As more and more organizations shift to cloud-native environments, they have increasingly chosen to rely on Kubernetes for container orchestration since its introduction ten years ago. Amongst the numerous cloud providers that offer managed Kubernetes services, Amazon Elastic Kubernetes Service (EKS) provides excellent and appealing capabilities. Just like any other technology, of course, EKS is adept at handling many use-cases, whereas it may not be the perfect fit for others. Understanding the pros and cons can help you choose the cloud provider that best meets your organization’s (or your team’s) needs.
Choosing EKS, much like choosing Microsoft Azure Kubernetes Service (AKS) or Google Kubernetes Engine (GKE), helps to streamline the deployment of Kubernetes. While each provider simplifies Kubernetes deployment, EKS, AKS, and GKE have many differences in terms of how you configure clusters and how to most effectively use the service. Keep in mind, deploying Kubernetes alone isn’t all you need — you’ll also want to consider security, additional cloud services, additional deployment support, and bespoke node customization (among other things). If you really just want to discuss your specific application, service, or the overall K8s needs of your organization, please get in touch.
If you want to investigate EKS further, let’s start by exploring the pros of using EKS.
Predictably, EKS (introduced in 2018) is fully supported by (and built upon) Amazon’s cloud computing platform, Amazon Web Services (AWS). It is a mature solution that has solid integration with other industry standard tools, such as Terraform and CloudFormation, which can provide an excellent base for codifying cloud resources with Infrastructure as Code (IaC). Amazon publishes and maintains an excellent collection of Terraform modules for provisioning EKS clusters that offers a well-defined framework for integration with many other AWS services. This makes it a great choice for organizations already heavily invested in AWS services and infrastructure.
EKS commands 30% of the managed Kubernetes service market share and caters to two million customers. It is available in over 200 regions across 400 availability zones, and supports a range of Kubernetes versions. EKS has first party integration with AWS for services critical to running your Kubernetes cluster, including DNS management, certificate management, network load balancing, and more. Kubernetes on AWS via EKS is well documented and has a large community of users and useful how-to and getting started guides that make finding information easy. The AWS free tier provides free, hands-on experience for a year to help you get started.
EKS integrates with many AWS services, including Identity and Access Management (IAM) for authentication, CloudWatch for observability and monitoring, and Elastic Load Balancing (ELB) for traffic distribution. AWS also develops Kubernetes-specific tooling, such as Karpenter, an open source cluster autoscaler that can improve application availability and cluster cost efficiency.
In addition to native AWS services, many popular open source projects such as cert-manager, Istio, and Falco have official support for EKS and include many guides on implementing and operating within an EKS environment.
You can deploy your nodes using your own Amazon machine images (AMIs) or pre-built Amazon EKS AMIs. This allows you to pre-install any required packages on an Amazon Elastic Compute Cloud (Amazon EC2) instance, launch production-ready instances quickly, and implement security controls for all instances at the same time. You can search for an AMI from AWS, the user community, or through the Amazon command line interface (CLI).
You are not locked in to using the default tooling Amazon includes in new EKS clusters like you are with many other managed Kubernetes environments. CoreDNS, the cluster container network interface (CNI), and kube-proxy can be allowed to be managed by EKS, extensively configured, or self managed completely, potentially allowing you to reduce the initial overhead imposed by EKS required Daemonsets – an option that is limited, if available at all (such is the case with GKE) in other Managed Kubernetes Services.
For example, at Fairwinds we replace coredns and aws-vpc-cni with our own managed versions, managed via our IaC. This allows for tighter security configuration, and the ability to decide between bleeding edge versions ahead of EKS’s general availability release cadence (to experiment with exciting new features), or to delay upgrading to new versions until changes to these critical cluster add-ons can be thoroughly tested in non-production environments.
If you prefer to interact with EKS more directly, you can use the official CLI tool (eksctl). Using eksctl, you can easily create and manage clusters on EKS without ever visiting the Amazon Console. Amazon also provides many other developer tools, including various software development kits (SDKs), available in a plethora of languages.
While EKS oversees the complex task of managing the Control Plane configuration and operation for you (something you’d have to do yourself with a self managed or bare-metal cluster) setting up an EKS cluster can still be a daunting prospect. The vast configurability of EKS comes at the cost of having what many consider to be a complex, involved setup process. There are still many onerous choices surrounding adding and customizing node pools that may have drastic effects on the cost, reliability, and performance of your cluster.
Consideration to be taken when selecting an EC2 Instance type as the basis for your node groups. EKS can be more complex to set up than GKE or AKS, and may be the preferred platform for more advanced users who need specific configurations or want to implement non-standard setups. They may find EKS restrictive compared to self-managed Kubernetes solutions.
An EKS cluster contains one or more EC2 nodes that Pods are scheduled on. EKS nodes run in your AWS account and connect to the control plane of your cluster through the cluster API server endpoint. You deploy one or more nodes into a node group. A node group is one or more EC2 instances that are deployed in an EC2 Auto Scaling group. For those unfamiliar with the various AWS resources and numerous options available with respect to cluster node groups, configuration can be confusing, and adds to the overall complexity of deploying EKS. There are many ways to accept worker nodes into your cluster, including:
EKS delivers great services, but you do pay for compute resources, the control plane, and any other AWS services that you have integrated with your clusters. Over-provisioning node sizes (or selecting Node types that are ill-suited to your specific workloads) can exponentially increase overall cost. At Fairwinds, we developed Goldilocks, an open source utility that can help identify a starting point for setting appropriate resource requests and limits. Properly setting requests and limits helps to combat underutilization by increasing the efficiency of pod scheduling. Getting proper guidance can help you avoid forming the habit of over-provisioning.
While EKS usually does support multiple versions of Kubernetes, costs for EKS will increase for organizations running on versions that are no longer supported. EKS extended support currently increases the cost by 600% if you fail to upgrade the version of Kubernetes on your cluster within the support window.
While EKS does assume responsibility for many of the duties that comes with managing a Kubernetes cluster, it does not proactively upgrade the version of Kubernetes your control plane is running; it is only upgraded automatically to keep pace with the oldest supported version – at additional cost, as described above. Worker nodes, (whether part of Managed Nodegroups or self managed Nodegroups) create Amazon EC2 instances in your account that will also need to be separately upgraded to keep pace with your control plane Kubernetes version.
Even with the large amount of customization options that EKS provides, having the control plane managed means you are beholden to Amazon for how quickly new versions are made available. This means you may not be able to test out newer alpha Kubernetes features that are controlled by feature flags on the kubelet. In addition, you can’t do much (if any) customization to the control-plane VMs.
Overall, Amazon Elastic Kubernetes Service offers a robust, scalable, and integrated solution for managing containerized applications, particularly for organizations that are already working in the Amazon ecosystem. You can quickly get started with EKS by taking advantage of its simplified management, robust documentation, and wide integration of industry standard tooling and best practices to develop a cost-effective solution.
Understanding the pros and cons of EKS will enable you to make informed decisions and harness the full power of Kubernetes for your organization. Fairwinds can accelerate your EKS journey by providing white-glove Kubernetes managed services that ensure you start off on the right foot, using our expertise to provide an optimized, cost effective environment. Learn how you can get started with EKS fast without requiring in-house Kubernetes expertise or specialized training with a production-grade EKS cluster, best-in-class tooling and add-ons, and a seamless way to move your workloads to production.