Process and considerations while upgrading EKS control-plane to version 1.20

Overview

AWS recently released support for Amazon Kubernetes Service 1.20. This is so called “The Raddest Release”. With this release there are some new features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS. I have to say, that those EKS upgrades are becoming nice and smooth which is amazing.

In this release I will also implemented EKS Add-ons for kube-proxy and Core DNS so make…


Details of implementing and testing out a new feature of ECS Exec with Fargate containers.

Introduction

If you read any of my previous stories, you would know that I am a big Kubernetes fan. However, with my recent adventure, I am heavily utilising AWS ECS + Fargate. What comes with it is the full set of features which are ECS specific. One of those new features is ECS Exec. ECS Exec provides an ability for all Amazon ECS users including developers and operators to exec into a container running inside a task deployed on either Amazon EC2 or AWS Fargate.

I…


Sharing my experiences and knowledge around Terraform, Terraform Cloud and Terraform Registry while working with AWS deployments into Ireland, North Virginia and China.

Introduction

A little bit about me first, I am a Lead DevOps Engineer specialising in Cloud Native solutions. I primarily work with Kubernetes, however I am not against using solutions such as AWS ECS or AWS Fargate. I am a big fan of solutions offered by AWS cloud provider and I am also a certified solutions architect.

This story will focus on my experience around Terraform, Terraform Cloud and Terraform Registry, and well it works with AWS deployments…


Process and considerations while upgrading EKS control-plane to version 1.19

Overview

AWS recently released support for Amazon Kubernetes Service 1.19. With this release there are some new features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS. I have to say, that those EKS upgrades are becoming nice and smooth which is amazing.

If you are looking at

  • upgrading EKS from 1.15 to 1.16 then check out story
  • upgrading EKS from 1.16 to 1.17 …


Story details how to run kube-bench job against EKS cluster

Overview

Kube-bench is an open source project written in Go. This application checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. Entire project is available in github. Tests which are executed are configured with YAML files, and this makes kube-bench easy to update as test specifications evolve.

Security should be a a critical component of configuring and maintaining Kubernetes clusters and applications in any company. …


Setting up latest Mac instances on AWS

General

This is another story to test out the latest release of EC2 instances to see how it can be deployed in a managed way. For this purpose I used AWS CLI and Terraform.

Seeing Mac instances in AWS Cloud was a positive surprise, more details can be found in the official announcement. From my perspective I will be using such machine as Gitlab build runners, however, it will take some time to get them nicely implemented on top of the EC2 Mac instances.

Configuration


Consideration and configuration details to enable Security groups for pods in Kubernetes cluster

Overview

In this story I want to focus on a recently released feature called Security Groups for pods.

Pods are the smallest deployable units of computing that you can create and manage in Kubernetes. A pod is a group of one or more containers, with shared storage/network resources, and a specification for how to run the containers. On the other side we have AWS Security groups (SG). A security group acts as a virtual firewall for your instances to control inbound and outbound traffic. In our case, pod…


General

SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used to add encryption to legacy applications. It can also be used to implement VPNs (Virtual Private Networks) and access intranet services across firewalls.

SSH is a standard for secure remote logins and file transfers over untrusted networks. It also provides a way to secure the data traffic of any given application using port forwarding, basically tunneling any TCP/IP port over SSH. This means that the application data traffic is directed to flow inside an encrypted SSH connection so that it cannot…


Process and considerations while upgrading EKS control-plane to version 1.18

Overview

AWS recently released support for Amazon Kubernetes Service 1.18. With this release there are some new features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS.

If you are looking at upgrading EKS from 1.15 to 1.16 then check out my previous story. And for upgrades from 1.16 to 1.17 check out this story.

Kubernetes 1.18 features

  • Topology Manager has reached beta status. This feature allows the CPU…


Process and considerations while upgrading EKS control-plane to version 1.17

Overview

AWS recently released support for Amazon Kubernetes Service 1.17. With this release there are some great features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS.

If you are looking at upgrading EKS from 1.15 to 1.16 then check out my previous story.

Kubernetes 1.17 features

  • Cloud Provider Labels have reached general availability. If you are using the beta labels in your pod specs for features such as…

Marcin Cuber

Lead Software/Infrastructure/Devops Engineer and AWS Community Builder

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store