-proxy --cleanup, or restart the worker node (recommended) before restarting kube-proxy. …

This post was inspired by https://github.com/aws/amazon-vpc-cni-k8s/issues/331. Introduction The AWS VPC CNI has a feature known as custom networking that allows you assign IP addresses to pods from a secondary VPC CIDR range. Ordinarily, pods are assigned an IP addresses from the host’s subnet, but this can be problematic if there aren’t…

Elastic Container Service This blog describes a couple approaches you can use to migrate from Docker Cloud to Amazon Elastic Container Service (ECS) clusters. ECS is a managed container orchestration service from AWS that is responsible for managing cluster state and scheduling containers onto a fleet of container instances. It exposes an API…