Skip to content

2023

IPv6 Only Amazon EKS Clusters using Rafay

As the demand for IP addresses continues to grow, the Internet is rapidly running out of available IPv4 addresses. This has led to the adoption of IPv6, which provides a much larger pool of IP addresses. By using IPv6, organizations can ensure that they have enough IP addresses for their containerized applications, without running into address exhaustion issues.

Our most recent release to our Preview environment adds support for the creation of IPv6 Only Amazon EKS Clusters. This update streamlines the process of establishing Amazon EKS clusters with IPv6 only configuration, making it easier for you to harness the advantages of IPv6 networking without dealing with complexities.

Implementing Chargeback/Showback for multi-tenant clusters

As organizations embrace multi-tenancy i.e. share clusters among applications/teams to reduce cluster sprawl and spend, it is imperative that granular resource utilization metrics are collected and aggregated from their clusters. Tracking and reporting costs on a per application/team basis (referred to as chargeback/showback) is essential for a number of reasons including:

  • Billing internal teams/applications (their cost center IDs) based on their consumption
  • Gaining visibility into the cost structure to determine inefficiencies and drive cost optimization exercises
  • Forecasting future spend

Rafay's integrated Cost Management solution makes it extremely simple for customers to standardize collection of metrics in a consistent manner across clusters (cloud, on-premise) and implement chargeback/showback models.

Announcing Rafay's Templates for AI and Generative AI

We constantly hear from our customers about wanting their developers to experiment with Generative AI. No organization wants to be left behind and they are all trying to find ways to empower their developers and application teams to be able to experiment with use cases powered especially by Generative AI.

According to recent Gartner research, >80% of enterprises will have used Generative AI APIs or Deployed Generative AI-Enabled Applications by 2026.

We have been listening to our customers and are happy to announce Rafay's Templates for AI & Generative AI. Platform teams can now provide their developers with a self service experience for infrastructure so that developers can experiment with new and innovative AI and Generative AI use cases.

Gen AI Logo

Amazon EKS v1.28 Cluster Provisioning using Rafay

In our recent release, we added support for new EKS cluster provisioning based on Kubernetes v1.28.

Kubernetes v1.28

Customers have shared with us that they would like to provision new EKS clusters using new Kubernetes versions so that they do not have to plan/schedule for Kubernetes upgrades for these clusters right away. For the last few releases, we have introduced support for new cluster provisioning for the new Kubernetes version first and then follow up with support for zero touch in-place upgrades.

Important

Please review our support matrix for additional details on supported Kubernetes version by provider and k8s distribution.

Intelligent Cluster Autoscaling with Karpenter

Congratulations to the maintainers of the Karpenter project!

The Karpenter project graduated to beta on 1st Nov, 2023. This is a major milestone for the Karpenter project.

We were very early adopters of Karpenter and have collaborated extensively with our customers and AWS to ensure that Karpenter works seamlessly for their EKS clusters when used with the Rafay Kubernetes Management platform. In this blog, we will describe the benefits of Karpenter and how our customers use Karpenter with Rafay.

AWS Karpenter

Streamline GuardDuty Add-on Management for Amazon EKS Clusters

As the threat landscape for Kubernetes environments continues to evolve, it is essential to take steps to continuously monitor your clusters for malicious activity. As part of security best practices for EKS, it is critical for organizations to implement a solution for continuously monitoring EKS runtimes, analyzing EKS audit logs, scanning for malware and other suspicious activity. Guardduty uses continuously updated threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalation of privileges, use of exposed credentials, or communication with malicious IP addresses, domains, presence of malware on your Amazon EC2 instances and EKS container workloads, or discovery of suspicious API activity.

GuardDuty provides an EKS managed add-on that helps you detect and respond to threats by continuously monitoring your EKS clusters. With Rafay Platform, you can easily configure and manage GuardDuty for your EKS clusters, and monitor its findings from the AWS Console.

Rafay at DevOpsCon 2023 in New York City

In late Sep 2023, we had the opportunity to speak, present and participate at DevOpsCon 2023 in New York City. In this blog, we will briefly describe what we presented at the conference and our observations about the event itself.

DevOpsCon is a global conference focused on CI/CD, Kubernetes Ecosystem, Agile & Lean Business. If you live outside the United States, you may want to attend one of their conferences in other cities such as Munich, Singapore, London and Berlin.

This year's conference in New York was held at the Marriott near Brooklyn Bridge which is a fantastic location, literally right across from the Brooklyn Bridge and NYU Engineering.

Our goals at this conference were very simple.

  1. Educate the attendees about various approaches for secure access to Kubernetes clusters and their pros/cons.

  2. Attend other sessions, meet practitioners and learn about their challenges and how they are solving these.

View the full conference schedule.

Streamlining AMI Updates for Worker Nodes in Amazon EKS Clusters

Imagine this scenario: your clusters, the backbone of your infrastructure, are currently running worker nodes based on an older AMI version. An alarming email from the security team informs you that the AMI ID being used has serious security vulnerabilities. The urgency to address issues like this becomes paramount because these pose a direct threat to the integrity and security of your infrastructure.

Critical security issues like this call for the ability for quick action. How can nodes across all clusters be updated quickly?

Scenarios like this are exactly why we have invested heavily in developing the Fleet Plans functionality. This can help you identify and update all of the impacted worker nodes in various clusters smoothly in this situation.

sequenceDiagram
    autonumber
    participant admin as Admin
    participant rafay as Rafay

    rect rgb(191, 223, 255)
    Note over admin,rafay: Upgrades of Insecure AMIs
    admin->>rafay: Identify Impacted EKS Clusters <br> (Input = AMI ID)
    admin->>rafay: Create Fleet Plan <br> (Impacted Clusters)
    admin->>rafay: Execute Fleet Plan
    admin->>rafay: Verify all EKS clusters <br>in fleet are using new AMI
    end