Q: What is Amazon EKS Distro?
EKS Distro is a distribution of the same open source Kubernetes and dependencies deployed by Amazon EKS for you to manually run Kubernetes clusters anywhere. EKS Distro includes binaries and containers of open source Kubernetes, etcd (cluster configuration database), networking, storage plugins, tested for compatibility. EKS Distro will provide extended support for Kubernetes versions after community support expires, by updating builds of previous versions with the latest critical security patches. You will be able to securely access EKS Distro releases from GitHub or within AWS via Amazon S3 and ECR for a common source of releases and updates.
Q: What problems does EKS Distro solve?
If you manually create Kubernetes clusters, you probably spend a lot of effort to track updates, determine compatible versions of Kubernetes and its dependencies, test them for compatibility, and maintain pace with the Kubernetes release cadence. However, you still face uncertainty that you chose the versions of required Kubernetes components and security releases for the right balance of performance, security, and latest, stable versions. You will need to allocate resources and time to maintain Kubernetes testing infrastructure to ensure component version compatibility, support tooling compatibility, and performance regressions for each version release of Kubernetes and its dependencies. You likely either don’t perform these tests, or take on significant effort and expense to keep up with the Kubernetes version release lifecycle. A new Kubernetes release is announced every 3-4 months, with critical security patch support provided only for the 3 latest versions. If you are not able to maintain pace for testing and qualifying new versions, you risk breaking changes, version compatibility issues, and running unsupported versions of Kubernetes lacking critical security patches.
Q: Why should you use EKS Distro?
EKS Distro lets you to manually run Kubernetes clusters using a Kubernetes distribution of compatible versions of the latest Kubernetes release and its dependencies, tested for reliability and security. With EKS Distro you have access to installable, reproducible builds of Kubernetes for cluster creation and extended security patching support of Kubernetes versions after community support expires. Extended Kubernetes maintenance support will be provided for up to 14 months in accordance with Amazon EKS Version Lifecycle Policy providing you the time necessary to update your infrastructure in alignment with your software lifecycle.
Q: Why should you use EKS Distro over building and managing Kubernetes on their own?
EKS Distro makes it easier for you to create Kubernetes clusters and manage the Kubernetes lifecycle by alleviating the need to track updates, determine compatibility, standardize on a common Kubernetes version across distributed teams, and have extended support for versions no longer supported by the Kubernetes community. While you may be able to do this on your own, it takes significant effort and you have no certainty the right choices are made. EKS Distro provides you the confidence you are using the latest, secure versions and tested for compatibility because it’s the same versions supported by Amazon EKS.
Q: How can I get started with EKS Distro?
To create a EKS Distro cluster, you will need to setup the servers, networking, and install a supported operating system on each server of the cluster. If you have existing tools for cluster creation, you can update their settings to download EKS Distro from GitHub or Amazon S3 and Amazon ECR. If you are creating EKS Distro-based clusters for the first time, you can use kubeadm or Kubernetes Operations (kops).
Q: Where can I create EKS Distro clusters?
You can create EKS Distro clusters in AWS on Amazon EC2 and on your own hardware on-premises using the tooling of your choice.
Q: What is included in EKS Distro?
EKS Distro will include opensource (upstream) Kubernetes components and third-party tools including configuration database, network, and storage components necessary for cluster creation. These include Kubernetes Control Plane components (eg. kube-controller-manager, etcd, and CoreDNS), Kubernetes Node components (eg kubelet, Kubernetes CSI, and CNI), and command line clients (eg. kubectl and etcdctl).
Q: What versions of Kubernetes will EKS Distro support at launch?
EKS Distro supports Kubernetes 1.18.x, 1.17.9, 1.16.13, and 1.15.11, the same versions of Kubernetes and point releases Amazon EKS uses.
Q: What patches will we include with EKS Distro?
EKS Distro will include all of the upstream patches used by Amazon EKS including fixes which Amazon has contributed back to the community.
Q: Will EKS Distro include AWS components that communicate with AWS services (Ex: aws-cloudprovider, aws-kms-encryption-provider, aws-iam-authenticator)?
EKS Distro does not include the official Kubernetes network, storage plugins or IAM authenticator. EKS Distro includes the Kubernetes components required to work in all environments, not all the components for every environment.
Q: What operating systems will I be able to deploy EKS Distro on?
EKS Distro provides the same upstream versions of Kubernetes and dependencies which operating system vendors have tested and confirmed to work with Kubernetes, and will work the same way. As a result, EKS Distro works with common operating systems already used to run Kubernetes clusters, such as CentOS, Canonical Ubuntu, Red Hat Enterprise Linux, Suse, and more. EKS Distro is tested with select vendors to ensure support on Bottlerocket, Amazon Linux 2 (AL2), and Canonical has tested EKS Distro for compatibility with Ubuntu. AWS is continuing to work with partners to expand the vendors which have qualified EKS Distro for their operating system.
Q: What will be the release cycle for new versions of EKS Distro?
New version releases of EKS Distro will be aligned with Amazon EKS version lifecycle, and will be posted on the same day or soon after Amazon EKS. Alignment with Amazon EKS is necessary in order for EKS Distro releases to follow the same release qualification of Kubernetes versions and third-party dependencies, and makes sure your clusters are created using the same versions of components tested by Amazon EKS to be reliable and updated with the latest security patches.
Q: How will I be notified of the availability of new versions of EKS Distro?
You can subscribe to be notified when new versions are available, removing the requirement for you to track version releases for Kubernetes and each dependency. You will be able to leverage the SNS notification system an event-driven trigger to begin workflows to adopt new EKS Distro versions.
Q: Will EKS Distro provide extended support for Kubernetes versions?
Yes. EKS Distro provides extended maintenance of critical Kubernetes security patches by patching previous versions of Kubernetes, including versions no longer supported by the open source Kubernetes community. Community support for previous Kubernetes versions includes the last three releases (9 months), but with EKS Distro, you will be able to receive security patching of Kubernetes versions aligned with Amazon EKS’ version lifecycle policy of the last 4 versions plus 60 days (14 months).
Q: Will EKS Distro provide a build and release for every point release of Kubernetes?
No. EKS Distro only provides builds and dependency updates (eg CoreDNS and etcd) in alignment with Kubernetes version and point releases for which Amazon EKS provides support.
Q: How will I have confidence that the builds were not compromised?
You will be provided the build environment flags and link to the source code for each binary enabling you to have the confidence you are using reproducible builds. AWS will provide the Kubernetes source code, patches used at build time, tools, and build time options including timestamp. Once built, you can verify that the hashes of the published versions of EKS Distro match what you compile. Documentation and versioning on GitHub will enable you to review the difference between builds for verification.
Q: What tools will we provide if you want to reproduce our builds?
In order to provide a trusted reproducible build, you need to trust the supply chain and compilation of the build tooling. EKS Distro build jobs will be run using the suggested upstream Kubernetes CI and build infrastructure, so you can use the same process. Components, like CoreDNS, will be packaged in containers using AmazonLinux2. Publishing our process and tooling will also serve as an audit trail of the tooling supply chain going forward to support this process.
Q: How does EKS Distro relate to/work with other AWS Services?
EKS Distro is aligned with Amazon EKS versions and components, is supported by the Amazon EKS operations dashboard, and provides copies of builds in Amazon S3 and ECR for developers creating Kubernetes clusters in AWS. EKS Distro has been tested for use with Amazon Linux 2, Bottlerocket, and AWS Outposts. EKS Distro will support ECR Public repositories as a secure, fast source for you to download EKS Distro for use within AWS regions or on-premises.
Q: What is the support model for EKS Distro?
AWS is committed to maintaining this open source project, engaging the community, and triaging issues that are submitted. AWS will review and respond to issues customers submit, but fixes or patches will be on a best effort basis. Partners will receive support through the Amazon Partner Network program to enable their adoption of EKS Distro, access to artifacts and tooling, documentation, and issues with producing reproducible builds. Customers that adopt EKS Distro through partners and systems integrators will receive support from those providers.