Kubernetes on AWS (EKS)

Amazon EKS Overview

EKS is AWS-managed Kubernetes. The control plane (masters, API, scheduler) is AWS-managed. You manage worker nodes (EC2 instances running pods).

Why EKS?

Kubernetes Standard

• Use standard kubectl, manifests, deployments
• Portable: works on other clouds, on-premises
• Huge ecosystem (Helm, Prometheus, istio, etc.)

AWS Integration

• Auto-scaling based on CloudWatch metrics
• IAM for pod-level permissions
• VPC CNI for pod networking
• Direct access to AWS services (S3, RDS, etc.)

Managed Control Plane

• AWS handles: API server, etcd database, scheduler
• You handle: worker nodes, networking, applications
• Automatic updates and patches

EKS Architecture

Control Plane (AWS-managed)

• API server: Kubernetes API
• Scheduler: assigns pods to nodes
• Controller: manages deployments, services

Data Plane (your nodes)

• EC2 instances running Kubernetes agent (kubelet)
• Pods deployed on nodes
• Your applications running in containers

Networking

• AWS VPC CNI: pods get real AWS IP addresses
• Security groups, NACLs apply to pods
• Easy integration with AWS load balancers

Getting Started with EKS

1. Create EKS Cluster

aws eks create-cluster --name my-cluster \
  --version 1.28 \
  --role-arn arn:aws:iam::ACCOUNT:role/eks-service-role \
  --resources-vpc-config subnetIds=subnet-xxx,subnet-yyy

2. Create Node Group (worker nodes)

aws eks create-nodegroup --cluster-name my-cluster \
  --nodegroup-name my-nodes \
  --scaling-config minSize=1,maxSize=10,desiredSize=3 \
  --subnets subnet-xxx subnet-yyy \
  --node-role arn:aws:iam::ACCOUNT:role/NodeInstanceRole

3. Deploy Application

kubectl apply -f deployment.yaml
kubectl apply -f service.yaml

Core Kubernetes Concepts

Pods

• Smallest unit; one or more containers
• Usually one container per pod
• Ephemeral; replaced regularly

Deployments

• Manage pod replicas
• Rolling updates: gradually replace old pods
• Rollback capability

Services

• Network access to pods
• LoadBalancer: public load balancer
• ClusterIP: internal access only
• NodePort: expose on all nodes

ConfigMaps & Secrets

• ConfigMaps: application configuration
• Secrets: passwords, API keys, certificates

EKS Best Practices

Resource Management

• Set resource requests/limits for pods
• Prevents pods from consuming all node resources
• Enables better scheduling and cost control

Auto-scaling

• Cluster Autoscaler: add/remove nodes based on pod demand
• Horizontal Pod Autoscaler: scale pod replicas based on CPU/memory
• Together: auto-scale infrastructure and application

Security

• Use IAM roles for pod authentication (IRSA)
• Network policies to restrict pod-to-pod traffic
• Security groups for node-level access control

Monitoring

• Container Insights: CloudWatch integration for EKS
• Prometheus: collect metrics from pods
• CloudWatch Logs: centralize pod logs

EKS Alternatives

Fargate

• Serverless containers
• No nodes to manage
• Higher cost per container

Self-Managed Kubernetes

• Full control, no AWS integration
• More operational burden
• Lower cost potentially

ECS (Amazon’s container orchestrator)

• Simpler, AWS-native
• Less flexible than Kubernetes
• Better for simple workloads

Pricing Example

Small Cluster (3 t3.medium nodes)

• Control plane: $0.10/hour = $73/month
• 3 nodes @ $0.04/hour: $88/month
• Total: ~$160/month

Large Cluster (20 m5.large nodes)

• Control plane: $73/month
• 20 nodes @ $0.10/hour: $1,460/month
• Total: ~$1,530/month

Related Services

• AWS Application Modernization
• Hire AWS DevOps Experts