Amazon EKS

Amazon Elastic Kubernetes Service (EKS) is AWS’s managed Kubernetes service that makes it easy to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane. EKS runs Kubernetes control plane instances across multiple AWS availability zones to ensure high availability, automatically detects and replaces unhealthy control plane instances, and provides automated version upgrades and patching.

What Is EKS?

EKS is a fully managed Kubernetes service that handles the complexity of running Kubernetes control plane components. Instead of managing API servers, etcd clusters, schedulers, and controller managers yourself, AWS operates these components for you across multiple availability zones.

graph TB subgraph aws_managed[AWS Managed Control Plane] A[EKS Control Plane] --> B[API Server<br/>Multi-AZ] A --> C[etcd<br/>Multi-AZ] A --> D[Scheduler<br/>Multi-AZ] A --> E[Controller Manager<br/>Multi-AZ] end subgraph your_cluster[Your EKS Cluster] F[VPC] --> G[Worker Nodes] G --> H[Your Applications] G --> I[EKS Add-ons] end A -.->|Manages| G F -->|Networking| A style A fill:#e1f5ff style G fill:#fff4e1 style H fill:#e8f5e9

AWS Responsibilities:

  • Control plane availability and health
  • Kubernetes version management and upgrades
  • Security patches and updates
  • High availability across availability zones
  • API server endpoint management
  • etcd backups and recovery

Your Responsibilities:

  • Worker node provisioning and management
  • Application deployment and configuration
  • Networking and security group configuration
  • Storage and persistent volumes
  • Monitoring and logging setup
  • Cost optimization

Key Differentiators

EKS stands out with deep AWS integration and enterprise features:

Native AWS Integration

EKS integrates seamlessly with AWS services:

  • VPC Networking - Pods get real VPC IP addresses via VPC CNI
  • IAM Authentication - Use AWS IAM for Kubernetes authentication
  • IAM Roles for Service Accounts (IRSA) - Pods can assume IAM roles
  • EBS and EFS Storage - Native storage integration
  • Load Balancers - ALB and NLB integration via AWS Load Balancer Controller
  • CloudWatch - Native metrics and logging integration

High Availability

EKS control planes run across multiple availability zones automatically:

graph TB subgraph region[AWS Region] subgraph az1[Availability Zone 1] A1[API Server] E1[etcd Node] end subgraph az2[Availability Zone 2] A2[API Server] E2[etcd Node] end subgraph az3[Availability Zone 3] A3[API Server] E3[etcd Node] end end LB[Load Balancer] --> A1 LB --> A2 LB --> A3 E1 <--> E2 E2 <--> E3 E3 <--> E1 style LB fill:#e1f5ff style A1 fill:#fff4e1 style A2 fill:#fff4e1 style A3 fill:#fff4e1

Security and Compliance

  • Encryption - Control plane encryption at rest and in transit
  • Compliance - SOC, PCI, HIPAA, and ISO certifications
  • Audit Logging - CloudTrail integration for API calls
  • Network Isolation - Private endpoint options for control plane access
  • Pod Security - Security groups at the pod level

Flexible Compute Options

  • EC2 Instances - Traditional worker nodes with full control
  • Fargate - Serverless containers without node management
  • Spot Instances - Cost optimization with spot node groups
  • ARM-based Instances - Support for Graviton processors

EKS Architecture

Understanding how EKS components work together:

graph LR subgraph user[User/Application] U[kubectl/API Client] end subgraph eks_control[EKS Control Plane] API[API Server] ETCD[etcd] SCHED[Scheduler] CM[Controller Manager] end subgraph vpc[Your VPC] subgraph node_group[Node Group] N1[Worker Node 1] N2[Worker Node 2] N3[Worker Node N] end PODS[Your Pods] end subgraph aws_services[AWS Services] IAM[AWS IAM] EBS[EBS Volumes] ALB[Load Balancers] CW[CloudWatch] end U -->|kubectl apply| API API --> ETCD API --> SCHED SCHED -->|Schedule Pods| N1 SCHED -->|Schedule Pods| N2 CM -->|Manage State| API N1 --> PODS N2 --> PODS N3 --> PODS PODS -->|Assume Role| IAM PODS -->|Mount| EBS PODS -->|Expose| ALB PODS -->|Metrics| CW style API fill:#e1f5ff style PODS fill:#e8f5e9 style IAM fill:#fff4e1

When to Use EKS

EKS is ideal when:

Already on AWS - You’re using AWS services and want native integration

Enterprise Requirements - Need compliance certifications and audit logging

Deep AWS Integration - Want to leverage IAM, VPC, EBS, and other AWS services

High Availability - Need multi-AZ control plane without managing it yourself

Security Focus - Require private endpoints, encryption, and security group integration

Mixed Workloads - Need both EC2 and Fargate options

Cost Optimization - Want to use spot instances and reserved instances

Topics

Getting Started

  • Overview - Deep dive into EKS architecture, features, and use cases
  • Cluster Setup - Creating and configuring EKS clusters

Core Infrastructure

  • Networking - VPC CNI, pod networking, and service networking
  • Storage - EBS, EFS, and persistent volume management
  • Security - IAM, IRSA, network security, and encryption

Operations

Support

See Also