home
Naukri Code 360
expand-more
Library
expand-more
Amazon Web Services
expand-more
AWS Containers
expand-more
Amazon EKS
Table of contents
1.
Introduction
2.
What is Amazon EKS?
3.
Setting up Amazon EKS
4.
Amazon EKS clusters
5.
Amazon EKS nodes
5.1.
Managed node groups
5.2.
Self-managed nodes
5.3.
Run Kubernetes pods on AWS Fargate
6.
Storage
6.1.
Storage classes
6.2.
Amazon EBS CSI driver
6.3.
Amazon EFS CSI driver
7.
Amazon EKS networking
8.
Workloads
9.
Security in Amazon EKS
10.
Frequently Asked Questions
10.1.
The advantages of AWS EKS.
10.2.
Describe some use cases for AWS EKS. 
10.3.
‍What is the difference between EKS and Kubernetes?
10.4.
How are ECS and EKS different?
11.
Conclusion
Last Updated: Mar 27, 2024
Easy

Amazon EKS

Author Kashish Saxena
0 upvote
Career growth poll
Do you think IIT Guwahati certified course can help you in your career?

Introduction

Amazon Web Services is a popular cloud platform that offers a wide range of services, one of which is the EKS elastic Kubernetes Service. Amazon Elastic Kubernetes Service (Amazon EKS) enables businesses such as Autodesk, GoDaddy, Snap, Intel, and Intuit to run mission-critical systems and applications on Amazon's highly-secure cloud. 

An AWS EKS cluster is a deployment and management platform that provides a fast, seamless way to deploy and manage Kubernetes clusters in the cloud, combining AWS, a cloud service provider, and Kubernetes (a container application deployment and management platform). 

Also see, kubernetes interview questions

What is Amazon EKS?

You and your team want to deploy a small application in Kubernetes with EKS. In EKS, aws creates the master nodes for you since it's a managed cluster. All the necessary applications such as container runtimes and master processes will be installed on the master nodes. When scaling is essential, it will do backups of these applications, etc. It is best to let the platform take care of this maintenance if you have a small team so you can focus on deploying your applications on Kubernetes rather than worrying about backups. Therefore, a worker node is all that needs to be considered. 

Kubernetes can be run on Amazon Web Services while users do not have to maintain their Kubernetes control plane. Control planes (master nodes) and worker nodes can be operated with minimal concern for the underlying infrastructure. As a result of AWS's ongoing efforts, new features for EKS such as Fargate support and Managed Node Groups have been released to provide options beyond self-managed EC2 instances for users. Now let's explore how Amazon EKS can be used.

Also see, Amazon Hirepro

Setting up Amazon EKS

An overview of the deployment of AWS EKS:

  • Log in to your Amazon Web Services account using an AWS IAM account or make sure you have the most recent AWS command-line interface (CLI).

  • Create your AWS access key ID and secret access key in the AWS console. In addition, the user creates an AWS profile on their local computer to store the credentials. Active AWS users usually have access to their credentials. 
  • Navigate to the Amazon EKS console to create and connect to the cluster.

 

  • An AWS IAM service role that manages operations related to the EKS cluster needs to be created. 

 


 

  • The AWS EKS cluster should be hosted within a virtual private cloud (VPC) on AWS. The AWS CloudFormation Console allows you to create, monitor, update and delete stacks directly from a browser. 

 

Amazon EKS clusters

Amazon EKS provides a managed control plane for your Kubernetes cluster. Some Amazon EKS Availability Zones ensure the high availability of Kubernetes control plane instances. Amazon EKS clusters are located within VPCs and secure networks within Amazon data centers. EKS deploys everything in one Amazon region into an existing subnet in the VPC you choose. A cluster consists of a control plane and EKS nodes.

EKS control plane:  Your applications can access the control plane's API endpoint through Amazon's managed AWS account, which hosts specialized EC2 instances. It controls Kubernetes master nodes, such as the API Server, etc., in single-tenant mode. Amazon Key Management (KMS) is used to encrypt data on etc. Elastic Load Balancer (ELB) manages traffic between Kubernetes master nodes based on availability zones.

EKS nodes: Your organization's AWS account runs EC2 instances for Kubernetes worker nodes. A certificate file is used to access the API endpoint from the control plane. Each cluster has its certificate.
 

Prerequisites:

Amazon must create a VPC (Virtual Private Cloud) before you can create a cluster with EKS. It is important for the account that you will use to launch the EKS cluster to have the appropriate permissions. 

  • Launching the EKS cluster requires an Amazon VPC. 
  • To manage your Kubernetes clusters in Amazon EKS, this policy needs to be able to access your AWS account. 
     

Create the EKS Cluster

  • To add a cluster, click the Add Cluster button.
  • Pick Amazon EKS as the cluster type.
  • Provide a name for the cluster.
  • Manage user permissions using Member Roles. Add users by clicking Add Member. Permissions can be adjusted for each user using the Roles drop-down list.
  • Complete the remaining fields. See the documentation for assistance.
  • Press Create.

Creating your cluster and assigning it a provisioning state has been completed. Once the cluster has been updated to Active status, you can access it.

Amazon EKS nodes

Kubernetes clusters consist of machines called nodes. Virtual or physical nodes can be part of a Kubernetes cluster.

Nodes can be divided into two types:

  • The Control Plane is the brain of the cluster and is made up of the Control Plane-node types.
  • Worker nodes, which make up the Data Plane, run container images (via pods).

Managed node groups

The Amazon EKS platform offers managed node groups with automated lifecycle management. Using this feature, you can create, update, and shut down nodes in one operation. Linux AMIs optimized for Amazon EKS are used in EKS. Nodes are gracefully drained to avoid service interruptions when you terminate nodes. For management purposes, Kubernetes labels can be applied to whole node groups. Amazon EKS manages the EC2 Auto Scaling groups for managed nodes. Availability zones can be specified for the groups. The Amazon CLI, Amazon API, Amazon API API, or Amazon automation tools such as CloudFormation can all be used to launch managed node groups, including the EKS console, eksctl, the EKS console, or eksctl.

Self-managed nodes

In EKS, an Amazon EC2 can be used to schedule Kubernetes pods. The API endpoint of the cluster is where Kubernetes pods connect. There are nodes grouped. Amazon instance typeAmazon Machine Image (IAM)IAM role must be the same for all EC2 instances in a node group. In a cluster, you can have different nodes representing different types or roles of instances.

Run Kubernetes pods on AWS Fargate

To run worker nodes without managing the underlying server infrastructure, use Amazon Fargate, a serverless container service. The Fargate billing system only charges you for vCPUs and memory used. Adjusting compute resources accordingly ensures that your cluster nodes have what they need.

Storage

Storage classes

Volumes can be created dynamically using Dynamic Volume Provisioning. If dynamic provisioning is invoked, a StorageClass should be pre-created that defines what provisioner should be used and what parameters should be passed.
 

Identify the storage classes already present in your cluster using the below command.

kubectl get storageclass


You will need to create an AWS storage class manifest file.

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: gp2
provisioner: kubernetes.io/aws-ebs
parameters:
  type: gp2
  iopsPerGB: "10"
  fsType: ext4


The following command creates a storage class.

kubectl create -f gp2-storage-class.yaml

Amazon EBS CSI driver

The Container Storage Interface (CSI) driver for Amazon Elastic Block Store (Amazon EBS) provides a CSI interface through which Amazon Elastic Kubernetes Service (Amazon EKS) clusters can manage Amazon EBS volumes for persistent volumes.

Kubernetes, for example, supports the Container Storage Interface (CSI), a standard for exposing arbitrary file and block storage systems to containerized workloads. CSI allows third-party storage providers to write plugins that expose new storage systems to Kubernetes without touching the core Kubernetes code.

Amazon EFS CSI driver

It is easy to install the Amazon Elastic File System (EFS) CSI driver. In addition to supporting both EKS and self-managed Kubernetes clusters on Amazon Web Services, the EFS CSI driver simplifies elastic file storage configuration for Kubernetes using standard Kubernetes interfaces. EFS file systems enable Kubernetes apps to share data between pods in a scale-out group or other apps running in Kubernetes or out.

Amazon EKS networking

EKS clusters work in Amazon VPCs, secure networks inside Amazon data centers. All resources are deployed in one Amazon Region in a VPC you select within EKS. This diagram illustrates how Amazon EKS cluster components are related to a VPC.

EKS networking

Source: aws 

Control planes of EKS use network interfaces.

EKS-control-plane runs in an Amazon-managed virtual private cloud (VPC). Each EKS cluster in your account is associated with network interfaces managed by this control plane. These interfaces connect instances of EC2 and Fargate to the EKS control plane. An EKS public endpoint is exposed by default. Adding a private endpoint to your cluster and limiting access to specific IP addresses can offer additional security. On-premises network or other VPC connectivity can be configured between the cluster VPC and other VPCs.
 

Nodes of the EKS network

An EKS cluster consists of one EC2 instance per subnet. Networking can be configured in two ways:

  • Subnets in public networks can be created with AWS CloudFormation templates. In this example, nodes are assigned a public IP address and a private IP address from the CIDR block of the subnet.
  • Custom networking is achieved through the Container Networking Interface (CNI). This allows you to assign IP addresses to pods from any subnet, even if the EC2 instance isn't on the subnet. Custom networking must be enabled while creating the nodes.

Workloads

Pods in Kubernetes host the containers that contain your workloads. One or more pods may contain a single container. In Kubernetes services, one or more pods that provide the same service are deployed. You can use multiple pods to offer the same services, as follows:

  • Using AWS Management Console, you can view each cluster's performance information.
  • Kubernetes Vertical Pod Autoscaler allows you to scale pods vertically up or down.
  • Kubernetes Horizontal Pod Autoscaler helps you scale pod capacity up or down to meet demand.
  • To distribute network traffic across pods, create an external (for pods that can access the internet) or internal load balancer. This process is determined at Layer 4 of the OSI model.
  • To balance application traffic across pods, create a load-balancing application on Amazon EKS. Load balancing takes place at Layer 7 of the OSI model.
  • The IP addresses associated with a service can be restricted through external IPs.

Security in Amazon EKS

AWS and the client share responsibility for Kubernetes security in EKS. Security is divided into three categories:

AWS security: To provide access to AWS services, the infrastructure supporting AWS needs to be secure. Through Amazon EKS, Kubernetes control plane components, including the etcd database and the control plane nodes, are protected by Amazon. Third-party auditors test AWS's security effectiveness regularly as part of AWS compliance.

Client-side security: Securing your workload is your responsibility as the client. As part of this, you must ensure data security, upgrade and patch worker nodes, and configure nodes, containers, and the operating system securely. In addition to configuring security groups, you must also configure private cloud (VPCs) connections so that the control plane of EKS can securely communicate with them.

 

Read about Batch Operating System here.

Frequently Asked Questions

The advantages of AWS EKS.

Using AWS EKS to run Kubernetes is a trustworthy and dependable option. Here are a few advantages.

  • Interoperability with other AWS services. 
  • Serverless computing. 
  • High availability and scalability of the control plane.
  • Images for EKS Docker containers are stored securely at Elastic Container Registry (ECR) by AWS.
  • Kubernetes versions can be updated using Amazon EKS.
  • It is an open-source project.

Describe some use cases for AWS EKS. 

  • EKS users can deploy low-latency containerized applications on AWS Outposts for a hybrid deployment.
  • A machine learning workflow can be run with EKS and Kuberflow using EC2 GPU instances and machine learning workflows 
  • You can develop web applications that scale up and down as resource requirements change on EKS.
  • Users can use Kubernetes Jobs API to run batch workloads using EKS Cluster.

‍What is the difference between EKS and Kubernetes?

Kubernetes control planes are configured and managed by the EKS service. Container-based applications are deployed, scaled, and managed using Kubernetes. In EKS, the Kubernetes control plane is replicated across multiple Availability Zones to ensure resilience.

How are ECS and EKS different?

ECS is a platform for managing runtime, stopping, and managing containers in a cluster. The EKS service simplifies the deployment of Kubernetes on AWS compared to having to install it manually on EC2 instances.

Conclusion

This blog has seen how Amazon EKS(Elastic Kubernetes Service) works, how to set it up, and many more topics like Nodes, Clusters, Networking, etc.

We hope that this blog has helped you enhance your knowledge about Amazon EKS and if you would like to learn more, check out our articles on the link. Do upvote our blog to help other ninjas grow. Happy Coding!

Previous article
Amazon Elastic Container Service(ECS)
Next article
AWS App2Container
Live masterclass
author
Google SDE interview process: Strategies to succeed
by Ravi Raj Singh
24 Mar, 2025
01:30 PM
discord 570+ registered
author
Transition to an Amazon SDE role: Get insider tips
by Anubhav Sinha
26 Mar, 2025
01:30 PM
discord 41+ registered
author
Microsoft Data Analytics interview: Dos and Don’ts to get shortlisted
by Prerita Agarwal
25 Mar, 2025
01:30 PM
discord 580+ registered
author
Become MAANG Data Analyst: PowerBI & AI for Data Visualization
by Alka Pandey
27 Mar, 2025
01:30 PM
discord 131+ registered
author
Google SDE interview process: Strategies to succeed
by Ravi Raj Singh
24 Mar, 2025
01:30 PM
discord 570+ registered
author
Transition to an Amazon SDE role: Get insider tips
by Anubhav Sinha
26 Mar, 2025
01:30 PM
discord 41+ registered
View more events