Get an overview of Amazon EKS. Explore the control plane and the data plane.
- [Instructor] There are multiple ways to run Kubernetes in the Cloud. CNCF service shows that over 15% of Kubernetes runs in the AWS cloud. This section will introduce Amazon Elastic Container Service for Kubernetes, or EKS or, Amazon's Managed Kubernetes Service. Amazon Elastic Container Service for Kubernetes, Amazon EKS, makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. Amazon EKS runs the Kubernetes management infrastructure across multiple AWS availability zones, automatically detects and replaces unhealthy control plane nodes and provides on-demand upgrades and patching.
You simply provision worker nodes, and connect them to the provided Amazon EKS endpoint. Secure and encrypted communication channels are automatically set up between your worker nodes and the managed control plane, making your infrastructure running on Amazon EKS secure by default. Amazon EKS is certified Kubernetes conformant, so you can use existing tooling and plugins from partners and the Kubernetes community. Applications running on any standard Kubernetes environment are fully compatible, and can be easily migrated to Amazon EKS.
AWS actively works with the Kubernetes community, including making contributions to the communities core base that help Amazon EKS users take advantage of AWS services and features. Let's take a look at the user experience to create an EKS cluster. First, you need to provision an EKS cluster. This can be done using AWS Console, AWS CLI, Cloud Formation, or Terraform Templates, or other third-party tools. This creates a highly available and secure Kubernetes control plane straight across multiple availability zones.
You don't need to think about your master configuration. This also includes things that give you sweats in the night. It's easily being monitored, encrypted, and backed up. Is your security configuration is right for your masters, it will deploy this in a way that is in accordance with best practices on AWS. The control plane runs in Amazon's account. Second, you need to deploy the worker node for your EKS cluster. This creates a Kubernetes data plane and where the application is deployed. Data plane runs in the users AWS account.
This means that you control the instance type, the configuration, the army used, the network configuration in your EPC, security groups, access control lists, and everything else. You can use Spot instances or Reserved instances. They are your instances. Finally, you need to connect the data plane and the control plane. This creates the completed EKS cluster. This entire workflow of creating control plane, creating data plane, and connecting the two together is offered as a seamless experience by a third party tool.
One such tool available in the open source is EKSctl. This tool is created by Weaveworks, and will be used later in this course. Now, you can deploy your applications to this Kubernetes cluster. In AWS, identity an access management defines how AWS resources can be accessed securely. Because Amazon is hosting Kubernetes as a service, there's a need to provide authentication on the API endpoint with IAM. Let's dig into this, how this works. AWS IAM authenticator is an open source project in SIG AWS in the Kubernetes community, and helps with passing AWS identity.
So, when a Kubectl call is made, let's say get pods, IAM identity is passed along with Kubernetes call. On the back end, Kubernetes verifies the IAM identity with AWS auth service. This is purely authentication. The authentication response is then sent back to Kubernetes, and Kubernetes and checks it's internal R back mapping for the authorization. This generates if my original get pods call was allowed or denied. Finally, Kubernetes approves or denies a request.
Let's talk a little bit more about some other Highlights of Amazon EKS. Amazon EKS makes it easy to update running clusters to the latest Kubernetes version without needing to manage the update process. Kubernetes version updates are done in place, removing the need to create new clusters, or migrate applications to a new cluster. EKS give you flexibility and control over what instances you can run. Because of this flexibility, for example, it's super easy to get started with machine learning work loads on EKS.
To support this, we have a dedicated GPU army that makes it easy to run Kuda framework workloads on P2 and P3 instances. This is in the AWS marketplace, you can subscribe, and you can check these nodes into your cluster, and go build your next Skynet on EKS. EKS also gives you flexibility over the Operating System you can bring. If you want a pre-made army, we have the EKS optimized army based on Amazon Linux 2, and Canonical builds an EKS army, as well. We also provide Packer scripts on how these armies are created.
This allows you to create custom armies matching your corporate requirement. Amazon EKS is available in a large number of AWS regions today, and this list is constantly growing. Regional Product Services table provide an accurate and up to date list of regions where EKS cluster can be created.
- Packaging applications using Docker
- Building a Docker image with a Dockerfile and Jib
- Defining Kubernetes clusters
- Deploying with standalone manifests
- Deploying with Helm charts
- Deploying a Kubernetes cluster on AWS
- Adding an Istio service mesh
- Shifting traffic with Istio
- Creating a deployment pipeline