With our Open Source app platform you can now specify -t eks during setup, which generates _values files with EKS-specific configuration. This allows you to deploy all of the same Helm charts, but for Cilium will use ENI mode, and it expects to perform STS AssumeRole for an IAM Role using IRSA. Further, CoreDNS is configured to forward to the default resolver IP.

If you’re n large business or Enterprise and looking to accelerate your teams on EKS, please get in touch!

You can now provision clusters in following AWS regions:

• us-east-1: US East (N. Virginia)
• us-east-2: US East (Ohio)
• us-west-1: US West (N. California)
• us-west-2: US West (Oregon)
• ca-central-1: Canada (Central)
• eu-north-1: EU (Stockholm)
• eu-west-1: EU (Ireland)
• eu-west-2: EU (London)
• eu-west-3: EU (Paris)
• eu-central-1: EU (Frankfurt)
• ap-northeast-1: Asia Pacific (Tokyo)
• ap-northeast-2: Asia Pacific (Seoul)
• ap-northeast-3: Asia Pacific (Osaka-Local)
• ap-southeast-1: Asia Pacific (Singapore)
• ap-southeast-2: Asia Pacific (Sydney)
• ap-south-1: Asia Pacific (Mumbai)
• sa-east-1: South America (São Paulo)

The AWS EBS CSI Driver is now provisioned on all Nadrama AWS clusters by default, including a default StorageClass, so PersistentVolumes “just work”.

Note that for safety, volumes will not be deleted from your AWS account once deleted in-cluster. In future we hope to offer a function to snapshot and delete volumes on a schedule, please get in touch if this is of interest.

The CSI Snapshot CRDs and Controller is now installed on all clusters by default. This allows you to create snapshots of your volumes and restore them to a new volume. You can read more about it here.

Our Kubernetes were previously issuing OIDC Service Account tokens, however now each cluster Kubernetes API OIDC /.well-known/openid-configuration endpoint is now providing the correct configuration.

Kubernetes Node resources now have topology labels for region, zone, and instance type automatically applied.

Pods can now STS AssumeRole for IAM Roles.

To do this, simply annotate your pod using the iam.amazonaws.com/role key to specify the role ARN.

For safety, you must also annotate the namespace of the pod using the iam.amazonaws.com/allowed-roles key with an array of values, where the values are the ARNs allowed (or can use * wildcards).

To enable this, on each instance we are running kube2iam for you - refer to the kube2iam documentation for more information on how this works.

EC2 instances for cluster nodes are now created with EBS volume encryption enabled.

Read more about the launch of our Single Node AWS Clusters in Beta in our detailed blog post here.