Skip to content

Ankur Pandita

IPv6 Only Amazon EKS Clusters using Rafay

As the demand for IP addresses continues to grow, the Internet is rapidly running out of available IPv4 addresses. This has led to the adoption of IPv6, which provides a much larger pool of IP addresses. By using IPv6, organizations can ensure that they have enough IP addresses for their containerized applications, without running into address exhaustion issues.

Our most recent release to our Preview environment adds support for the creation of IPv6 Only Amazon EKS Clusters. This update streamlines the process of establishing Amazon EKS clusters with IPv6 only configuration, making it easier for you to harness the advantages of IPv6 networking without dealing with complexities.

Streamline GuardDuty Add-on Management for Amazon EKS Clusters

As the threat landscape for Kubernetes environments continues to evolve, it is essential to take steps to continuously monitor your clusters for malicious activity. As part of security best practices for EKS, it is critical for organizations to implement a solution for continuously monitoring EKS runtimes, analyzing EKS audit logs, scanning for malware and other suspicious activity. Guardduty uses continuously updated threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalation of privileges, use of exposed credentials, or communication with malicious IP addresses, domains, presence of malware on your Amazon EC2 instances and EKS container workloads, or discovery of suspicious API activity.

GuardDuty provides an EKS managed add-on that helps you detect and respond to threats by continuously monitoring your EKS clusters. With Rafay Platform, you can easily configure and manage GuardDuty for your EKS clusters, and monitor its findings from the AWS Console.

Streamlining AMI Updates for Worker Nodes in Amazon EKS Clusters

Imagine this scenario: your clusters, the backbone of your infrastructure, are currently running worker nodes based on an older AMI version. An alarming email from the security team informs you that the AMI ID being used has serious security vulnerabilities. The urgency to address issues like this becomes paramount because these pose a direct threat to the integrity and security of your infrastructure.

Critical security issues like this call for the ability for quick action. How can nodes across all clusters be updated quickly?

Scenarios like this are exactly why we have invested heavily in developing the Fleet Plans functionality. This can help you identify and update all of the impacted worker nodes in various clusters smoothly in this situation.

sequenceDiagram
    autonumber
    participant admin as Admin
    participant rafay as Rafay

    rect rgb(191, 223, 255)
    Note over admin,rafay: Upgrades of Insecure AMIs
    admin->>rafay: Identify Impacted EKS Clusters <br> (Input = AMI ID)
    admin->>rafay: Create Fleet Plan <br> (Impacted Clusters)
    admin->>rafay: Execute Fleet Plan
    admin->>rafay: Verify all EKS clusters <br>in fleet are using new AMI
    end

Upgrade Strategies for Your Rafay MKS Cluster

In the past, there was only one way to upgrade your Rafay provisioned upstream Kubernetes cluster. The worker nodes were upgrade sequentially one worker node at a time. For large clusters with 100s of worker nodes, upgrades can take a very long time. In this blog, we will describe optimizations we have incorporated in our August 2023 release to allow users to configure faster upgrades. We now offer two ways to upgrade, and you have the freedom to choose the one that suits you best.

Upgrade strategies

AWS Cross Account Support for EKS LCM in Rafay

Our recent release update in July to our Preview environment adds support for a number of new features and enhancements. This blog is focused on Cross Account Role ARN Support for Amazon EKS.

In July 2023, Rafay introduced a new feature to its Kubernetes Operations Platform: Cross Account Role ARN support for Amazon Elastic Kubernetes Service (EKS). This feature is designed to cater organizations that operate multiple AWS accounts, providing a seamless and efficient way to manage EKS clusters across these accounts. In this blog post, we'll delve into the significance of this enhancement, explore its use cases, and understand how it simplifies EKS cluster management across multiple AWS accounts.

Cross Account Support

Understanding Component Upgrades in an Upstream Rafay MKS Cluster

Upgrading a Kubernetes cluster is a crucial process that ensures your infrastructure stays up-to-date with the latest features, bug fixes, and security patches. As part of this process, several components within the cluster undergo upgrades.

In this blog post, we will explore the components that typically get upgraded during a cluster upgrade and highlight some of the periodic upgrades that both Cloud Service Providers (CSPs) and Rafay undertakes to enhance cluster performance and stability.