AWS ‐ EKS

Elastic Kubernetes Service - EKS

EKS is a kubernetes service is a cross cloud kubernetes technology for deploying containers where as ECS is a amazon's custom deployment solution for containers

Features

Kubernetes control plane across Availability Zones
Control plane determines auto scaling
AWS service integrations (Ex: integration with ECR for pulling images)
Automatic updates of images

Components

EKS Control Plane - is a collection of nodes, allows the users to interact with, it runs with special account
EKS Nodes - these node run on EC2 instances, no control for user, managed by EKS, containers run on these nodes in your account, tied to control plane certificate.

A Node is a virtual infrastructure that you control

Pod

Clusters are comprised of Pods, Pods are collection of containers that run on a node.

EKS Pod Scheduling

Self-managed nodes
Managed node-groups
AWS Fargate - infra automatically manages the scaling for you

EKS Cluster Storage

A place to store data by pods

Storage Class - is a template to indicate what storage the pod should use
- EBS CSI Driver - allows single ec2 instances to connect
- EFS CSI Driver - allows multiple ec2 instances to connect
- FSx for Lusture CSI Driver - Cost effective/fast/scalable

EKS Networking

Clusters in single region exposed and managed by control plane - behind the scene amazon uses ec2 instances to manage cluster behind a VPC - it could be private or public subnets
Clusters can be run on Fargate pods also - which runs only on private subnets

EKS Workloads

Containers that run one or more pods, using aws management console you can manage workloads

Scale Pods (using load balancer)
- Vertical - Increase Infra capacity
- Horizontal - Replication of pods
- Network load balancer - it works based on network traffic - eks will balance out the load in vertical and horizontal approach
- Application load balancer - it works based on > how busy your pods are

EKS Cluster Authentication

Valid aws token is required to access/manage the eks cluster Authorization is managed within the EKS service by kubernetes

Identity and access management (IAM) - authentication token
Role based access control (RBAC) - authorization

Shared Responsibility

Security of the cloud provider (service itself) - by aws
Security in the cloud (the content of the service) - by user

AWS ‐ EKS

Elastic Kubernetes Service - EKS

Features

Components

Pod

EKS Pod Scheduling

EKS Cluster Storage

EKS Networking

EKS Workloads

EKS Cluster Authentication

Shared Responsibility

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!