Skip to content

Product Blog

Streamlining AMI Updates for Worker Nodes in Amazon EKS Clusters

Imagine this scenario: your clusters, the backbone of your infrastructure, are currently running worker nodes based on an older AMI version. An alarming email from the security team informs you that the AMI ID being used has serious security vulnerabilities. The urgency to address issues like this becomes paramount because these pose a direct threat to the integrity and security of your infrastructure.

Critical security issues like this call for the ability for quick action. How can nodes across all clusters be updated quickly?

Scenarios like this are exactly why we have invested heavily in developing the Fleet Plans functionality. This can help you identify and update all of the impacted worker nodes in various clusters smoothly in this situation.

sequenceDiagram
    autonumber
    participant admin as Admin
    participant rafay as Rafay

    rect rgb(191, 223, 255)
    Note over admin,rafay: Upgrades of Insecure AMIs
    admin->>rafay: Identify Impacted EKS Clusters <br> (Input = AMI ID)
    admin->>rafay: Create Fleet Plan <br> (Impacted Clusters)
    admin->>rafay: Execute Fleet Plan
    admin->>rafay: Verify all EKS clusters <br>in fleet are using new AMI
    end

In-place Upgrades to Amazon EKS v1.27 Clusters using Rafay

In our recent release, we added support for in-place upgrades of your EKS clusters provisioning based on Kubernetes v1.27.

Our customers have shared with us that they would like to provision new EKS clusters using new Kubernetes versions so that they do not have to plan/schedule for Kubernetes upgrades for these clusters right away. As a result, we generally introduce support for new cluster provisioning for the new Kubernetes version first and then follow up with support for zero touch in-place upgrades.

Note

Organizations that wish to perform sophisticated checks for API deprecation etc are strongly recommended to use Rafay's Fleet Operations for Amazon EKS.

Kubernetes v1.28 for Rafay MKS

Our recent release update adds support for a number of new features and enhancements. This blog is focused on support for Kubernetes v1.28 with Rafay MKS (i.e. upstream Kubernetes for bare metal and VM based environments).

Both new cluster provisioning and in-place upgrades of existing clusters are supported. As with most Kubernetes releases, this version also deprecates and removes a number of features. To ensure there is zero impact to our customers, we have made sure that every feature in the Rafay Kubernetes Operations Platform has been validated on this Kubernetes version.

Kubernetes v1.28 Release

Monitoring Kubernetes Environments using Rafay

Rafay is a Kubernetes management platform that enables platform teams automate the entire lifecycle of K8s clusters, including provisioning, scaling, upgrading, and monitoring. For companies that are embracing a multi-cloud approach, visibility and effective monitoring of clusters require use of disparate tools. Rafay provides various tools and features to centralize manage the cluster estate and track the performance, health, and resource utilization of your Kubernetes clusters and workloads.

Here are some key aspects of Rafay's monitoring solution:

Provision New AKS v1.27 Clusters using Rafay

Azure recently added support for Kubernetes v1.27 for AKS clusters. Customers can now use Rafay to provision new AKS clusters based on Kubernetes v1.27 as well.

This version of AKS was Generally Available (GA) starting July 2023 and go end of life in July 2024 i.e. with a 12 month support runway.

Kubernetes v1.27

Note

Customers have shared with us that they would like to provision new AKS clusters based on new Kubernetes versions so that they do not have to plan/schedule for Kubernetes upgrades for these clusters right away. For the last few releases, we have introduced support for new cluster provisioning for the new Kubernetes version first and then follow up with support for zero touch in-place upgrades.

Optimizing Amazon's VPC CNI for your EKS Clusters Made Easy with Rafay

Amazon Elastic Kubernetes Service (EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. Kubernetes clusters require a Container Network Interface (CNI) that is responsible for cluster networking. One of the options available with EKS is the Amazon VPC CNI, which allows your Kubernetes Pods to utilize IP Addresses defined within your VPCs Subnets. While this provides more control and flexibility to businesses, it also comes with its own set of challenges.

While the benefits of managing and customizing the Amazon VPC CNI on EKS are significant, it’s important to note that the process can be challenging and time consuming, particularly if you lack experience with kubernetes or Amazon's VPC and its resources.

This is where Rafay’s EKS integration can come in handy. In this blog, we'll explore how Rafay’s Platform can address pain points and simplify the management process.


Upgrade Strategies for Your Rafay MKS Cluster

In the past, there was only one way to upgrade your Rafay provisioned upstream Kubernetes cluster. The worker nodes were upgrade sequentially one worker node at a time. For large clusters with 100s of worker nodes, upgrades can take a very long time. In this blog, we will describe optimizations we have incorporated in our August 2023 release to allow users to configure faster upgrades. We now offer two ways to upgrade, and you have the freedom to choose the one that suits you best.

Upgrade strategies

CIS Benchmark for Kubernetes using Rafay

The Center for Internet Security (CIS) benchmark for Kubernetes consists of secure configuration guidelines especially for Kubernetes infrastructure set-up. These benchmarks encapsulate best practice security recommendations for configuring Kubernetes to support a strong security posture. The CIS Kubernetes Benchmark is written for the open source, upstream Kubernetes distribution and intended to be as universally applicable across distributions as possible.

In this blog, we describe how our customers perform CIS benchmark scans of their fleet of Kubernetes clusters using Rafay.

HashiCorp's New License

Last week, HashiCorp announced that they would be adopting the Business Source License for future releases of its products. In this blog, we describe how and if this impacts Rafay customers.

There is no impact to our mutual customers and users due to this recent license change by HashiCorp.

Many of our customers benefit from our native support of HashiCorp product offerings, such as Terraform and Vault, and our strong partnership ensures that they will continue to do so. In this blog, I'll describe these integrations, and provide more detail on the recent licensing change.