Elastic Kubernetes Service (EKS) is the managed Kubernetes offering from AWS.
Kubernetes clusters in AWS come in essentially two forms
- Fargate clusters - fully-managed clusters by AWS, you just deploy your Kubernetes workloads and do not worry about the rest.
- EC2 instance type clusters - Kubernetes worker nodes get deployed into your AWS account, the control plane is fully-managed by AWS.
The Fargate mode is great if you want to deploy applications on Kubernetes without worrying so much about cluster maintenance but comes with a premium.
EC2 instance-type clusters offer you more flexibility and therefore cost-saving options. This deployment mode is great if you plan on having Kubernetes Batch Processing on EC2 spot instances, or specific constraints towards your Kubernetes cluster.
Read more about EKS here.
EC2 Instance Type EKS Cluster
Here is a simple EKS cluster that does not expose the Kubernetes API to the internet.
const instanceType = new aws_ec2.InstanceType('t3.micro');
const cluster = new aws_eks.Cluster(this, 'MyCluster', {
version: aws_eks.KubernetesVersion.V1_21,
vpc: vpc,
defaultCapacity: 1,
endpointAccess: aws_eks.EndpointAccess.PRIVATE,
defaultCapacityInstance: instanceType,
});
Find out how you can create and configure a VPC here
EKS supports the EndpointAccess modes
- PRIVATE - worker nodes deployed in private VPC subnet, control plane only reachable within the vpc.
- PUBLIC - worker nodes deployed in public VPC subnet, control plane reachable from the internet.
- PUBLIC_AND_PRIVATE - worker nodes deployed in private VPC subnet, control plane reachable from the internet.
Although possible, I would strongly advise you against exposing the EKS control plane to the internet. Try to either set up a GitOps workflow with ArgoCD instead or deploy an EC2 Bastion instance in the public subnet of your VPC to reach the Kubernetes control plane with the kubectl.
Fargate EKS Cluster
Fargate is a serverless solution for Kubernetes on AWS. You do not have control over the Kubernetes control plane or the worker nodes in this deployment mode. You can only deploy applications to your Fargate cluster through Kubernetes manifests and specify application resource demands.
const cluster = new aws_eks.FargateCluster(this, 'MyCluster', {
version: aws_eks.KubernetesVersion.V1_21,
});
Enable EKS Control Plane Logs to CloudWatch
The control plane for both the Fargate and EC2 instance deployment mode runs in an AWS-managed account. But it is still possible and absolutely recommended to redirect the control plane logs to CloudWatch.
const cluster = new aws_eks.Cluster(this, 'MyCluster', {
...,
clusterLogging: [
aws_eks.ClusterLoggingTypes.API,
aws_eks.ClusterLoggingTypes.AUDIT,
aws_eks.ClusterLoggingTypes.AUTHENTICATOR,
aws_eks.ClusterLoggingTypes.CONTROLLER_MANAGER,
aws_eks.ClusterLoggingTypes.SCHEDULER,
],
});
Setup Open Id Connect with IAM Policy
coming soon
Top comments (0)