EKS ¶
Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed service that you can use to run Kubernetes on AWS. Kubernetes is a single tenant orchestrator, i.e. a single instance of the control plane is shared among all the tenants within a cluster.
How auth is managed?
In AWS, any auth-related stuff is handled with Identity & Access Management (IAM), and EKS is no exception. The EKS relies on IAM for the authentication flow, meaning that the user/bot's identity needs to be present in the IAM to be allowed to talk to Kubernetes' control plane.Jan 30, 2023
CLI's used¶
kubectl – A command line tool for working with Kubernetes clusters.
eksctl – A command line tool for working with EKS clusters that automates many individual tasks.
Types of nodes in EKS¶
Fargate – Linux: Select this type of node if you want to run Linux applications on AWS Fargate. Fargate is a serverless compute engine that lets you deploy Kubernetes pods without managing Amazon EC2 instances.
self-managed nodes – Linux : Select this type of node if you want to run Amazon Linux applications on Amazon EC2 instances.
eksctl create cluster --name my-cluster --region region-code --fargate
kubectl get nodes -o wide # view nodes
Notes¶
GuardDuty EKS Protectionis a GuardDuty feature that monitors Amazon EKS cluster control plane activity by analyzing Amazon EKS audit logs.Amazon ECRintegrates withAmazon Inspectorto provide automated, continuous scanning of your repositories. Your container images are scanned for both operating systems and programing language package vulnerabilities.- The Amazon
VPC CNI pluginfor Kubernetes add-on is deployed on each Amazon EC2 node in your Amazon EKS cluster. - The add-on creates
elastic network interfacesand attaches them to your Amazon EC2 nodes. The add-on also assigns a private IPv4 or IPv6 address from your VPC to each Pod and service. - It comes pre-installed with EKS
- Runs as DeamonSet named
aws-node - CoreDNS:
- It assigns DNS names to Services
- Comes pre-installed