What is EKS?
EKS (Elastic Kubernetes Service) is a fully managed service by Amazon Web Services (AWS) that lets you run Kubernetes on AWS without having to install and manage your own Kubernetes control plane (master nodes).
Benefits of EKS
- High Availability: EKS automatically distributes cluster control plane components across multiple Availability Zones (AZs) for resilience.
- Scalability: It seamlessly integrates with AWS services like Auto Scaling Groups to handle dynamic workload changes.
- Reduced Management Overhead: AWS handles control plane updates, patching, and maintenance, leaving you to focus on your applications.
- Integration with AWS Services: EKS tightly integrates with other AWS services (IAM, VPC, CloudWatch, etc.), providing a smooth user experience.
Prerequisites:
- AWS Account: You’ll need a valid AWS account to start using EKS.
- AWS CLI: The AWS Command Line Interface (CLI) is necessary for interacting with various AWS services, including EKS. Instructions for installation can be found here: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
- kubectl: This is the Kubernetes command-line tool used to manage clusters and workloads. Find installation instructions here: https://kubernetes.io/docs/tasks/tools/install-kubectl/
Cluster Creation (High Level Steps)
- EKS Console
- Navigate to the EKS service within your AWS console.
- Click on “Create cluster”.
- Cluster Configuration:
- Name your cluster.
- Choose a Kubernetes version.
- Select an IAM role that grants EKS permissions to manage resources on your behalf.
- Node Group Configuration:
- Give your node group a name.
- Select an instance type for your worker nodes.
- Adjust the desired, minimum, and maximum number of nodes.
- AWS CLI (using eksctl)
- Install eksctl: https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html
- Cluster Definition: Create a YAML file to define the cluster (name, version, region, etc.).
- Node Group Definition: Create another YAML to specify node group details (name, instance type, size, etc.).
- Create resources: Use
eksctl create cluster -f <cluster-file>andeksctl create nodegroup -f <nodegroup-file>
Cluster Configuration
- Networking
- VPC: Your cluster must reside within an existing VPC. Consider subnet allocation and private/public subnet needs for worker nodes and pods.
- Security Groups: Secure cluster traffic by creating security groups to control inbound/outbound rules for control plane and worker nodes.
- Logging
- CloudWatch Logs: EKS can send control plane and Kubernetes audit logs to CloudWatch logs.
- S3 Bucket: Optionally, configure long-term log storage in an S3 bucket.
- IAM Roles
- Cluster Role: The IAM role associated with the control plane for managing AWS resources.
- Node Role: The IAM role assigned to worker nodes, granting permissions for actions within AWS.
Workload Deployment
- Kubernetes Manifests
- YAML files define Kubernetes objects:
- Deployments: Manage stateless application pods.
- Services: Expose pods to clients with load balancing.
- Ingress: Provide external access rules for your services.
- YAML files define Kubernetes objects:
- Helm
- Chart Repositories: Helm charts are packages of pre-configured Kubernetes resources.
- Chart Installation: Simplify app deployment using
helm install.
- Docker
- Container Images: Package your code and dependencies.
- Container Registry: Store images (e.g., AWS Elastic Container Registry, Docker Hub).
Cluster Operations
- Scaling
- Horizontal Pod Autoscaler: Automatically scales pods based on metrics (CPU/memory).
- Cluster Autoscaler: Scales worker nodes to align with pod resource needs.
- Upgrades
- Control Plane Upgrade: EKS simplifies control plane updates.
- Node Group Upgrade: Update worker nodes to newer Kubernetes versions.
- Monitoring
- CloudWatch: Collect AWS and Kubernetes metrics.
- Prometheus: Popular open-source monitoring tool for flexible alerting and dashboards.
- Troubleshooting
- kubectl Commands: (e.g.,
describe,logs) for inspecting resources. - EKS Events: Check EKS events in your AWS console.
- CloudTrail Logs: Trace AWS API calls.
- kubectl Commands: (e.g.,
Advanced Topics
- Multi-tenant Clusters
- Namespaces: The key to multi-tenancy is logically dividing your cluster using Kubernetes namespaces. Each namespace provides isolation for resources like deployments, services, and pods.
- Resource Quotas: Prevent teams or projects from consuming excessive cluster resources. Enforce limits on CPU, memory, and object counts within namespaces.
- Role-Based Access Control (RBAC): Define granular permissions for users and groups within specific namespaces to control access and actions they can perform.
- High Availability
- Multi-AZ Clusters: Distribute worker nodes across multiple Availability Zones (AZs) to ensure application availability even if one AZ experiences an outage.
- Regional Clusters: For ultimate resilience, consider spanning your EKS control plane across multiple AWS regions. This protects against broader regional-level failures.
- Control Plane Redundancy: EKS automatically provisions multiple control plane instances across AZs. Configure your worker node groups to also span multiple AZs for added fault tolerance.
- Security
- IAM Policies: Adhere to the principle of least privilege. Create fine-grained IAM policies attached to EKS cluster roles, node roles, and user/group roles to restrict access to only necessary AWS actions.
- Network Policies: Use Kubernetes Network Policies to control traffic flow between pods. Define rules to allow or deny traffic based on criteria like namespaces, labels, and IP addresses for secure communication.
- Secrets Management: Never store sensitive data (passwords, tokens) directly in Kubernetes manifests. Utilize solutions like AWS Secrets Manager or Kubernetes Secrets integrated with pod access controls.
- Pod Security Policies: Enforce security standards at the pod-level, controlling privileged containers, allowed volumes, host networking, and more.
Free Courses : Microsoft Azure (Concepts + Hands-on)
Free Courses : Kubernetes (Enroll Now)
EKS for Simplified Kubernetes (AWS)