Amazon EKS is a managed service that helps make it easier to run Kubernetes on AWS. Through Amazon EKS, organizations can run Kubernetes without installing and operating a Kubernetes control plane or worker nodes. Simply put, EKS is a managed containers-as-a-service (CaaS) that drastically simplifies Kubernetes deployment on AWS.
Amazon Elastic Kubernetes Service (Amazon EKS) makes it easy to deploy, manage, and scale containerized applications using Kubernetes on Amazon Web Services.
Amazon EKS runs the Kubernetes management infrastructure for you across multiple Amazon Web Services availability zones to eliminate a single point of failure. Amazon EKS is certified Kubernetes conformant so you can use existing tooling and plugins from partners and the Kubernetes community. Applications running on any standard Kubernetes environment are fully compatible and can be easily migrated to Amazon EKS.
Amazon EKS is generally available for all Amazon Web Services customers. Amazon Elastic Kubernetes Service (EKS) provides solutions to Kubernetes operational challenges by offloading this overhead to the Amazon Web Services Platform. As a result, organizations can focus on their container adaptation plans while leveraging AWS-managed Kubernetes.
Use case: If your company is already using Kubernetes on-premises or in another cloud, and wants to migrate to AWS using Kubernetes
What is Kubernetes?
Kubernetes is an open-source system that allows organizations to deploy and manage containerized applications like platforms as a service (PaaS), batch processing workers, and microservices in the cloud at scale. Through an abstraction layer created on top of a group of hosts, development teams can let Kubernetes manage a host of functions–including load balancing, monitoring and controlling resource consumption by team or application, limiting resource consumption and leveraging additional resources from new hosts added to a cluster, and other workflows.
Through Amazon EKS, organizations using AWS can get the full functions of Kubernetes without having to install or manage Kubernetes itself.
Key Features of Amazon EKS:
Several enterprises have adapted the AWS cloud platform for their various needs. EKS provides features to take full advantage of the reliability, availability, and performance of the Kubernetes platform without getting taxed for its operational challenges.
1. Managed Control Plane:
EKS manages the high availability and scalability of a Kubernetes control plane. It archives this by deploying Kubernetes API services and Etcd across different Amazon Availability Zones.
2. Managed Worker Nodes:
EKS provides diverse options to provision and manages worker nodes. For example, organizations can have complete control by using self-managed configurations or relying on auto scaling groups to have a fully managed setup.
3. Command Line (Launch using eksctl):
eksctl is a convenient command-line utility built to manage EKS clusters. The utility enables users to perform all operations from their OS terminal instead of using the web interface.
4. Service Discovery:
EKS supports organization-wide unified-service discovery using Cloud Map. You can use the service discovery to connect services deployed across different zones and clusters.
5. VPC Networking:
EKS maintains isolation between different clusters using VPC. Furthermore, the network traffic inside each VPC is secured by using security groups.
6. AWS IAM Authenticator:
Kubernetes RBAC is integrated with IAM Authenticator through Amazon EKS. Orgs can assign RBAC roles to each IAM entity, which allows granular control of access permissions to K8s masters.
7. Service Mesh:
By standardizing the way each microservice in an application communicates, AWS App Mesh makes building and running complex microservices applications easy. App Mesh simplifies the configuration of part of an application for high-availability and end-to-end visibility.
Amazon EKS Architecture (Amazon EKS components):
The AWS EKS architecture is composed of the following main components: clusters and nodes.
1. Amazon EKS Clusters:
Clusters are made up of a control plane and EKS nodes.
EKS control plane: The control plane runs on a dedicated set of EC2 instances in an Amazon-managed AWS account, and provides an API endpoint that can be accessed by your applications. It runs in single-tenant mode, and is responsible for controlling Kubernetes master nodes, such as the API Server and etcd.Data on etcd is encrypted using Amazon Key Management (KMS). Kubernetes master nodes are distributed across several AWS availability zones (AZ), and traffic is managed by Elastic Load Balancer (ELB).
EKS nodes: Kubernetes worker nodes run on EC2 instances in your organization’s AWS account. They use the API endpoint to connect to the control plane, via a certificate file. A unique certificate is used for each cluster
2. Amazon EKS Nodes:
Amazon EKS clusters can schedule pods using three primary methods.
A) Self-Managed Nodes: A “node” in EKS is an Amazon EC2 instance that Kubernetes pods can be scheduled on. Pods connect to the EKS cluster’s API endpoint. Nodes are organized into node groups. All the EC2 instances in a node group must have the same:Amazon instance type Amazon Machine Image (IAM)IAM role. You can have several node groups in a cluster, each representing a different type of instance or instances with a different role.
B) Managed Node Groups: Amazon EKS provides managed node groups with automated lifecycle management. This lets you automatically create, update, or shut down nodes with one operation. EKS uses Amazon’s latest Linux AMIs optimized for use with EKS. When you terminate nodes, EKS gracefully drains them to make sure there is no interruption of service. You can easily apply Kubernetes labels to an entire node group for management purposes.Managed nodes are operated using EC2 Auto Scaling groups that are managed by the Amazon EKS service. You can define in which availability zones the groups should run. There are several ways to launch managed node groups, including the EKS console, eksctl, the Amazon CLI, Amazon API, or Amazon automation tools including CloudFormation.
C) Amazon Fargate: You can use Amazon Fargate, a serverless container service, to run worker nodes without managing the underlying server infrastructure. Fargate bills you only for actual vCPUs and memory used. It provisions more computing resources according to what is actually needed by your cluster nodes.
In short, a Kubernetes cluster is based on distributed components that offer either of the following services:
Configure and Manage Kubernetes services, also known as Kubernetes Control Plane
Configure and Manage user applications, also known as Worker Nodes
An EKS cluster consists of the above components deployed in two separate VPCs.
AWS manages the VPC, which hosts the Control Plane. The user operates the second VPC, which hosts the Worker Nodes.
The Worker Nodes must connect to the Control Plane to register them for a cluster. The second VPC hosts all enterprise applications and must be reachable from its clients.
How does Amazon EKS work?
The simplest way to look at EKS is that it’s AWS offering for Kubernetes-as-a-service. As mentioned, EKS significantly simplifies the management and maintenance of highly-available Kubernetes clusters in AWS.
Amazon EKS works by provisioning (starting) and managing the Kubernetes control plane and worker nodes for you. At a high level, Kubernetes consists of two major components – a cluster of ‘worker nodes’ that run your containers – and the control plane that manages when and where containers are started on your cluster and monitors their status.
Without Amazon EKS, you have to run both the Kubernetes control plane and the cluster of worker nodes yourself. With Amazon EKS, you provision your worker nodes using a single command in the EKS console, CLI, or API, and AWS handles provisioning, scaling, and managing the Kubernetes control plane in a highly available and secure configuration. This removes a significant operational burden for running Kubernetes and allows you to focus on building applications instead of managing AWS infrastructure.