Welcome to Containerd and goodbye to Dockerd. Process and considerations while upgrading EKS control-plane to version 1.21

Overview

Welcome to AWS EKS 1.21 upgrade guide. In version 1.20, Kubernetes deprecated Dockershim, which allowed Kubernetes to use Docker as a container runtime. Docker is still fully functional, but we should be migrating away from it asap. Essentially, Kubernetes users need to migrate to a different container runtime before support is removed in a future Kubernetes release.

With AWS latest release of EKS 1.21 we can finally make use of containerd as a runtime. Latest Amazon Linux 2 EKS optimized AMI images come…

True story behind AWS EKS (Kubernetes) add-ons; VPC CNI plugin, Kube-proxy and CoreDNS

Introduction

Reading this story, you should probably know by now what is AWS EKS. EKS is a managed Kubernetes service were Amazon Web Services is responsible for the entire control-plane. Amazon EKS is a fully managed service that makes it easy for you to run Kubernetes on AWS without needing to be an expert in managing Kubernetes clusters.

The feature we are going to concentrate on today is EKS add-ons. AWS guys are claiming that this is a major step forward to provide fully managed Kubernetes clusters. EKS…

Process and considerations while upgrading EKS control-plane to version 1.20

Overview

AWS recently released support for Amazon Kubernetes Service 1.20. This is so called “The Raddest Release”. With this release there are some new features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS. I have to say, that those EKS upgrades are becoming nice and smooth which is amazing.

In this release I will also implemented EKS Add-ons for kube-proxy and Core DNS so make…

Details of implementing and testing out a new feature of ECS Exec with Fargate containers.

Introduction

If you read any of my previous stories, you would know that I am a big Kubernetes fan. However, with my recent adventure, I am heavily utilising AWS ECS + Fargate. What comes with it is the full set of features which are ECS specific. One of those new features is ECS Exec. ECS Exec provides an ability for all Amazon ECS users including developers and operators to exec into a container running inside a task deployed on either Amazon EC2 or AWS Fargate.

I…

Sharing my experiences and knowledge around Terraform, Terraform Cloud and Terraform Registry while working with AWS deployments into Ireland, North Virginia and China.

Introduction

A little bit about me first, I am a Lead DevOps Engineer specialising in Cloud Native solutions. I primarily work with Kubernetes, however I am not against using solutions such as AWS ECS or AWS Fargate. I am a big fan of solutions offered by AWS cloud provider and I am also a certified solutions architect.

This story will focus on my experience around Terraform, Terraform Cloud and Terraform Registry, and well it works with AWS deployments…

Process and considerations while upgrading EKS control-plane to version 1.19

Overview

AWS recently released support for Amazon Kubernetes Service 1.19. With this release there are some new features introduced and there are not too many deprecated options. In this post I will go through the services that are a must to check and upgrade if necessary before even thinking of upgrading EKS. I have to say, that those EKS upgrades are becoming nice and smooth which is amazing.

If you are looking at

  • upgrading EKS from 1.15 to 1.16 then check out story
  • upgrading EKS from 1.16 to 1.17 …

Story details how to run kube-bench job against EKS cluster

Overview

Kube-bench is an open source project written in Go. This application checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. Entire project is available in github. Tests which are executed are configured with YAML files, and this makes kube-bench easy to update as test specifications evolve.

Security should be a a critical component of configuring and maintaining Kubernetes clusters and applications in any company. …

Setting up latest Mac instances on AWS

General

This is another story to test out the latest release of EC2 instances to see how it can be deployed in a managed way. For this purpose I used AWS CLI and Terraform.

Seeing Mac instances in AWS Cloud was a positive surprise, more details can be found in the official announcement. From my perspective I will be using such machine as Gitlab build runners, however, it will take some time to get them nicely implemented on top of the EC2 Mac instances.

Configuration

Consideration and configuration details to enable Security groups for pods in Kubernetes cluster

Overview

In this story I want to focus on a recently released feature called Security Groups for pods.

Pods are the smallest deployable units of computing that you can create and manage in Kubernetes. A pod is a group of one or more containers, with shared storage/network resources, and a specification for how to run the containers. On the other side we have AWS Security groups (SG). A security group acts as a virtual firewall for your instances to control inbound and outbound traffic. In our case, pod…

General

SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used to add encryption to legacy applications. It can also be used to implement VPNs (Virtual Private Networks) and access intranet services across firewalls.

SSH is a standard for secure remote logins and file transfers over untrusted networks. It also provides a way to secure the data traffic of any given application using port forwarding, basically tunneling any TCP/IP port over SSH. This means that the application data traffic is directed to flow inside an encrypted SSH connection so that it cannot…

Marcin Cuber

Lead Software/Infrastructure/Devops Engineer and AWS Community Builder

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store