What is Amazon EKS?

Kubernetes has proved an invaluable containerization tool since its inception. It increases application portability, enhances multi-cloud capability, and boosts developer productivity. The best part is that it is open-source. However, selecting the best public cloud to deploy Kubernetes is a head-scratching moment for many developers. To make an ultimate selection, developers must also factor network, storage, user, logging features and Kubernetes ecosystem integrations for their specific use cases -- oh, and don’t forget that cost matters too. The majority (nearly two-thirds) of cloud app developers today work on the Amazon Web Service (AWS) cloud. For this reason, Amazon has launched a managed Kubernetes service to help its dedicated user community build better apps more seamlessly.

What’s Amazon Elastic Kubernetes Service?

The Amazon Elastic Kubernetes Service (EKS) is a managed service designed to make running Kubernetes on Amazon Web Service (AWS) easier. It’s a managed container-as-a-service (CaaS) tool that drastically simplifies Kubernetes deployment on AWS. Unlike in the past when you needed to install a Kubernetes control plane or work nodes, EKS allows developers to run Kubernetes on the AWS platform without further integrations. If you’re new to it, Kubernetes is currently the most popular containerization management solution. It provides an abstraction layer on top of a group of hosts, allowing developers to manage multiple functions, including load balancing, monitoring, and resource utilization. The Amazon Elastic Kubernetes Service makes it possible to enjoy all the benefits of Kubernetes without the need to install it.

Key Amazon EKS Features

Amazon EKS allows developers to combine the best features of Kubernetes to help manage application operations with the reliability, availability, and performance of AWS to develop better applications all around. This powerful combination provides developers and organizations with:

#1 - A managed control plane

Amazon EKS brings developers a flexible and highly scalable control plane operated on AWS AZs. It automatically manages the availability and scalability of Kubernetes API services, providing developers with high reliability that involves automatically identifying and replacing unhealthy masters.

#2 - Managed worker nodes

Developers can also look forward to a platform that allows them to create, update, and terminate worker nodes in a single command. EKS nodes are operated in node groups through Amazon Machine Images (AMIs) in AWS. Moreover, EKS nodes can be drained by terminations and updates.

Network and Security features

The Amazon Elastic Kubernetes Service also includes multiple network and security features to make your work easier. These include:

#3 - Service discovery

AWS has a unique discovery service known as Cloud Map, with which organizations and developers can define names for app resources. The resource also maintains updated locations for dynamic resources. As such, Cloud Map significantly increases the organization’s ability to discover updated resource locations. Besides the Cloud Map, EKS also comes with an open-source connector to automatically propagate internal service registry locations. Meanwhile, Kubernetes services continue to launch and remove such locations upon termination.

#4 - VPC support

Kubernetes clusters run within Amazon VPC. Consequently, you can utilize VPC security groups and network ACLs – without sharing computing resources with other orgs. For organizations that depend on isolation to deliver reliable and secure apps, this feature alone would be an important reason to switch to EKS.

#5 - Service mesh

Amazon EKS, through the AWS App Mesh, standardizes the way each in-app microservice communicates, thus making it easy to build and run complex applications. The mesh specifically simplifies the configuration of selected sections of applications, ensuring high availability.

How to Get Started with EKS

If you’re excited about the new capabilities, you should consider setting up EKS for your development team. Fortunately, the setup process is pretty straightforward if you already have AWS. You may even have some of the necessary components set up.

#1 - Check the prerequisites

Before you can install EKS on your AWS, you need to ensure that you have installed three critical components:

• Kubectl
• AWS CLI
• AWS-IAM-Authenticator

As we mentioned earlier, you may have one of these tools running if you already use Amazon Web Services.

#2 - Create the IAM role

This is a straightforward process:

• Open the IAM console
• Click Roles and select Create Role
• From the options, select EKS, then choose Allows Amazon EKS to manage clusters on your behalf.
• Click Next; Permissions > Tags > Review
• Fill out the Role Name, then click Create Role to finish this step.

We recommend creating a unique and descriptive name for your role. Otherwise, the arising confusion from similar role names may complicate your work.

#3 - Create a virtual private cloud

This time head to AWS CloudFormation console and, once there, proceed as follows:

• Select the EKS-supported region and click Create Stack
• The setup will prompt you to Specify an Amazon S3 template URL. Your preferred network architecture should guide your choice. We recommend public K8 subnets for load balancing and private subnets for worker nodes. Paste the links as appropriate. For public subnets, paste this link; https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-11-15/amazon-eks-vpc-sample.yaml. Meanwhile, the private subnet link is https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-11-15/amazon-eks-vpc-private-subnets.yaml.
• With that done, it’s now time to fill out your Specific Details. It’s best to fill out only the Stack Name and VpcBlock first and complete the other fields later. For the Stack Name, use your VPC name. Meanwhile, we’d recommend your CIDR range for the VPCBlock. When finished, click Next.
• You’ve arrived at the Review page. Click Create to create your review page.
• Once you’re through with step #d above, CloudFormation will create the VPC for your EKS.

Wait for the process to complete, then click on the Outputs tab to review your Subnetlds, VPcld, and SecurityGroups.

#4 - Create your EKS Cluster

To create your Amazon EKS cluster, you need to start at the EKS console. Open the console and proceed as follows:

• Select Create Cluster
• Fill out the provided form. It should be easy to fill. But if you need some guidance, the Cluster Name is the name of your cluster, while the Kubernetes Version is the default version of Kubernetes you’re using. For the Role Name, input the IAM role you created in step #2 above. The VPC is the one you created in step #3. Don’t forget to fill out the corresponding subnet values and security subgroups from step #3. Finally, Enable/Disable Endpoint Public Access and Endpoint Private Access. Then click Create.
• Verify if your settings were captured by heading to the clusters page and choosing your cluster name. You may need to wait 10-15 minutes while AWS provisions the cluster. Alternatively, ping the status using your terminal.

After the said duration, the cluster’s status will change to active, meaning you now have a cluster!

#5 - Update your Cluster’s Kubeconfig

It’s very important to update Kubeconfig for the EKS cluster before expiry for continued cluster access. Use the AWS ACL’s updating update-kubeconfig command for this process and ensure to change both the cluster name and region.

• Type the command as follows; aws eks --region region update-kubeconfig --name cluster_name. Feel free to copy-paste rather than type it manually.
• Use kubectl get SVC to test the configuration.

The test should return your cluster details, including name, type, cluster IP, external IP, ports(s), and age.

#6 - Launch your Node Group

The final step before you can begin using your EKS is to launch your node group. In the Amazon EKS console:

• Choose your cluster
• Click Add Node group from the cluster review.
• You’ll be taken to a Configure Node Group view. Fill out the Name, Node AIM role name, and subnets fields with the information gathered in the previous steps. You can also use this opportunity to enable Remote Access via SH, use Kubernetes labels, and tag your node group using tags. Once done, click Next.
• Select the Set Compute Configuration view and fill out the AMI type, Instance, and Disk Size fields. The latter two are easy. But for the first one, i.e., AMI type, we recommend inputting Amazon Linux 2 GPU Enabled (AL2_x86_64_GPU) for GPU instances and Amazon Linux 2 (ALA_x86_64) for non-GPU instances. Then click Next.
• Go to Setup Scaling Policies and fill out the Minimum Size, Maximum Size, and Desired Size values. These values refer to the number of worker nodes you may need at any given point. The Desired Size is your current number of worker nodes, while the other two are the least and most nodes you may need, respectively.
• Click Review and Create to check through the settings to make sure you’ve filled everything appropriately. If everything is perfect, click Create to effect the changes.
• Using kubectl get nodes --watch, ping the status of your nodes to make sure they’re all working. READY means everything is running perfectly.

That’s it. You’ve set up Amazon EKS. From this point, you just need to add Kubernetes addons and deploy your applications.

Amazon EKS Pricing

Amazon charges $0.10 per hour for each Amazon EKS cluster created. Keep in mind that you can run Amazon EKS on multiple applications or with EC2 or Fargate.

Summary

That’s all the basics you need to know about Amazon’s Elastic Kubernetes Service. If you run into any issues, check out this great troubleshooting guide from AWS.

What to do next?

As you can see Amazon EKS is a great place to start your cloud app development and Kubernetes journey. However, Kubernetes can be a lot of work to operationalize and complexity grows with scale. We find enterprises run into these day 2 operational challenges:

• Lack of standards for configuring Kubernetes clusters can create a chaotic mishmash of instances that are difficult to manage and troubleshoot.
• Provisioning Kubernetes clusters is easy but ongoing lifecycle management isn’t. Cluster lifecycle management must be unified across public and private cloud infrastructure to enable consistent operations, performance monitoring, and troubleshooting, especially when a small number of clusters grow into fleets.
• Companies can’t measure what they can’t see but obtaining a single pane of glass view across a hybrid infrastructure spanning global regions is very difficult.
• Controlling access and user rights to all the various components of a Kubernetes infrastructure can be difficult. Access controls should be integrated with an organization’s existing directories and identity management platforms, undergirded by role-based policies and audit trails.

Making the operations of Kubernetes easy -- even those from managed service offerings such as Amazon EKS -- is where the Rafay Kubernetes Operations Platform (KOP) shines. With the Rafay KOP, enterprises can:

• Easily provision clusters from a preapproved set of standardized EKS and EKS-D clusters
• Gain unified visibility and streamline cluster lifecycle management across AWS regions
• Govern access to and audit the operations performed on clusters for security and compliance purposes.

Rafay KOP helps enterprises with their application delivery platform (ADP) needs, especially in production-grade EKS environments for mission-critical modern apps.With our unique approach to managing Kubernetes at scale, we have helped several Fortune 100 companies operate their containerized applications at scale without any downtime or disruption. Now it’s your turn! Sign up for a free trial here!