AWS ‐ EKS - FullstackCodingGuy/Developer-Fundamentals GitHub Wiki

Elastic Kubernetes Service - EKS

EKS is a kubernetes service is a cross cloud kubernetes technology for deploying containers where as ECS is a amazon's custom deployment solution for containers

Features

  • Kubernetes control plane across Availability Zones
  • Control plane determines auto scaling
  • AWS service integrations (Ex: integration with ECR for pulling images)
  • Automatic updates of images

Components

  • EKS Control Plane - is a collection of nodes, allows the users to interact with, it runs with special account
  • EKS Nodes - these node run on EC2 instances, no control for user, managed by EKS, containers run on these nodes in your account, tied to control plane certificate.

A Node is a virtual infrastructure that you control

Pod

Clusters are comprised of Pods, Pods are collection of containers that run on a node.

EKS Pod Scheduling

  • Self-managed nodes
  • Managed node-groups
  • AWS Fargate - infra automatically manages the scaling for you

EKS Cluster Storage

A place to store data by pods

  • Storage Class - is a template to indicate what storage the pod should use
    • EBS CSI Driver - allows single ec2 instances to connect
    • EFS CSI Driver - allows multiple ec2 instances to connect
    • FSx for Lusture CSI Driver - Cost effective/fast/scalable

EKS Networking

  • Clusters in single region exposed and managed by control plane - behind the scene amazon uses ec2 instances to manage cluster behind a VPC - it could be private or public subnets
  • Clusters can be run on Fargate pods also - which runs only on private subnets

EKS Workloads

Containers that run one or more pods, using aws management console you can manage workloads

  • Scale Pods (using load balancer)
    • Vertical - Increase Infra capacity
    • Horizontal - Replication of pods
    • Network load balancer - it works based on network traffic - eks will balance out the load in vertical and horizontal approach
    • Application load balancer - it works based on > how busy your pods are

EKS Cluster Authentication

Valid aws token is required to access/manage the eks cluster Authorization is managed within the EKS service by kubernetes

  • Identity and access management (IAM) - authentication token
  • Role based access control (RBAC) - authorization

Shared Responsibility

  • Security of the cloud provider (service itself) - by aws
  • Security in the cloud (the content of the service) - by user