terraform plan -out .tfplan
terraform apply .tfplan- Tighten network ACLs
- Revisit security groups
- Auto-update worker nodes
- Create a tagging strategy and tag resources
- Add support for spot instances
- Add AlwaysPullImages admission controllers
- Encrypted default storage class
- Worker nodes in private subnets, NAT per availability zone
- Automatic DNS provisioning via ExternalDNS
- [GPU] nodes
- https://github.com/awslabs/amazon-eks-ami/blob/master/files/eni-max-pods.txt
- awslabs/amazon-eks-ami#66
- https://aws.amazon.com/blogs/opensource/firecracker-open-source-secure-fast-microvm-serverless/
- https://medium.com/@gokulchandrapr/kata-containers-on-kubernetes-and-kata-firecracker-vmm-support-28abb3a196e7
- https://github.com/kata-containers/documentation/blob/master/install/aws-installation-guide.md
- https://github.com/IBM/portieris