AWS Tutorials

By KnowledgeHut .

EKS stands for Elastic Kubernetes Service, which is an Amazon offering that helps in running the Kubernetes on AWS without requiring the user to maintain their own Kubernetes control plane. It is a fully managed service by Amazon. Kubernetes is an open-source system that helps in the process of automatic deployment, scaling, and managing containerized applications. Amazon EKS helps run Kubernetes control plane instances over multiple Availability Zones which makes sure that they are highlyavailable. Amazon EKS automatically detects and replaces control plane instances that are unhealthy, as well as provisioning automated version upgrades and patching for the unhealthy control planes. Amazon EKS can be integrated with other Amazon service in order to provide scalability and security for user applications, and some of the services have been listed below: Authentication is served by IAM. Isolation is served by Amazon VPC. Amazon ECR for container images. Elastic Load Balancing service to distribute the load. Amazon EKS helps run up-to-date version of the open-source Kubernetes software, thereby allowing the user to use all the existing plugins and tooling which is availability in the Kubernetes community. Applications that run on Amazon EKS are completely compatible with applications which run on other standard Kubernetes environment, be it running in on premise data centres or in public clouds. This indicates that the user can migrate to other standard Kubernetes application very easily without modifying any code. Amazon EKS Control Plane ArchitectureAmazon EKS runs along with a single tenant Kubernetes control plane for every cluster. This control pane infrastructure can’t be shared with other clusters or AWS accounts. The control plane consists of a minimum of two API server nodes and three ‘etcd’ nodes which run across three Availability Zones which is present in a Region. Amazon EKS detects and replaces unhealthy control plane instances automatically, and restarts them over these Availability Zones within the Region as and when required. Amazon EKS makes good use of the AWS Region architecture so as to provide high-availability. Due to all this, Amazon EKS offers SLA for API server endpoint availability. Amazon EKS makes use of Amazon VPC network policies to restrict the traffic that flows between the components of the control plane and the single cluster. The components of the control plane for the cluster won’t be able to view or receive any communication from other clusters or AWS accounts, the only exception being an authorized Kubernetes RBAC policy. Such security and high-availability configuration make Amazon EKS highly reliable, thereby making it suitable to be used in many production workloads too. Working of Amazon EKS The below images show how Amazon EKS works.Image credit: aws.amazon.comSteps to start Amazon EKSFollowing are the steps to start Amazon EKS: Create an Amazon EKS cluster with the AWS Management Console or AWS CLI or with one of the AWS SDKs. Launch the worker node which registers the Amazon EKS cluster. An AWS CloudFormation template can be provisioned that helps configure the nodes automatically. When the cluster is ready, the user can configure it with the Kubernetes tools which is required for their application to communicate with their cluster. This Amazon EKS cluster can be used to deploy and manage applications in the same manner as one would do with any other Kubernetes environment. A Kubernetes cluster can be created in two ways: With eksctl: This can be used to install the resources which are required to begin working with Amazon EKS ‘eksctl’. The ‘eksctl’ is a simple command line utility that can be used to create and manage Kubernetes cluster on Amazon EKS. This is considered to be one of the quickest and the simplest methods of creating a cluster with Amazon EKS. With AWS Management Console: This method can be used to create the resources required to start working with Amazon EKS with the help of AWS Management Console. In this method, the user has to manually create every resource in the Amazon EKS or AWS CloudFormation console. This is considered as a much complicated and time-consuming method of creating and working with Amazon EKS. Components of Amazon EKS ClusterAn Amazon EKS cluster consists of two major components. They have been discussed below:Amazon EKS control plane This consists of control plane nodes which are used to run Kubernetes software, which includes ‘etcd’ and the Kubernetes API server. This plane works with the account that is managed by AWS and the Kubernetes API is exposed to the outside through an Amazon EKS endpoint which is associated with the cluster user. Every Amazon EKS cluster control plane is unique and consists of a single-tenant. It runs its own set of Amazon EC2 instances. The data which is stored with the help of ‘etcd’ nodes and the respective Amazon EBS volumes is in the encrypted form. Hence Amazon EKS uses master encryption keys which help in generating volume encryptions keys that are in turn managed by Amazon EKS service. The cluster control plane has the ability to work across multiple Availability Zones and with the front-end through an Elastic Load Balancing Network Load Balancer. Amazon EKS can also be used to provide elastic network interfaces to the user’s VPC subnets thereby facilitating connectivity from the control plane instances to the worker nodes, so as to support ‘kubectl exec’, ‘logs’, and ‘proxy’ data flows. Amazon EKS worker nodes registered with the control plane:Worker machines in Kubernetes are known as worker nodes. Amazon EKS worker nodes can be run in the user’s AWS account to help connect the cluster’s control plane through an API server endpoint. This will also have a certificate file which is created for the server. Amazon EKS worker nodes can be understood as standard Amazon EC2 instances, and they are charged based on how EC2 instances are normally charged. As a default action, Amazon EKS provisions AWS CloudFormation templates to spin up worker nodes in the Amazon EKS cluster. This AMI has been built over Amazon Linux 2 and has been configured to work as a base image for all Amazon EKS worker nodes. The AMI has also been configured to work with Amazon EKS out-of-the-box, which includes Docker, ‘kubelet’ and AWS IAM authenticator as well. AMI consists of a special bootstrap script which helps in automatically discovering and connecting to the user’s cluster control plane. The AWS Cloud Formation worker node template helps in launching the worker nodes with the help of specialized Amazon EC2 user data. This user data is used as a trigger to initiate a specialized bootstrap script which makes sure that the worker nodes automatically discover and connect to the user’s cluster control plane. ConclusionIn this post, we understood how EKS can be used to run Kubernetes on AWS without the need for the user to explicitly maintain Kubernetes control plane.

1. Introduction

2. Amazon Web Services S3

3. AWS Relational Database

4. Amazon Elastic Block Store (EBS)

5. Amazon DynamoDB

6. Amazon Lightsail

7. Creating Hadoop cluster with the help of EMR

8. AWS AMI

9. Amazon Web Services Lambda

10. Amazon Route 53

11. AWS Bastion Host

12. Amazon Athena

13. AWS CloudWatch Monitoring

14. AWS CloudFront

15. AWS Autoscaling and Workspaces

16. AWS IAM (Identity and Access Management)

17. Amazon ElastiCache

18. AWS networking

19. Amazon Aurora

20. Amazon Code deploy

21. AWS NACL

22. Difference between NACL and security groups

23. AWS Direct connect

24. AWS Storage gateway

25. Security and Identity

26. Cloud security

27. AWS workmail

28. Creation of an RDS instance in AWS

29. AWS API Gateway

30. Amazon SQS

31. AWS Machine Learning

32. Database

33. AWS non-relational database

34. AWS Snowball

35. AWS Fargate

36. AWS EKS

37. AWS Codecommit

38. AWS Opswork intro

39. AWS simple workflow service

40. AWS NAT Gateway

41. AWS Compliance

42. AWS Codestar

43. Network Load Balancer

44. AWS Bash Script

45. AWS Analytics

46. VPC Endpoint and Flowlogs

47. AWS S3 Transfer acceleration

48. Amazon IoT

49. AWS Versioning

50. Creating IAM roles

51. AWS SAML

52. Amazon VPC tutorial

53. AWS Mobile Services

54. AWS Cross region replication

55. AWS Compute

56. AWS Lifecycle Management

What are the different steps to start EKS?

Kubernetes is an open-source system that helps in the process of automatic deployment, scaling, and managing containerized applications.

Amazon EKS helps run Kubernetes control plane instances over multiple Availability Zones which makes sure that they are highlyavailable. Amazon EKS automatically detects and replaces control plane instances that are unhealthy, as well as provisioning automated version upgrades and patching for the unhealthy control planes.

Amazon EKS can be integrated with other Amazon service in order to provide scalability and security for user applications, and some of the services have been listed below:

Authentication is served by IAM.
Isolation is served by Amazon VPC.
Amazon ECR for container images.
Elastic Load Balancing service to distribute the load.

Amazon EKS helps run up-to-date version of the open-source Kubernetes software, thereby allowing the user to use all the existing plugins and tooling which is availability in the Kubernetes community. Applications that run on Amazon EKS are completely compatible with applications which run on other standard Kubernetes environment, be it running in on premise data centres or in public clouds. This indicates that the user can migrate to other standard Kubernetes application very easily without modifying any code.

Amazon EKS Control Plane Architecture

Amazon EKS runs along with a single tenant Kubernetes control plane for every cluster. This control pane infrastructure can’t be shared with other clusters or AWS accounts. The control plane consists of a minimum of two API server nodes and three ‘etcd’ nodes which run across three Availability Zones which is present in a Region.

Amazon EKS detects and replaces unhealthy control plane instances automatically, and restarts them over these Availability Zones within the Region as and when required. Amazon EKS makes good use of the AWS Region architecture so as to provide high-availability. Due to all this, Amazon EKS offers SLA for API server endpoint availability.

Amazon EKS makes use of Amazon VPC network policies to restrict the traffic that flows between the components of the control plane and the single cluster. The components of the control plane for the cluster won’t be able to view or receive any communication from other clusters or AWS accounts, the only exception being an authorized Kubernetes RBAC policy.

Such security and high-availability configuration make Amazon EKS highly reliable, thereby making it suitable to be used in many production workloads too.

Working of Amazon EKS

The below images show how Amazon EKS works.

Amazon EKS - AWS Tutorial Image credit: aws.amazon.com

Steps to start Amazon EKS

Following are the steps to start Amazon EKS:

Create an Amazon EKS cluster with the AWS Management Console or AWS CLI or with one of the AWS SDKs.
Launch the worker node which registers the Amazon EKS cluster.
An AWS CloudFormation template can be provisioned that helps configure the nodes automatically.
When the cluster is ready, the user can configure it with the Kubernetes tools which is required for their application to communicate with their cluster.
This Amazon EKS cluster can be used to deploy and manage applications in the same manner as one would do with any other Kubernetes environment.

A Kubernetes cluster can be created in two ways:

With eksctl: This can be used to install the resources which are required to begin working with Amazon EKS ‘eksctl’. The ‘eksctl’ is a simple command line utility that can be used to create and manage Kubernetes cluster on Amazon EKS. This is considered to be one of the quickest and the simplest methods of creating a cluster with Amazon EKS.
With AWS Management Console: This method can be used to create the resources required to start working with Amazon EKS with the help of AWS Management Console. In this method, the user has to manually create every resource in the Amazon EKS or AWS CloudFormation console. This is considered as a much complicated and time-consuming method of creating and working with Amazon EKS.

Components of Amazon EKS Cluster

An Amazon EKS cluster consists of two major components. They have been discussed below:

Amazon EKS control plane

This consists of control plane nodes which are used to run Kubernetes software, which includes ‘etcd’ and the Kubernetes API server. This plane works with the account that is managed by AWS and the Kubernetes API is exposed to the outside through an Amazon EKS endpoint which is associated with the cluster user.

Every Amazon EKS cluster control plane is unique and consists of a single-tenant. It runs its own set of Amazon EC2 instances. The data which is stored with the help of ‘etcd’ nodes and the respective Amazon EBS volumes is in the encrypted form. Hence Amazon EKS uses master encryption keys which help in generating volume encryptions keys that are in turn managed by Amazon EKS service.

The cluster control plane has the ability to work across multiple Availability Zones and with the front-end through an Elastic Load Balancing Network Load Balancer. Amazon EKS can also be used to provide elastic network interfaces to the user’s VPC subnets thereby facilitating connectivity from the control plane instances to the worker nodes, so as to support ‘kubectl exec’, ‘logs’, and ‘proxy’ data flows.

Amazon EKS worker nodes registered with the control plane:

Worker machines in Kubernetes are known as worker nodes. Amazon EKS worker nodes can be run in the user’s AWS account to help connect the cluster’s control plane through an API server endpoint. This will also have a certificate file which is created for the server. Amazon EKS worker nodes can be understood as standard Amazon EC2 instances, and they are charged based on how EC2 instances are normally charged.

As a default action, Amazon EKS provisions AWS CloudFormation templates to spin up worker nodes in the Amazon EKS cluster. This AMI has been built over Amazon Linux 2 and has been configured to work as a base image for all Amazon EKS worker nodes.

The AMI has also been configured to work with Amazon EKS out-of-the-box, which includes Docker, ‘kubelet’ and AWS IAM authenticator as well.

AMI consists of a special bootstrap script which helps in automatically discovering and connecting to the user’s cluster control plane.

The AWS Cloud Formation worker node template helps in launching the worker nodes with the help of specialized Amazon EC2 user data. This user data is used as a trigger to initiate a specialized bootstrap script which makes sure that the worker nodes automatically discover and connect to the user’s cluster control plane.

Conclusion

In this post, we understood how EKS can be used to run Kubernetes on AWS without the need for the user to explicitly maintain Kubernetes control plane.

35-A AWS Fargate - What are its features?

37-A What is CodeCommit - Handy steps to use it

Your email address will not be published. Required fields are marked *

Comments

tenzin nyima

Whoever has contributed to this article...I would like to say thank you... it has been of good help to the readers.

alvi

This blog is very helpful and informative, and I really learned a lot from it.

alvi

It is very helpful and very informative, and I really learned a lot from this article.

alvi

Such a very useful article. I would like to thank you for the efforts you made in writing this awesome blog.

Jeanne

Very useful and awesome blog!

View More Comments

Search

AWS Tutorials

By KnowledgeHut .

AWS Tutorials

What are the different steps to start EKS?

Amazon EKS Control Plane Architecture

Working of Amazon EKS

Steps to start Amazon EKS

Components of Amazon EKS Cluster

Amazon EKS control plane

Amazon EKS worker nodes registered with the control plane:

Conclusion

Leave a Reply

Comments

tenzin nyima

alvi

alvi

alvi

Jeanne