rights reserved. Amazon Confidential and Trademark – @christoph_k Upstream Kubernetes Use standard Kubernetes APIs. Works with community tools. Highly available Built for production workloads, all clusters are highly available. Backed by a 99.9% SLA. Integrated with the AWS ecosystem: VPC Networking, Elastic Load Balancing, IAM Permissions, CloudWatch and more Amazon Elastic Kubernetes Service
rights reserved. Amazon Confidential and Trademark – @christoph_k Amazon EKS Architecture https://00000000000000000000000000000000.xyz.eu-central-1.eks.amazonaws.com EKS workers kubectl AZ 1 AZ 2 AZ 3 Your AWS account VPC Amazon EKS
rights reserved. Amazon Confidential and Trademark – @christoph_k Managed Node Groups EKS APIs to provision and manage worker nodes • Easy to provision: One-click deploy of multi-AZ node groups backed by EC2 ASG and the latest EKS AMIs. • Easy to manage: All nodes in a single API call or console, integrated health monitoring. • Easy to update: Minor or patch version upgrades with zero downtime. • Scaling controls: Automatic tagging for cluster-autoscaler, pass- through ASG controls.
rights reserved. Amazon Confidential and Trademark – @christoph_k Managed by AWS No EC2 Instances to provision, scale or manage Elastic Scale up & down seamlessly. Pay only for what you use Integrated with the AWS ecosystem: VPC Networking, Elastic Load Balancing, IAM Permissions, CloudWatch and more. Run Kubernetes pods or ECS tasks. AWS Fargate
rights reserved. Amazon Confidential and Trademark – @christoph_k Make Kubernetes Pods serverless Bring existing pods Production ready Right-Sized and Integrated Fargate runs tens of millions of containers for AWS customers every week
rights reserved. Amazon Confidential and Trademark – @christoph_k Step 2: Create ServiceAccount, IAM Role and correct association eksctl create iamserviceaccount \ --name sqs-orderservice \ --namespace default \ --cluster eks-patterns-demo \ --attach-policy-arn IAM_policy_ARN \ --approve \ --override-existing-serviceaccounts Note: Cluster name is required but namespace and service account are optional IAM Roles for ServiceAccounts
rights reserved. Amazon Confidential and Trademark – @christoph_k Prometheus & Grafana Well-known open source monitoring & dashboarding Commonly used by our customers Long Term Storage Options Cortex -> DynamoDB / S3 Thanos -> S3 Install adapter to expose metrics to metrics-server https://github.com/DirectXMan12/k8s-prometheus-adapter
rights reserved. Amazon Confidential and Trademark – @christoph_k Container Storage Interface (CSI) for EFS and EBS EBS • Static Provisioning / Dynamic Provisioning • Mount Option • Block Volume • Volume Snapshot • NVMe Integrated k8s support CSI Driver EFS NFS shared filesystem Shared mount Single or Multiple Container Support only via CSI driver https://github.com/kubernetes-sigs/aws-ebs-csi-driver https://github.com/kubernetes-sigs/aws-efs-csi-driver