Managed Kubernetes Clusters
Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS and on-premises. Amazon EKS is certified Kubernetes conformant, so existing applications that run on upstream Kubernetes are compatible with Amazon EKS.
Amazon EKS automatically manages the availability and scalability of the Kubernetes control plane nodes that are responsible scheduling containers, managing the availability of applications, storing cluster data, and other key tasks.
EKS lets you run your Kubernetes applications on both Amazon EC2 and AWS Fargate, which provides serverless compute for containers. Fargate automatically provisions and scales compute for your containers. With Fargate, you only pay for the resources requested by your applications to run. Each pod running on Fargate is isolated by design, which improves application security.
With Amazon EKS, you can take advantage of all the performance, scale, reliability, and availability of AWS infrastructure, as well as integrations with AWS networking and security services, such as Application Load Balancers for load distribution, Identity Access Manager (IAM) integration with role-based access control (RBAC), and Virtual Private Cloud (VPC) for pod networking.
Managed control plane
Amazon EKS provides a scalable and highly-available Kubernetes control plane that runs across multiple AWS availability zones. Amazon EKS automatically manages the availability and scalability of the Kubernetes API servers and etcd persistence layer for each cluster. Amazon EKS runs the Kubernetes control plane across three Availability Zones in order to ensure high availability, and it automatically detects and replaces unhealthy control plane nodes.
AWS Controllers for Kubernetes (ACK) lets you directly manage AWS services from Kubernetes. ACK makes it simple to build scalable and highly-available Kubernetes applications that utilize AWS services.
Hosted Kubernetes Console
EKS provides an integrated console for Kubernetes clusters. Cluster operators and application developers can use EKS as a single place to organize, visualize, and troubleshoot their Kubernetes applications running on Amazon EKS. The EKS console is hosted by AWS and is available automatically for all EKS clusters.
EKS Add-ons are common operational software which extend the operational functionality of Kubernetes. You can use EKS to install and keep this software up to date. When you start an Amazon EKS cluster, you can select the add-ons that you would like to run in the cluster, including Kubernetes tools for observability, networking, autoscaling, and AWS service integrations.
Managed node groups
Amazon EKS lets you create, update, scale, and terminate nodes for your cluster with a single command. These nodes can also leverage Amazon EC2 Spot instances to reduce costs. Managed node groups run EC2 instances using the latest EKS-optimized or custom AMIs in your AWS account while updates and terminations gracefully drain nodes to ensure your applications stay available.
Use eksctl for launching nodes and single line management
eksctl is an open source command line tool that gets you up and running with Amazon EKS in minutes. Executing eksctl create cluster, will create an Amazon EKS cluster ready to run your application in minutes. You can use eksctl to simplify the management and operations for your cluster including managing nodes and add-ons.
Amazon EKS supports adding Windows nodes as worker nodes and scheduling Windows containers. EKS supports running Windows worker nodes alongside Linux worker nodes, allowing you to use the same cluster for managing applications on either operating system.
AWS Graviton2 processors power Arm-based EC2 instances delivering a major leap in performance and capabilities as well as significant cost savings. A primary goal of running containers is to improve the cost efficiency for your applications. Combine both and you get a great price performance. For example, testing of workloads shows instance types based on Graviton2 processors deliver up to 40% better price performance than their equivalent x86-based M5, C5, and R5 families. Amazon EKS on AWS Graviton2 is generally available where both services are available regionally.
Networking & Security
Amazon EKS makes it easy to provide security for your Kubernetes clusters, with advanced features and integrations to AWS services and technology partner solutions. For example, IAM provides fine-grained access control and Amazon VPC isolates your Kubernetes clusters from other customers.
AWS Cloud Map is a cloud resource discovery service. With Cloud Map, you can define custom names for your application resources, and it maintains the updated location of these dynamically changing resources. This increases your application availability because your web service always discovers the most up-to-date locations of its resources. Cloud Map works with external-dns, an open-source Kubernetes connector that automatically propagates internal service locations to the Cloud Map service registry as Kubernetes services launch and removes them on termination. Kubernetes-based services become discoverable via Cloud Map, which provides a unified service registry for all container workloads.
Service mesh makes it easy to build and run complex microservices applications by standardizing how every microservice in the application communicates. AWS App Mesh makes it easy to configure your application for end-to-end visibility and high-availability. You can use the AWS App Mesh controller for Kubernetes to create new services connected to the mesh, define traffic routing and configure security features like encryption. Additionally, it allows you to automatically register your Kubernetes pods in AWS Cloud Map for service discovery. App Mesh exports metrics, logs, and traces to the endpoints specified in the Envoy bootstrap configuration provided. App Mesh provides an API to configure traffic routes, circuit breaking, retries, and other controls between microservices that are mesh-enabled. App Mesh mTLS helps encrypt all requests between services even when they are in your private networks. Further, you can add authentication controls to ensure that only allowed services can communicate with each other.
VPC Native Networking
Your EKS clusters run in an Amazon VPC, allowing you to use your own VPC security groups and network ACLs. No compute resources are shared with other customers. This provides you a high level of isolation and helps you use Amazon EKS to build highly secure and reliable applications. EKS uses the Amazon VPC CNI to allow Kubernetes pods to receive IP addresses from the VPC.
Amazon EKS works with the Project Calico network policy engine to provide fine grained networking policies for your Kubernetes workloads. This allows you to control access on a per-service basis using the Kubernetes network policy API.
AWS IAM Authenticator
Amazon EKS integrates Kubernetes RBAC (the native role based access control system for Kubernetes) with AWS IAM. You can assign RBAC roles directly to each IAM entity allowing you to granularly control access permissions to your Kubernetes control plane nodes.
IAM for Service Accounts
Amazon EKS allows you to assign IAM permissions to your Kubernetes service accounts. The IAM role can control access to other containerized services, AWS resources external to the cluster such as databases and secrets, or third party services and applications running outside of AWS. This gives you fine-grained, pod level access control when running clusters with multiple co-located services and makes it easy to optimize costs and availability for the cluster.
Amazon EKS supports using Elastic Load Balancing including Application Load Balancer (ALB), Network Load Balancer (NLB), and Classic Load Balancer.
You can run standard Kubernetes cluster load balancing or any Kubernetes supported ingress controller with your Amazon EKS cluster.
EKS supports AWS Fargate to run your Kubernetes applications using serverless compute. Fargate removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design.
You can use EKS on AWS Outposts to run containerized applications that require particularly low latencies to on-premises systems. AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any connected site. With EKS on Outposts, you can manage containers on-premises with the same ease as you manage your containers in the cloud.
You can attach nodes running in AWS Local Zones, or AWS Wavelength to EKS, giving you more choices for AWS-managed infrastructure at the edge.
Amazon EKS Distro packages up the same open source Kubernetes software distribution used in EKS on AWS for use on your own infrastructure on-premises. EKS Distro clusters can be managed with your own tooling or with Amazon EKS Anywhere (coming 2021.)
Amazon EKS Anywhere (coming 2021) enables you to easily create and operate Kubernetes clusters (building with the software in Amazon EKS Distro) on-premises, including on your own virtual machines (VMs) and bare metal servers. EKS Anywhere saves you the complexity of building and supporting your own tooling to manage Kubernetes clusters. EKS Anywhere provides automation tooling that simplifies cluster creation, administration and operations on infrastructure such as bare metal, vSphere, and cloud virtual machines with default configurations for logging, monitoring, networking, and storage but brings opinionated tooling and additional components you would need to run Kubernetes in production, such as cluster installation and lifecycle management, observability, cluster backup, and policy management.
Amazon EKS runs upstream Kubernetes and is certified Kubernetes conformant, so you can use all the existing plugins and tooling from the Kubernetes community. Applications running on Amazon EKS are fully compatible with applications running on any standard Kubernetes environment, whether running in on-premises datacenters or public clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without needing to refactor your code.
Managed cluster updates
Amazon EKS makes it easy to update running clusters to the latest Kubernetes version without needing to manage the update process. Kubernetes version updates are done in place, removing the need to create new clusters or migrate applications to a new cluster.
As new Kubernetes versions are released and validated for use with Amazon EKS, we will support three stable Kubernetes versions as part of the update process at any given time. You can initiate the installation of new versions and get details on the status of in-flight updates via the SDK, CLI or AWS Console.
Support for advanced workloads
Amazon EKS provides an optimized Amazon Machine Image (AMI) that includes configured NVIDIA drivers for GPU-enabled P2 and P3 EC2 instances. This makes it easy to use Amazon EKS to run computationally advanced workloads, including machine learning (ML), Kubeflow, deep learning (DL) containers, high performance computing (HPC), financial analytics, and video transcoding.
Works with open source tools
Amazon EKS is fully compatible with Kubernetes community tools and supports popular Kubernetes add-ons. These include CoreDNS to create a DNS service for your cluster and both the Kubernetes Dashboard web-based UI and the kubectl command line tool to access and manage your cluster on Amazon EKS.
For more information see the Kubernetes community tools GitHub page.