Q: What is Amazon EKS Distro?
Amazon EKS Distro is a distribution of the same open-source Kubernetes and dependencies deployed by Amazon Elastic Kubernetes Service (Amazon EKS) allowing you to manually run Kubernetes clusters anywhere. EKS Distro includes binaries and containers of open-source Kubernetes, etcd (cluster configuration database), networking, and storage plugins, tested for compatibility. EKS Distro will provide extended support for Kubernetes versions after community support expires by updating builds of previous versions with the latest critical security patches. You can securely access EKS Distro releases as open source on GitHub or within AWS via Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Container Registry (Amazon ECR) for a common source of releases and updates. Deploy clusters and let AWS take care of testing and tracking Kubernetes updates, dependencies, and patches. Each EKS Distro verifies new Kubernetes versions for compatibility. The source code, open-source tools, and settings are provided for reproducible builds.
Q: What problems does Amazon EKS Distro solve?
If you create Kubernetes clusters manually, you probably spend a lot of effort tracking updates, determining compatible versions of Kubernetes and its dependencies, testing them for compatibility, and maintaining pace with the Kubernetes release cadence. However, you may be uncertain when choosing the required Kubernetes component versions and security releases for the right balance of performance, security, and latest stable versions. You need to allocate resources and time to maintain Kubernetes testing infrastructure to ensure component version compatibility, support tooling compatibility, and performance regressions for each version release of Kubernetes and its dependencies. You likely either don’t perform these tests, or take on significant effort and expense to keep up with the Kubernetes version release lifecycle. A new Kubernetes release is announced every three-to-four months, with critical security patch support provided only for the three latest versions. If you are unable to maintain pace for testing and qualifying new versions, you risk breaking changes, version compatibility issues, and running unsupported versions of Kubernetes lacking critical security patches.
Q: Why should you use Amazon EKS Distro?
EKS Distro lets you manually run clusters using a Kubernetes distribution of compatible versions of the latest release and its dependencies, tested for reliability and security. EKS Distro provides access to installable, reproducible Kubernetes builds for cluster creation, as well as extended security patching support after community support expires. Extended Kubernetes maintenance support is offered for up to 14 months in accordance with Amazon EKS Version Lifecycle Policy, giving you the time necessary to update your infrastructure in alignment with your software lifecycle.
Q: Why should you use Amazon EKS Distro over building and managing Kubernetes on your own?
Amazon EKS Distro alleviates the need to track updates, determine compatibility, and standardize on a common Kubernetes version across distributed teams. This makes it easier for you to create clusters and manage the Kubernetes lifecycle. While you may be able to do this on your own, it takes significant effort. EKS Distro provides you the confidence of the latest, secure versions tested for compatibility through Amazon EKS version support.
Q: How do I get started with Amazon EKS Distro?
To create an Amazon EKS Distro cluster, you will need to set up the servers, networking, and install a supported operating system (OS) on each server of the cluster. If you have existing cluster creation tools, you can update their settings to download EKS Distro from GitHub or Amazon S3 and Amazon ECR. If you are creating EKS Distro-based clusters for the first time, you can use kubeadm or Kubernetes Operations (kops).
Q: Where can I create Amazon EKS Distro clusters?
You can create Amazon EKS Distro clusters in AWS on Amazon EC2 and on your own on-premises hardware using the tooling of your choice.
Q: What is included in Amazon EKS Distro?
Amazon EKS Distro includes open-source (upstream) Kubernetes components and third-party tools including configuration database, network, and storage components necessary for cluster creation. These include Kubernetes Control Plane components (eg. kube-controller-manager, etcd, and CoreDNS), Kubernetes Node components (eg kubelet, Kubernetes CSI, and CNI), and command line clients (eg. kubectl and etcdctl).
Q: What versions of Kubernetes will Amazon EKS Distro support at launch?
Amazon EKS Distro supports the same versions of Kubernetes and point releases as Amazon EKS.
Q: What patches will we include with Amazon EKS Distro?
Amazon EKS Distro will include all of the upstream patches used by Amazon EKS, including fixes Amazon has contributed back to the community.
Q: Will Amazon EKS Distro include AWS components that communicate with AWS services (Ex: aws-cloudprovider, aws-kms-encryption-provider, aws-iam-authenticator)?
Amazon EKS Distro does not include the official Kubernetes network, storage plugins, or AWS Identity and Access Management (IAM) authenticator. EKS Distro includes the Kubernetes components required to work in all environments, not all the components for every environment.
Q: To what operating systems will I be able to deploy Amazon EKS Distro?
Amazon EKS Distro provides the same upstream versions of Kubernetes and dependencies tested by OS vendors and confirmed to work with Kubernetes. As a result, EKS Distro works with common operating systems already used to run Kubernetes clusters, such as CentOS, Canonical Ubuntu, Red Hat Enterprise Linux, Suse, and more. EKS Distro is tested with select vendors to ensure support on Bottlerocket, Amazon Linux 2 (AL2), and Canonical has tested EKS Distro for compatibility with Ubuntu. AWS continues to work with partners to expand the vendors which have qualified EKS Distro as compatible with their operating system.
Q: What will be the release cycle for new versions of Amazon EKS Distro?
New version releases of Amazon EKS Distro will be aligned with Amazon EKS version lifecycle, and will be posted on the same day or soon after Amazon EKS. Alignment with Amazon EKS is necessary in order for EKS Distro releases to follow the same release qualification of Kubernetes versions and third-party dependencies, and ensures your clusters are created using the same component versions tested by Amazon EKS to confirm reliability and updated security patches.
Q: How will I be notified of new Amazon EKS Distro version availability?
You can subscribe for notifications when new versions are available, eliminating the need to track version releases for Kubernetes and each dependency. You will be able to leverage Amazon Simple Notification Service (SNS) for event-driven triggers to begin workflows to adopt new EKS Distro versions.
Q: Will Amazon EKS Distro provide extended support for Kubernetes versions?
Yes. Amazon EKS Distro provides extended maintenance of critical Kubernetes security patches by patching previous versions of Kubernetes, including versions no longer supported by the open-source Kubernetes community. Community support for previous Kubernetes versions includes the last three releases (nine months), but with EKS Distro, you can receive security patching of Kubernetes versions aligned with Amazon EKS’ version lifecycle policy of the last four versions plus 60 days (14 months).
Q: Will Amazon EKS Distro provide a build and release for every point release of Kubernetes?
No. Amazon EKS Distro only provides builds and dependency updates (eg CoreDNS and etcd) in alignment with Kubernetes version and point releases for which Amazon EKS provides support.
Q: How will I have confidence that builds were not compromised?
You will be provided the build environment flags and source code links for each binary, which will confirm you are using reproducible builds. AWS will provide the Kubernetes source code, patches used at build time, tools, and build time options including timestamps. Once built, you can verify that the published EKS Distro version hashes match what you compile. GitHub documentation and versioning will let you review the difference between builds for verification.
Q: What tools will we provide if you want to reproduce our builds?
In order to provide a trusted reproducible build, you need to trust the supply chain and compilation of the build tooling. Amazon EKS Distro build jobs will be run using the suggested upstream Kubernetes CI and build infrastructure, so you can use the same process. Components, like CoreDNS, will be packaged in containers using Amazon Linux2. Publishing our process and tooling will also serve as an audit trail of the tooling supply chain going forward to support this process.
Q: How does Amazon EKS Distro relate to/work with other AWS services?
Amazon EKS Distro is aligned with Amazon EKS versions and components, and is supported by the Amazon EKS operations dashboard. EKS Distro also provides copies of builds in Amazon S3 and ECR for developers creating Kubernetes clusters in AWS. EKS Distro has been tested for use with Amazon Linux 2, Bottlerocket, and AWS Outposts. EKS Distro will support ECR Public repositories as a secure, fast source for you to download EKS Distro for use within AWS regions or on-premises.
Q: What is the support model for Amazon EKS Distro?
AWS is committed to maintaining this open-source project, engaging the community, and triaging issues. AWS will review and respond to issues customers submit, but fixes or patches will be on a best effort basis. Partners will receive support through the Amazon Partner Network program to enable their Amazon EKS Distro adoption, access to artifacts and tooling, documentation, and issues with producing reproducible builds. Customers that adopt EKS Distro through partners and systems integrators will receive support from those providers.
Q: Where I can learn more about Amazon EKS Distro?
Get started building with Amazon EKS Distro on GitHub. Learn more.
Check out partners. Visit the partners page. Learn more.