AWS EKS is a fully managed service that allows you to run your applications on a serverless infrastructure. It eliminates the need to install, manage, and scale your own Kubernetes clusters, which can be a time-consuming and complex task. Instead, EKS automates these processes for you, allowing you to focus on building and deploying applications.
EKS is built on Kubernetes, an open-source platform designed to automate deploying, scaling, and managing containerized applications. Kubernetes groups containers into logical units called pods, for easy management and discovery. EKS takes this up a notch by providing a managed environment to run Kubernetes on AWS.
AWS EKS is easy to use, but also offers the flexibility and versatility required by developers. With EKS, you can easily scale your applications based on demand. You can also choose to run your EKS clusters using AWS Fargate, which is a serverless compute engine for containers that removes the need to manage servers or clusters.
In this article
Before we discuss how AWS EKS works, it’s important to understand the basics of Kubernetes. Kubernetes operates using a master node (there can be one or more) which manages the state of the cluster, such as scheduling, responding to failures, and rolling out updates to applications. Worker nodes are the servers that run Kubernetes pods, which in turn run applications and workloads.
With AWS EKS, the master nodes are managed by AWS, which means you don’t have to worry about their setup or maintenance. Your applications run on worker nodes that are provisioned in your AWS account, which you have full control over.
When you deploy an application on EKS, you start by creating a Kubernetes manifest file. This file describes the desired state of your application, such as which container images to use, how many replicas of the application to run, and how they should communicate with each other.
You then apply this manifest file to your EKS cluster using the Kubernetes command-line tool, kubectl. EKS takes over from here, scheduling your application to run on the worker nodes and maintaining the desired state of your application.
The architecture of AWS EKS is designed to provide high availability and scalability. It’s built on a regional level, which means that the master nodes are distributed across multiple Availability Zones in a region. This ensures that if one Availability Zone goes down, your applications continue to run on the remaining zones.
The worker nodes, on the other hand, can be spread across multiple AWS accounts and VPCs. This provides you with the flexibility to isolate your workloads for security and compliance requirements.
EKS also integrates with AWS services like Elastic Load Balancing (ELB) for distributing traffic, Auto Scaling for adjusting the number of worker nodes, and Identity and Access Management (IAM) for access control.
AWS EKS provides you with several deployment options:
The standard Amazon EKS service allows you to run Kubernetes on AWS without the need to manage the underlying infrastructure. You simply provision your worker nodes and EKS takes care of the rest. You can decide whether to deploy worker nodes on Amazon EC2 instances (for more control) or Fargate (a fully managed serverless model).
If you have AWS Outposts in your data center, you can also run EKS on this infrastructure. This allows you to have a consistent Kubernetes environment across your on-premises and cloud environments.
EKS Anywhere is a new deployment option that allows you to run EKS in your own data center. With EKS Anywhere, you can create and operate Kubernetes clusters on-premises using the same EKS experience in the AWS console.
EKS Distro is the same Kubernetes distribution used by Amazon EKS, but it’s available for you to deploy on your own. This allows you to create Kubernetes clusters anywhere, whether in the cloud, on-premises, or even on your own laptop.
There are no upfront costs nor any requirement for long-term commitment to use EKS. The amount you pay is determined by the resources you consume. These resources include compute instances, storage volumes, and data transfer, among other things.
EKS pricing is primarily divided into two parts: the cost of running the Kubernetes control plane and the cost of running worker nodes. For the control plane, AWS charges a flat rate of $0.10 per hour for each EKS cluster. It’s important to note that you pay for the control plane regardless of the number of worker nodes or the overall utilization of the cluster.
The cost of running worker nodes, on the other hand, depends on the type of instances you choose and the number of instances running in your cluster. AWS offers a wide range of instance types, each with its own pricing. Therefore, you have the freedom to choose the instance type that best suits your needs and budget.
Here are best practices that can help you manage EKS more effectively:
EKS cluster management involves a variety of tasks such as creating, updating, and deleting clusters, managing worker nodes, managing network access, and more. A key best practice is to automate these tasks as much as possible. This not only saves time but also reduces the chances of human errors.
One way to automate cluster management is by using Infrastructure as Code (IaC) tools such as AWS CloudFormation or Terraform. These tools allow you to describe your infrastructure in code, which can then be version controlled, tested, and reused.
Another best practice is to monitor your clusters continuously. AWS provides various tools such as CloudWatch and CloudTrail for monitoring and logging, respectively. By keeping a close eye on your clusters, you can identify and fix issues proactively.
Security is a critical aspect of managing EKS. AWS provides several features and tools to help secure your EKS clusters. However, it’s up to you to use these features and tools effectively.
One of the most fundamental security practices is to follow the principle of least privilege. This principle dictates that you should grant the minimum permissions necessary for a task. For instance, when creating IAM roles for your EKS clusters, ensure that these roles only have the permissions they absolutely need.
Another crucial security practice is to encrypt sensitive data. AWS offers Key Management Service (KMS) for this purpose. With KMS, you can create and manage cryptographic keys and use them to encrypt data.
Learn more in our detailed guide to AWS EKS security (coming soon)
Performance optimization is all about ensuring that your EKS clusters run efficiently. There are several practices that can help achieve this:
Learn more in our detailed guide to AWS EKS best practices (coming soon)
The distributed nature of containers (and microservices in general), whether running on AWS EKS, or another orchestrator, means that your applications will typically require more than just monitoring with metrics and logs. In order to keep an eye on the many different services these applications are composed of, distributed tracing is critical to keep applications up and running smoothly.
Lumigo is a cloud native observability platform that delivers automated distributed tracing, purpose-built for distributed applications, including those running on ECS and soon, EKS.
Lumigo provides deep visibility into applications and infrastructure with all the relevant information on each component, enabling you to easily monitor and troubleshoot container applications.