This year's KubeCon for North America was hosted at the McCormick Place in the windy city aka Chicago. It appears that there were 15,000 in-person attendees which explains why we were extremely busy all through the conference. In this blog, we summarize our observations and learnings from this year's KubeCon.
We constantly hear from our customers about wanting their developers to experiment with Generative AI. No organization wants to be left behind and they are all trying to find ways to empower their developers and application teams to be able to experiment with use cases powered especially by Generative AI.
According to recent Gartner research, >80% of enterprises will have used Generative AI APIs or Deployed Generative AI-Enabled Applications by 2026.
We have been listening to our customers and are happy to announce Rafay's Templates for AI & Generative AI. Platform teams can now provide their developers with a self service experience for infrastructure so that developers can experiment with new and innovative AI and Generative AI use cases.
Customers have shared with us that they would like to provision new EKS clusters using new Kubernetes versions so that they do not have to plan/schedule for Kubernetes upgrades for these clusters right away. For the last few releases, we have introduced support for new cluster provisioning for the new Kubernetes version first and then follow up with support for zero touch in-place upgrades.
Important
Please review our support matrix for additional details on supported Kubernetes version by provider and k8s distribution.
Congratulations to the maintainers of the Karpenter project!
The Karpenter project graduated to beta on 1st Nov, 2023. This is a major milestone for the Karpenter project.
We were very early adopters of Karpenter and have collaborated extensively with our customers and AWS to ensure that Karpenter works seamlessly for their EKS clusters when used with the Rafay Kubernetes Management platform. In this blog, we will describe the benefits of Karpenter and how our customers use Karpenter with Rafay.
As the threat landscape for Kubernetes environments continues to evolve, it is essential to take steps to continuously monitor your clusters for malicious activity. As part of security best practices for EKS, it is critical for organizations to implement a solution for continuously monitoring EKS runtimes, analyzing EKS audit logs, scanning for malware and other suspicious activity. Guardduty uses continuously updated threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalation of privileges, use of exposed credentials, or communication with malicious IP addresses, domains, presence of malware on your Amazon EC2 instances and EKS container workloads, or discovery of suspicious API activity.
GuardDuty provides an EKS managed add-on that helps you detect and respond to threats by continuously monitoring your EKS clusters. With Rafay Platform, you can easily configure and manage GuardDuty for your EKS clusters, and monitor its findings from the AWS Console.
In October 2023, the Rafay team participated at HashiConf 2023 in San Francisco. We had several users ask us last week about our thoughts on the conference itself and things we presented and demonstrated. In this blog, we will briefly describe our learnings and observations from this major conference.
In late Sep 2023, we had the opportunity to speak, present and participate at DevOpsCon 2023 in New York City. In this blog, we will briefly describe what we presented at the conference and our observations about the event itself.
DevOpsCon is a global conference focused on CI/CD, Kubernetes Ecosystem, Agile & Lean Business. If you live outside the United States, you may want to attend one of their conferences in other cities such as Munich, Singapore, London and Berlin.
This year's conference in New York was held at the Marriott near Brooklyn Bridge which is a fantastic location, literally right across from the Brooklyn Bridge and NYU Engineering.
Our goals at this conference were very simple.
Educate the attendees about various approaches for secure access to Kubernetes clusters and their pros/cons.
Attend other sessions, meet practitioners and learn about their challenges and how they are solving these.
Imagine this scenario: your clusters, the backbone of your infrastructure, are currently running worker nodes based on an older AMI version. An alarming email from the security team informs you that the AMI ID being used has serious security vulnerabilities. The urgency to address issues like this becomes paramount because these pose a direct threat to the integrity and security of your infrastructure.
Critical security issues like this call for the ability for quick action. How can nodes across all clusters be updated quickly?
Scenarios like this are exactly why we have invested heavily in developing the Fleet Plans functionality. This can help you identify and update all of the impacted worker nodes in various clusters smoothly in this situation.
sequenceDiagram
autonumber
participant admin as Admin
participant rafay as Rafay
rect rgb(191, 223, 255)
Note over admin,rafay: Upgrades of Insecure AMIs
admin->>rafay: Identify Impacted EKS Clusters <br> (Input = AMI ID)
admin->>rafay: Create Fleet Plan <br> (Impacted Clusters)
admin->>rafay: Execute Fleet Plan
admin->>rafay: Verify all EKS clusters <br>in fleet are using new AMI
end
In our recent release, we added support for in-place upgrades of your EKS clusters provisioning based on Kubernetes v1.27.
Our customers have shared with us that they would like to provision new EKS clusters using new Kubernetes versions so that they do not have to plan/schedule for Kubernetes upgrades for these clusters right away. As a result, we generally introduce support for new cluster provisioning for the new Kubernetes version first and then follow up with support for zero touch in-place upgrades.
Note
Organizations that wish to perform sophisticated checks for API deprecation etc are strongly recommended to use Rafay's Fleet Operations for Amazon EKS.
Our recent release update adds support for a number of new features and enhancements. This blog is focused on support for Kubernetes v1.28 with Rafay MKS (i.e. upstream Kubernetes for bare metal and VM based environments).
Both new cluster provisioning and in-place upgrades of existing clusters are supported. As with most Kubernetes releases, this version also deprecates and removes a number of features. To ensure there is zero impact to our customers, we have made sure that every feature in the Rafay Kubernetes Operations Platform has been validated on this Kubernetes version.