Amazon EKS

Amazon Elastic Kubernetes Service (EKS) is AWS’s managed Kubernetes service that makes it easy to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane. EKS runs Kubernetes control plane instances across multiple AWS availability zones to ensure high availability, automatically detects and replaces unhealthy control plane instances, and provides automated version upgrades and patching.

What Is EKS?

EKS is a fully managed Kubernetes service that handles the complexity of running Kubernetes control plane components. Instead of managing API servers, etcd clusters, schedulers, and controller managers yourself, AWS operates these components for you across multiple availability zones.

graph TB subgraph aws_managed[AWS Managed Control Plane] A[EKS Control Plane] --> B[API Server<br/>Multi-AZ] A --> C[etcd<br/>Multi-AZ] A --> D[Scheduler<br/>Multi-AZ] A --> E[Controller Manager<br/>Multi-AZ] end subgraph your_cluster[Your EKS Cluster] F[VPC] --> G[Worker Nodes] G --> H[Your Applications] G --> I[EKS Add-ons] end A -.->|Manages| G F -->|Networking| A style A fill:#e1f5ff style G fill:#fff4e1 style H fill:#e8f5e9

AWS Responsibilities:

Control plane availability and health
Kubernetes version management and upgrades
Security patches and updates
High availability across availability zones
API server endpoint management
etcd backups and recovery

Your Responsibilities:

Worker node provisioning and management
Application deployment and configuration
Networking and security group configuration
Storage and persistent volumes
Monitoring and logging setup
Cost optimization

Key Differentiators

EKS stands out with deep AWS integration and enterprise features:

Native AWS Integration

EKS integrates seamlessly with AWS services:

VPC Networking - Pods get real VPC IP addresses via VPC CNI
IAM Authentication - Use AWS IAM for Kubernetes authentication
IAM Roles for Service Accounts (IRSA) - Pods can assume IAM roles
EBS and EFS Storage - Native storage integration
Load Balancers - ALB and NLB integration via AWS Load Balancer Controller
CloudWatch - Native metrics and logging integration

High Availability

EKS control planes run across multiple availability zones automatically:

graph TB subgraph region[AWS Region] subgraph az1[Availability Zone 1] A1[API Server] E1[etcd Node] end subgraph az2[Availability Zone 2] A2[API Server] E2[etcd Node] end subgraph az3[Availability Zone 3] A3[API Server] E3[etcd Node] end end LB[Load Balancer] --> A1 LB --> A2 LB --> A3 E1 <--> E2 E2 <--> E3 E3 <--> E1 style LB fill:#e1f5ff style A1 fill:#fff4e1 style A2 fill:#fff4e1 style A3 fill:#fff4e1

Security and Compliance

Encryption - Control plane encryption at rest and in transit
Compliance - SOC, PCI, HIPAA, and ISO certifications
Audit Logging - CloudTrail integration for API calls
Network Isolation - Private endpoint options for control plane access
Pod Security - Security groups at the pod level

Flexible Compute Options

EC2 Instances - Traditional worker nodes with full control
Fargate - Serverless containers without node management
Spot Instances - Cost optimization with spot node groups
ARM-based Instances - Support for Graviton processors

EKS Architecture

Understanding how EKS components work together:

graph LR subgraph user[User/Application] U[kubectl/API Client] end subgraph eks_control[EKS Control Plane] API[API Server] ETCD[etcd] SCHED[Scheduler] CM[Controller Manager] end subgraph vpc[Your VPC] subgraph node_group[Node Group] N1[Worker Node 1] N2[Worker Node 2] N3[Worker Node N] end PODS[Your Pods] end subgraph aws_services[AWS Services] IAM[AWS IAM] EBS[EBS Volumes] ALB[Load Balancers] CW[CloudWatch] end U -->|kubectl apply| API API --> ETCD API --> SCHED SCHED -->|Schedule Pods| N1 SCHED -->|Schedule Pods| N2 CM -->|Manage State| API N1 --> PODS N2 --> PODS N3 --> PODS PODS -->|Assume Role| IAM PODS -->|Mount| EBS PODS -->|Expose| ALB PODS -->|Metrics| CW style API fill:#e1f5ff style PODS fill:#e8f5e9 style IAM fill:#fff4e1

When to Use EKS

EKS is ideal when:

✅ Already on AWS - You’re using AWS services and want native integration

✅ Enterprise Requirements - Need compliance certifications and audit logging

✅ Deep AWS Integration - Want to leverage IAM, VPC, EBS, and other AWS services

✅ High Availability - Need multi-AZ control plane without managing it yourself

✅ Security Focus - Require private endpoints, encryption, and security group integration

✅ Mixed Workloads - Need both EC2 and Fargate options

✅ Cost Optimization - Want to use spot instances and reserved instances

Topics

Getting Started

Overview - Deep dive into EKS architecture, features, and use cases
Cluster Setup - Creating and configuring EKS clusters

Core Infrastructure

Networking - VPC CNI, pod networking, and service networking
Storage - EBS, EFS, and persistent volume management
Security - IAM, IRSA, network security, and encryption

Operations

Node Management - Managed and self-managed node groups
Autoscaling - Cluster Autoscaler, Karpenter, and HPA
Observability - CloudWatch, Prometheus, and monitoring
Add-ons - EKS add-ons and popular extensions

Support

Troubleshooting - Common issues, debugging techniques, and solutions