TalksAWS re:Invent 2025 - Networking and observability strategies for Kubernetes (CNS417)

AWS re:Invent 2025 - Networking and observability strategies for Kubernetes (CNS417)

Networking and Observability Strategies for Kubernetes

Challenges in Distributed Kubernetes Environments

  • Kubernetes environments are becoming increasingly complex and distributed
  • The network is a critical fabric that ties together various components and services
  • Lack of visibility into the network can lead to challenges in:
    • Ensuring security and compliance
    • Optimizing performance and cost
    • Aligning application behavior with design

Simplifying Infrastructure Management with EKS Auto Mode

  • EKS Auto Mode provides a simplified infrastructure baseline for Kubernetes clusters
  • Includes core networking components like CoreDNS, kube-proxy, and a native CNI with network policy support
  • Automatically provisions and manages the cluster infrastructure, including compute scaling with Cluster Autoscaler
  • Enables default network policies to improve the security posture out-of-the-box

Enhancing Network Security with Native Network Policies

  • EKS Auto Mode provides native support for Kubernetes network policies
  • Uses eBPF-based CNI for high-performance network policy enforcement
  • Allows defining default network policy behavior at the node class level
  • Provides a controlled rollout of network policy changes to minimize disruption

Achieving Network Observability with Container Network Observability

  • Introduces a new "Container Network Observability" feature in EKS
  • Provides granular network performance metrics at the pod and worker node level
  • Integrates with existing observability stacks (e.g., Prometheus, CloudWatch)
  • Enables detailed visualization of network flows, including east-west traffic and traffic to external services
  • Complements service mesh usage by providing observability without the operational overhead

Shifting Left Security with Network Observability

  • Network observability data can be used to create more accurate and targeted network policies
  • Allows shifting security left by defining policies in the development environment based on observed traffic patterns
  • Reduces the cost of fixing security issues by addressing them earlier in the development lifecycle

Simplifying Platform and Application Lifecycle with EKS Capabilities

  • Introduces "EKS Capabilities", a new set of managed services for the entire platform and application lifecycle
  • Leverages open-source tools like Argo CD, Kube-bench, and ACK to simplify platform management
  • Enables faster time-to-market and increased development velocity

Key Takeaways

  • Distributed Kubernetes environments require comprehensive network observability to optimize for security, performance, and cost
  • EKS Auto Mode provides a simplified infrastructure baseline with built-in networking capabilities
  • Native network policies in EKS improve the security posture and enable shifting left security
  • Container Network Observability delivers granular visibility into network performance and behavior
  • EKS Capabilities further simplify platform and application lifecycle management

Your Digital Journey deserves a great story.

Build one with us.

Talk to us
Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.