Amazon Elastic Kubernetes Services (AWS EKS)

Single-line management and eksctl can be used to start nodes.

Using the command-line programme eksctl, you can get up and running with Amazon EKS in no time. The command “eksctl create cluster” is all that is required to get an EKS cluster up and running. eksctl can simplify cluster management and operations in addition to controlling nodes and add-ons.

• Support for Windows

Windows containers and Windows worker nodes may both run simultaneously on Amazon EKS thanks to the cloud computing platform. Since Windows workstations are supported by EKS, you can utilize the same cluster to run both Linux and Windows software at the same time!

• Arm-based EC2 instances, 

There is a huge increase in performance and capability while also saving money with Amazon Web Services’ Graviton2 processors. One of the most effective ways to reduce the overall cost of an application is to use containers. Combining the two results in great price-to-performance ratios.. For example, Graviton2 processor-based instance kinds like M5, C5, and R5 offer up to 40% better price performance than their x86-based similar M5, C5, and R5 families. Both AWS Graviton2 and Amazon EKS can be found in regions where both services are available.

Security and networking

With Amazon EKS’ advanced capabilities and interfaces with AWS services and solutions from technology partners, Kubernetes cluster security is simplified. IAM and Amazon VPC, for example, allow you to restrict access to your Kubernetes clusters at the granular level.

The ability to use IPv6

It is possible to run containerized applications using Amazon Elastic Kubernetes Service (EKS) much beyond the limitations of a private IPv4 address space thanks to EKS’s support for Internet Protocol Version 6. EKS’s IPv6 support allows you to scale apps in your cluster without utilising limited private IPv4 address space by assigning pods just a globally routable IPv6 address. Any IPv6 endpoint in your Amazon VPC, on-premises network, or the public internet can be reached using this IPv6 address. You don’t have to convert all of your existing services to IPv6 in order to take use of IPv6’s advantages while adopting Kubernetes. IPv4 endpoints outside the cluster can still communicate with pods via EKS’s network configuration.

Discovery of the service

AWS Cloud Map is a resource discovery tool for the AWS cloud. Cloud Map allows you to provide dynamically changing application resources with unique names and addresses. When you use this technique, your online service will constantly locate the most recent places for the resources of your apps Using the open-source Kubernetes connector external-dns, internal service locations are propagated to the Cloud Map service registry as Kubernetes services are started and removed upon termination. Users can use the Cloud Map registry to discover Kubernetes services, which operates as a common service registration for all containerized workloads.

Mesh of Service

For large, distributed applications with a range of microservices that link to one another, Service Mesh is an excellent choice. AWS App Mesh lets you keep tabs on the progress of your app at every stage. You may add additional services to the mesh, determine traffic routing, and set up security features like encryption with the AWS App Mesh controller for Kubernetes. Pod registration on AWS Cloud Map for service discovery is also possible with App Mesh. In the App Mesh bootstrap configuration, metrics, logs, and traces are exported to the endpoints defined in Envoy. For establishing traffic pathways, circuit breaking, retries, and other controls across mesh-enabled microservices, App Mesh offers an API. Every request you make to a service will be encrypted using the App Mesh Mutual TLS. Additional authentication protections can be used to further limit communication to only those services that you approve of.

Native networking for VPCs

For your EKS clusters on an Amazon VPC, you have the option of creating your own VPC security groups and network access control lists (ACLs). Because no one else has access to your computing resources, you may utilize them to build programmes that are both secure and dependable. Container network interface of Amazon VPC is used by EKS to provide IP addresses to Kubernetes pods (CNI). Amazon EKS and Project Calico can let your Kubernetes workloads benefit from fine-grained networking management. Each service can have its own level of access control by utilising the Kubernetes network policy APIs.

IAM Authenticator for AWS

As part of Amazon EKS, Kubernetes RBAC (Role-Based Access Control) is linked with AWS IAM. Kubernetes control plane nodes can be tightly controlled using RBAC roles, which can be allocated to individual IAM objects.

IAM for Service Accounts

Amazon EKS can be made available to Kubernetes service accounts using IAM. The IAM user role can control access to additional containerized services, external AWS resources, such as databases and secrets, and third-party services and apps running outside of AWS. When many co-located services are hosted on the same cluster, fine-grained control at the pod level is available while simplifying cluster availability and cost optimization.

Compliance

A number of compliance programmes have endorsed Amazon EKS for use in regulated and sensitive applications.EKS conforms to SOC 2, PCI DSS 3.0, ISO 27001, and FedRAMP-Moderate security criteria for HIPAA compliance.

Load Balancing

Elastic Load Balancing (ELB), including ALB, NLB, and Classic Load Balancing (CLB), can be used with Amazon EKS simultaneously. Any Kubernetes-supported ingress controller can be run on Amazon EKS, as long as it supports load balancing.

Compute Without a Server

It is possible to run your Kubernetes apps on AWS Fargate using EKS. Server provisioning and management are no longer necessary thanks to Fargate’s application-level isolation feature by design.

Deployments of Hybrids

EKS in AWS Outposts can be used to run containerized programmes with reduced latency to on-premises systems. AWS Outposts is a fully managed solution that extends AWS infrastructure and AWS services, APIs, and tools to practically any connected site.. EKS on Outposts makes on-premises container management just as easy as it is in the cloud.

More AWS-managed edge infrastructure options are now possible with EKS linked to nodes running in AWS Local Zones or AWS Wavelength. With Amazon EKS Distro, you may run the same open-source Kubernetes software distribution on your own on-premises infrastructure as Amazon EKS on AWS. You may manage EKS Distro clusters using Amazon EKS Anywhere or your own tooling (coming 2021). Using Amazon EKS Anywhere, you can build and manage Kubernetes clusters on your own bare metal and virtual machines (VMs) (using the software in Amazon EKS Distro). EKS Anywhere eliminates the need for you to design and maintain your own Kubernetes cluster management software. EKS Anywhere can be used to build, manage, and operate clusters on bare metal, virtual machines, and cloud environments. The default setups for logging, monitoring, networking, and storage are all included, as are the cloud-based virtual PCs. All of these features are included in EKS Anywhere so that you can run Kubernetes in production with just a few clicks of the mouse.

Logging

AWS CloudTrail’s integration with Amazon EKS now makes it possible to view the audit history of EKS administrative operations. CloudTrail can be used to monitor Amazon EKS API calls. Amazon EKS now provides Kubernetes control plane logs to Amazon CloudWatch via Amazon EKS for troubleshooting, debugging, and auditing.

Conforming to the Standards

As a user of Amazon EKS, you can take advantage of all of the Kubernetes technologies that already exist in the Kubernetes community. A private data centre or a public cloud — Amazon EKS is fully compatible with your Kubernetes apps no matter where they’re being hosted. You won’t have to rewrite any of your code if you move from Kubernetes to Amazon EKS.

Cluster Updates Under Control

Running Kubernetes clusters can be upgraded to the most recent version utilizing Amazon EKS, which takes care of upgrading the clusters itself for the user. Kubernetes’ in-place version updates eliminate the need to create new clusters or migrate programmes to new clusters.

While Amazon EKS is still in the process of updating, it will only support three stable Kubernetes versions at a time. The SDK, CLI, and AWS Console all have access to these settings.

Advanced Load Management

Amazon EKS provides a GPU-optimized Amazon Machine Image (AMI) for Amazon EC2 instances (P2 and P3). Amazon EKS can run a variety of containers, including those for HPC, ML, Kubeflow, and DL, as well as those for financial analytics and video transcoding.

Compatibility with Open Source

Kubernetes community tools and extensions are all compatible with Amazon EKS. Managing your Amazon EKS cluster is simple using the web-based Kubernetes Dashboard and the kubectl command-line tool. The cluster’s DNS is handled by CoreDNS. Kubernetes community tools and extensions are all compatible with Amazon EKS. Managing your Amazon EKS cluster is simple using the web-based Kubernetes Dashboard and the kubectl command-line tool. The cluster’s DNS is handled by CoreDNS.

Connector for EKS

Any Kubernetes cluster can be plugged into AWS Elastic Container Service (ECS) (ECS). Amazon EKS Anywhere, Amazon Elastic Compute Cloud (Amazon EC2), and other Kubernetes clusters hosted elsewhere can all be linked together using Amazon EKS Anywhere. In the Amazon EKS console, all linked clusters and the Kubernetes resources running on them may be viewed.

Pricing

With this service, Kubernetes applications may be started, run, and scaled on-premises or in the cloud. In addition to patch management and node provisioning, Amazon EKS also automates updates.

Using an Amazon EKS cluster costs around $0.10 an hour to run. You can run many applications on a single EKS cluster by utilising Kubernetes namespaces and IAM security policies. EKS can be deployed on-premises or in the cloud, using EC2 or Fargate in AWS, or utilising AWS Outposts in your own data centre.

While running Kubernetes on Amazon Elastic Block Store (EBS) volumes or Amazon EC2 instances, you pay for the AWS resources that are used to run your worker nodes. Minimum charges and commitments are non-existent; you only pay for the services you really utilize.

Related Articles