Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane. Amazon EKS is certified Kubernetes conformant, so existing applications running on upstream Kubernetes are compatible with Amazon EKS.
Amazon EKS automatically manages the availability and scalability of the Kubernetes control plane nodes that are responsible for starting and stopping containers, scheduling containers on virtual machines, storing cluster data, and other tasks. Amazon EKS automatically detects and replaces unhealthy control plane nodes for each cluster.
With Amazon EKS, you can take advantage of all the performance, scale, reliability, and availability of the AWS platform, as well as integrations with AWS networking and security services, such as Application Load Balancers for load distribution, IAM for role based access control, and VPC for pod networking.
Managed Kubernetes control plane
Amazon EKS provides a scalable and highly-available control plane that runs across multiple AWS availability zones. The Amazon EKS service automatically manages the availability and scalability of the Kubernetes API servers and the etcd persistence layer for each cluster. Amazon EKS runs the Kubernetes control plane across three Availability Zones in order to ensure high availability, and it automatically detects and replaces unhealthy masters.
Launch using eksctl
eksctl is an open source command line tool that gets you up and running with Amazon EKS in minutes. Executing eksctl create cluster, will create an Amazon EKS cluster ready to run your application in minutes.
Networking & Security
Amazon EKS makes it easy to provide security for your Kubernetes clusters, with advanced features and integrations to AWS services and technology partner solutions. For example, IAM provides fine-grained access control and Amazon VPC isolates your Kubernetes clusters from other customers.
AWS Cloud Map is a cloud resource discovery service. With Cloud Map, you can define custom names for your application resources, and it maintains the updated location of these dynamically changing resources. This increases your application availability because your web service always discovers the most up-to-date locations of its resources. We provide an open-source Kubernetes connector that automatically propagates internal service locations to the Cloud Map service registry as Kubernetes services launch and removes them on termination. Kubernetes-based services become discoverable via Cloud Map, which provides a unified service registry for all container workloads.
Service mesh makes it easy to build and run complex microservices applications by standardizing how every microservice in the application communicates. AWS App Mesh is a service that makes it easy to configure part of your application for end-to-end visibility and high-availability. To use App Mesh, add the Envoy proxy image to the Kubernetes PodSpec. App Mesh exports metrics, logs, and traces to the endpoints specified in the Envoy bootstrap configuration provided. App Mesh provides an API to configure traffic routes, circuit breaking, retries, and other controls between microservices that are mesh-enabled.
Your EKS clusters run in an Amazon VPC, allowing you to use your own VPC security groups and network ACLs. No compute resources are shared with other customers. This provides you a high level of isolation and helps you use Amazon EKS to build highly secure and reliable applications. EKS uses the Amazon VPC CNI to allow Kubernetes pods to receive IP addresses from the VPC.
Amazon EKS works with the Project Calico network policy engine to provide fine grained networking policies for your Kubernetes workloads. This allows you to control access on a per-service basis using the Kubernetes network policy API.
AWS IAM Authenticator
Amazon EKS integrates Kubernetes RBAC (the native role based access control system for Kubernetes) with AWS IAM Authenticator. You can assign RBAC roles directly to each IAM entity allowing you to granularly control access permissions to your Kubernetes masters.
IAM for Service Accounts
Amazon EKS allows you to assign IAM permissions to your Kubernetes service accounts. The IAM role can control access to other containerized services, AWS resources external to the cluster such as databases and secrets, or third party services and applications running outside of AWS. This gives you fine-grained, pod level access control when running clusters with multiple co-located services and makes it easy to optimize costs and availability for the cluster.
Amazon EKS supports adding Windows nodes as worker nodes and scheduling Windows containers. EKS supports running Windows worker nodes alongside Linux worker nodes, allowing you to use the same cluster for managing applications on either operating system.
Amazon EKS supports using Elastic Load Balancing including Application Load Balancer (ALB), Network Load Balancer (NLB), and Classic Load Balancer.
You can run standard Kubernetes cluster load balancing or any Kubernetes supported ingress controller with your Amazon EKS cluster.
Amazon EKS runs upstream Kubernetes and is certified Kubernetes conformant, so you can use all the existing plugins and tooling from the Kubernetes community. Applications running on Amazon EKS are fully compatible with applications running on any standard Kubernetes environment, whether running in on-premises datacenters or public clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without needing to refactor your code.
Amazon EKS makes it easy to update running clusters to the latest Kubernetes version without needing to manage the update process. Kubernetes version updates are done in place, removing the need to create new clusters or migrate applications to a new cluster.
As new Kubernetes versions are released and validated for use with Amazon EKS, we will support three stable Kubernetes versions as part of the update process at any given time. You can initiate the installation of new versions and get details on the status of in-flight updates via the SDK, CLI or AWS Console.
Support for advanced workloads
Amazon EKS provides an optimized Amazon Machine Image (AMI) that includes configured NVIDIA drivers for GPU-enabled P2 and P3 EC2 instances. This makes it easy to use Amazon EKS to run computationally advanced workloads, including machine learning (ML), Kubeflow, deep learning (DL) containers, high performance computing (HPC), financial analytics, and video transcoding.
Works with open source tools
Amazon EKS is fully compatible with Kubernetes community tools and supports popular Kubernetes add-ons. These include CoreDNS to create a DNS service for your cluster and both the Kubernetes Dashboard web-based UI and the kubectl command line tool to access and manage your cluster on Amazon EKS.
For more information see the Kubernetes community tools GitHub page.