Simplify on-premise Kubernetes Management with Amazon EKS Anywhere

Akesh Patil Sr. Cloud Architect @Blazeclan Technolgoies AWS Ambassador & AWS Community Builder Presenter 2

Amazon EKS Anywhere Overview 3

Amazon EKS Anywhere Overview Container management software built by AWS and makes it easier to run and manage Kubernetes clusters on-premises and at the edge. S implifies Kubernetes cluster management through the automation of undifferentiated heavy lifting such as infrastructure setup and Kubernetes cluster lifecycle operations. Optionally purchase  EKS Anywhere Enterprise Subscriptions  for 24/7 support from AWS subject matter experts Supports different types of infrastructure including VMWare vSphere, Bare Metal, Nutanix, Apache CloudStack , and AWS Snow You can run EKS Anywhere without a connection to AWS Cloud and in air-gapped environments, or you can optionally connect to AWS Cloud to integrate with other AWS services. You can use the  EKS Connector  to view your EKS Anywhere clusters in the Amazon EKS console, AWS IAM to authenticate to your EKS Anywhere clusters, IAM Roles for Service Accounts (IRSA) to authenticate Pods with other AWS services And AWS Distro for OpenTelemetry to send metrics to Amazon Managed Prometheus for monitoring cluster resources. 4

Why EKS Anywhere? Simplify and automate Kubernetes management on-premises Unify Kubernetes distribution and support across on-premises, edge, and cloud environments Adopt modern operational practices and tools on-premises Build on open source standards 5

EKS Anywhere Components Administrative / CLI components - Responsible for lifecycle operations of management or standalone clusters, building images, and collecting support diagnostics Management components  - Responsible for infrastructure and cluster lifecycle management (create, update, upgrade, scale, delete). Management components run on standalone or management clusters. Cluster components  - Components that make up a Kubernetes cluster where applications run. 6

EKS Anywhere Architecture The Administrative machine (Admin machine) is required to run cluster lifecycle operations, but EKS Anywhere clusters do not require a continuously running Admin machine to function Admin machine runs all EKS Anywhere lifecycle operations as well as Docker,  kubectl  and prerequisite utilities System requirements are specified here This cluster can be deployed in air gapped environments as well 7 Admin Machine

EKS Anywhere Reference Architecture The cluster creation workflow begins from an EKS-A Admin instance Cilium is used as a container network interface (CNI) plugin, and direct network interfaces (DNIs) are created and associated with each cluster node kube-vip  is used as a control plane load balancer.  8 On-Premises

Indicative Architecture Diagram on VMWare vSphere Admin machine is required to run cluster lifecycle operations. Need not be running all the time Admin machine runs all EKS Anywhere lifecycle operations System requirements are specified here EKS Anywhere supports two deployment models including standalone and management with workload clusters EKS Anywhere supports VMWare vSphere as an infrastructure provider. Refer this link for pre-requisites Cilium is used as a default container network interface (CNI) plugin Use vSphere CSI driver for dynamic provisioning of persistent storage volumes Kubernetes cluster can be spread across DC-DR sites for high availability 9

Comparison between EKS Anywhere and Self-managed K8 Cluster Feature/Aspect Amazon EKS Anywhere Self-Managed Kubernetes Cluster Setup and Installation EKS Anywhere is container management software built by AWS that makes it easier to run and manage Kubernetes clusters on-premises Manual setup; requires expertise in Kubernetes Management Simplify Kubernetes management on-premises Requires manual management and maintenance Cost Open-source library and no AWS subscription required. Costs depend on infrastructure and operational expenses Scalability Provide cluster autoscalar curated package to scale the nodes Need to deploy tools separately for cluster autoscaling Security EKS Anywhere versions provides security patches, bug fixes and new Kubernetes versions Security management is manual and requires expertise Support AWS support available and optional Community support or self-support Compliance AWS compliance and certifications Compliance management is manual Monitoring and Logging Requires third-party tools for monitoring. EKS Anywhere comes with curated packages for monitoring Requires third-party tools for monitoring Networking Use Cilium as CNI by default leveraging Kubernetes Network Policy. However custom CNIs can also be used Networking setup needs to be configured manually Integration with AWS Services Support EKS Connector to view the Kubernetes cluster and components on AWS Console (Optional) Limited integration; depends on manual configuration Updates and Upgrades Simplify and automate Kubernetes management on-premises Manual updates; requires careful planning