Open in app

Sign in

Write

Sign in

Amazon EKS Service

Manish Sharma
5 min readSep 12, 2022

--

Amazon Elastic Kubernetes Service (Amazon EKS) gives you the flexibility to start, run, and scale Kubernetes applications in the cloud or on-premises. Amazon EKS provides highly available and secure clusters while automating key tasks such as patching, node provisioning, and updates.

You can run EKS on AWS using either

  • Amazon Elastic Compute Cloud (Amazon EC2) or
  • AWS Fargate, and
  • on-premises using AWS Outposts

You can use a single EKS cluster to run multiple applications by taking advantage of Kubernetes namespaces and IAM security policies.

Shared Responsibility

Amazon EKS is built around a shared-responsibility model; the control plane nodes are managed by AWS and you run the worker nodes. This gives you high availability and simplifies the process of moving existing workloads to EKS. Here’s a very high-level overview:

Why use Amazon EKS?

Hybrid container deployments

Run highly available and scalable Kubernetes clusters on AWS, while maintaining full compatibility with your Kubernetes deployments running anywhere else.

Microservices

Easily run micro-services applications with deep integrations to AWS services, while getting access to the full suite of Kubernetes functionality and popular open source tooling.

Application migration

Easily containerise and migrate existing applications to Amazon EKS without needing to refactor your code or tooling.

Batch processing

The Kubernetes Jobs API lets you run sequential or parallel workloads on your Amazon EKS cluster. These workloads can be run on Amazon EC2 On-Demand Instances, Reserved Instances, or Spot Instances.

How it works

Amazon EKS exposes a Kubernetes API endpoint. Your existing Kubernetes tooling can connect directly to EKS managed control plane. Worker nodes run as EC2 instances in your account.

AWS EKS Overview

Amazon EKS takes advantage of the fact that it is running in the AWS Cloud, making great use of many AWS services and features, while ensuring that everything you already know about Kubernetes remains applicable and helpful. Here’s an overview:

  • Multi-AZ — The Kubernetes control plane (the API server and the etcd database) are run in high-availability fashion across three AWS Availability Zones. Control plane nodes are monitored and replaced if they fail, and are also patched and updated automatically.
  • IAM Integration Amazon EKS uses the Heptio Authenticator for authentication. You can make use of IAM roles and avoid the pain that comes with managing yet another set of credentials.
  • Load Balancer Support — You can route traffic to your worker nodes using the AWS Network Load Balancer, the AWS Application Load Balancer, or the original (classic) Elastic Load Balancer.
  • EBS — Kubernetes PersistentVolumes (used for cluster storage) are implemented as Amazon Elastic Block Store (EBS) volumes.
  • Route 53 — The External DNS project allows services in Kubernetes clusters to be accessed via Route 53 DNS records. This simplifies service discovery and supports load balancing.
  • Auto Scaling — Your clusters can make use of Auto Scaling, growing and shrinking in response to changes in load.
  • Container Interface — The Container Network Interface for Kubernetes uses Elastic Network Interfaces to provide secondary IP addresses for Kubernetes Pods.

Amazon EKS pricing

You pay $0.10 per hour for each Amazon EKS cluster that you create

Amazon EKS on AWS EC2 (pricing)

  • If you are using Amazon EC2 (including with Amazon EKS managed node groups), you pay for AWS resources (e.g., EC2 instances or Amazon Elastic Block Store (EBS) volumes) you create to run your Kubernetes worker nodes
  • You only pay for what you use, as you use it; there are no minimum fees and no upfront commitments

Amazon EKS on AWS Fargate (pricing)

  • If you are using AWS Fargate, pricing is calculated based on the vCPU, memory, Operating Systems, CPU Architecture, and storage resources used from the time you start to download your container image until the Amazon ECS Task or Amazon EKS2 Pod terminates, rounded up to the nearest second.
  • A minimum charge of one minute applies

Amazon EKS on AWS Outposts (pricing)

Amazon EKS on AWS Outposts pricing is simple and works the same as it does in the cloud

  • The Amazon EKS cluster is deployed in the cloud (not on Outposts) and you pay $0.10 per hour.
  • Your Kubernetes worker nodes run on the capacity provided by Outposts EC2 at no additional charge

How to Connect to Amazon EKS Cluster

  1. Verify that AWS CLI version 1.16.308 or greater is installed on your system
$ aws --versionoutput: 
aws-cli/2.7.28 Python/3.9.11 Linux/4.14.287-215.504.amzn2.x86_64 exec-env/CloudShell exe/x86_64.amzn.2 prompt/off

Important: You must have Python version 2.7.9 or greater installed on your system. Otherwise, you receive an error.

2. Check the current identity to verify that you’re using the correct credentials that have permissions for the Amazon EKS cluster

$ aws sts get-caller-identityoutput:
{
    "UserId": "653580565243",
    "Account": "653584545291",
    "Arn": "arn:aws:iam::653580565243:root"
}

Note:

  • The AWS Identity and Access Management (IAM) entity user or role that creates an Amazon cluster is automatically granted permissions when the cluster is created.
  • These permissions are granted in the cluster’s RBAC configuration in the control plane.
  • IAM users or roles can also be granted access to an Amazon EKS cluster in aws-auth ConfigMap.
  • By default, the AWS IAM Authenticator for Kubernetes uses the configured AWS CLI or AWS SDK identity

3. Create or update the kubeconfig file for your cluster

$ aws eks --region <aws_region> update-kubeconfig --name <cluster_name>output:
Added new context arn:aws:eks:ap-south-1:653580575271:cluster/test-eks to /home/cloudshell-user/.kube/config

Note: Replace region with your AWS Region. Replace cluster_name with your cluster name.

By default, the configuration file is created at the kubeconfig path ($HOME/.kube/config) in your home directory or merged with an existing kubeconfig at that location. For Windows, the file is at %USERPROFILE%\.kube\config.

4. Test your configuration:

$ kubectl get svcOutput:
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   9m7s
Eks
AWS
DevOps
Kubernetes Cluster
Kubernetes

--

--

Manish Sharma
Manish Sharma

Written by Manish Sharma

167 Followers
8 Following

I am a technology enthusiast with a passion for continuous learning & innovation. Certified as an AWS Soln Architect Associate & HashiCorp Terraform Associate.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams