What Is an AWS EKS Cluster?
An AWS EKS (Elastic Kubernetes Service) cluster is a managed Kubernetes service that simplifies running Kubernetes on AWS without needing to install and operate your own Kubernetes control plane or nodes. EKS allows you to launch Kubernetes applications on the AWS infrastructure, leveraging its scalability, security, and availability features.
The service automatically manages the availability and scalability of the Kubernetes control plane nodes responsible for scheduling containers, managing the application’s availability, storing cluster data, and performing the Kubernetes API.
In this article:
- Amazon EKS Cluster Components
- Tutorial: Creating an Amazon EKS Cluster
- AWS EKS Cluster Management Best Practices
Amazon EKS Cluster Components
EKS clusters include two major components: the EKS control plane and worker nodes. The control plane consists of at least two API servers and three etcd nodes that ensure high availability, management, and scheduling of the cluster’s Kubernetes environment.
On the other end, worker nodes run in your AWS account and are standard Amazon EC2 instances that you can manage. These nodes host the pods that run your application workloads. Each worker node comes equipped with the Docker, kubelet, and kube-proxy services, managed by the Elastic Kubernetes Service for deployment and orchestration of containers within Kubernetes pods.
Tutorial: Creating an Amazon EKS Cluster
This section guides you through the steps of creating an Amazon EKS cluster using eksctl, the AWS Management Console, or the AWS CLI. The instructions are adapted from the AWS documentation.
Prerequisites
Before creating an Amazon EKS cluster, ensure the following:
- VPC and subnets: You must have an existing VPC and subnets that meet Amazon EKS requirements. If you don’t have these, create them using an AWS CloudFormation template provided by Amazon EKS.
- kubectl: Install the kubectl command-line tool on your device or AWS CloudShell. The version should be the same as, or one minor version earlier or later than, your Kubernetes cluster version.
- AWS CLI: Ensure you have version 2.12.3 or later, or version 1.27.160 or later of the AWS CLI installed and configured on your device or CloudShell.
- IAM permissions: You need an IAM principal with permissions to create and describe an Amazon EKS cluster.
Step-by-Step Instructions
To create an IAM role for your EKS cluster as:
1. Create an IAM role with the necessary permissions for EKS. Create a trust policy JSON file:
cat >eks-cluster-role-trust-policy.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
2. Create the IAM role using the AWS CLI:
aws iam create-role --role-name exampleAmazonEKSClusterRole --assume-role-policy-document file://"eks-cluster-role-trust-policy.json"
3. Attach the AmazonEKSClusterPolicy to the IAM role:
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy --role-name exampleAmazonEKSClusterRole
4. You can create a cluster using eksctl. If necessary, install or update eksctl:
curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_$(uname -m).tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
5. Create the cluster using the following command:
eksctl create cluster --name example-cluster --region region-code --version 1.29 --vpc-private-subnets subnet-MyID1,subnet-MyID2 --without-nodegroup
6. After the creation process, which may take several minutes, you can configure kubectl for the cluster. Enable kubectl to communicate with your cluster by updating the kubeconfig file:
aws eks update-kubeconfig --region region-code --name example-cluster
7. Verify communication with the cluster using the kubectl get svc command. The output may look like the following:
kubectl get svc
8. Optional settings include:
- Security groups: Specify security groups for Amazon EKS network interfaces.
- IPv4 CIDR block: Set a custom IPv4 CIDR block for Kubernetes service IP addresses.
- IPv6 family: Assign IPv6 addresses to Pods and services if needed.
- OIDC provider: Create an IAM OIDC provider for the cluster to enable IAM roles for service accounts.
AWS EKS Cluster Management Best Practices
Here are some of the ways to manage your AWS EKS clusters.
Understand Cluster and Node Management
Managing EKS clusters involves regularly updating both the Kubernetes version on the control plane and the EC2 instances acting as worker nodes. Staying current with updates helps fix security vulnerabilities, improves performance, and provides new features.
AWS simplifies some of this by handling the control plane’s updates, but you should frequently upgrade your worker nodes using the latest AMI (Amazon Machine Image). Also, consider automating the scaling of your worker nodes using Auto Scaling Groups (ASGs). This helps ensure that critical applications continue running smoothly with varying loads.
Implement AWS Load Balancers
For better traffic management and to increase the availability of applications, use AWS Load Balancers within the EKS infrastructure. The Elastic Load Balancing (ELB) service automatically distributes incoming application traffic across multiple targets, such as EC2 instances. For EKS, you can use the classic, network, or application load balancer depending on your needs.
Each type of load balancer serves a different purpose. For example, the application load balancer is well-suited for HTTP and HTTPS traffic, and offers advanced request routing configured at the application level. It is useful for microservices and container-based applications.
Deploy the Cluster in a Private Cloud
Running an EKS cluster within a private Virtual Private Cloud (VPC) improves security by restricting network access to the cluster from the Internet. In this environment, the only way to interact with the EKS cluster is through your internal company network, which can be further secured with strict access controls and routing policies.
In addition, use Network Access Control Lists (ACLs) and Security Groups as a firewall to control inbound and outbound access to the EC2 instances and the API servers within the VPC. This additional layer of security helps protect your clusters from unauthorized access and potential attacks.
Use Amazon CloudWatch for Monitoring EKS Clusters
Amazon CloudWatch is useful for monitoring the performance and health of EKS clusters. It collects and tracks metrics, collects and monitors log files, and sets alarms. CloudWatch provides visibility into an application’s health and performance in real time.
To ensure accessible insights from the monitoring data, consider creating custom dashboards in CloudWatch. These dashboards can display key metrics such as CPU and memory usage from worker nodes and API server latency, helping you keep track of the overall health and efficiency of the cluster.
Automating Kubernetes Infrastructure with Spot by NetApp
Spot Ocean from Spot by NetApp frees DevOps teams from the tedious management of their cluster’s worker nodes while helping reduce cost by up to 90%. Spot Ocean’s automated optimization delivers the following benefits:
- Container-driven autoscaling for the fastest matching of pods with appropriate nodes
- Easy management of workloads with different resource requirements in a single cluster
- Intelligent bin-packing for highly utilized nodes and greater cost-efficiency
- Cost allocation by namespaces, resources, annotation and labels
- Reliable usage of the optimal blend of spot, reserved and on-demand compute pricing models
- Automated infrastructure headroom ensuring high availability
- Right-sizing based on actual pod resource consumption
Learn more about Spot Ocean today!