AWS announces support for Kubernetes 1.25 on EKS

Published on march 24, 2023

Amazon has recently announced that Amazon Elastic Kubernetes Service (EKS) now supports version 1.25 of Kubernetes. This update introduces support for Pod Security Admission (PSA), ephemeral containers, and new values for control groups API version 2.

Lukonde Mwila, AWS’s senior developer advocate, provided an overview of the update in a blog post that was published on the company’s website. In Kubernetes 1.25, the Pod Security Policies (PSPs) have been removed and the Pod Security Admission (PSA) has been promoted to a stable feature. Due to this change, Amazon EKS has now enabled PSA as the default security mechanism by default. The detailed instructions on how to move from a PSP to a PSA are provided to EKS customers.

As a means of acknowledging the wide array of components that were included in the project, as well as the individuals who contributed to it, the release has been titled “Combiner”. EKS customers who want to upgrade to Kubernetes 1.25 will need to upgrade their AWS Load Balancer Controller to version 2.4.7 in order to upgrade to Kubernetes 1.25. Refer to the documentation for instructions on how to install or upgrade to the latest version of the AWS Load Balancer Controller.

In Kubernetes 1.25, API version 2 of control groups (cgroups) is stable. Cgroups provide a mechanism for managing the resources used by processes in the Linux kernel. Using cgroups, users can allocate and restrict the use of various resources, including CPU, memory, network, and disk I/O. Amazon EKS 1.25 requires users to review the new configuration values, including changes to resource value ranges. The range for CPU.weight has been changed from [2-262144] to [1-10000].

Amazon Web Services and Microsoft Azure have been using ephemeral containers to provide their customers with more flexible and efficient ways to troubleshoot their applications. Ephemeral containers are generally available in Amazon EKS version 1.25.

Reddit’s tech community took notice of the announcement. It is good to see them picking up the pace. We’ve had some awkward experiences in the past when EKS lagged so far behind that GKE was forcing us to upgrade away from the highest equivalent version available on EKS.”

Amazon EKS now comes with Seccomp profiles disabled by default. Seccomp is a Linux kernel security mechanism that allows users to limit the actions of containers running on their servers. In order to enforce strict security profiles on their nodes, customers must enable a feature and specify the –seccomp-default flag when configuring their kubelets. Moreover, customers can use the Kubernetes Security Profile to create and distribute seccomp profiles that enforce security on their nodes.

Amazon EKS Distro and Amazon EKS anywhere now support Kubernetes 1.25. Please refer to the release notes for more information.