📢 Webinar Alert! Reliability Automation - AI, ML, & Workflows in Incident Management. Register Here
Blog
Kubernetes
Kubernetes as a Service using Amazon EKS

Kubernetes as a Service using Amazon EKS

June 20, 2022
Kubernetes as a Service using Amazon EKS
In This Article:
Our Products
On-Call Management
Incident Response
Continuous Learning
Workflow Automation

Kubernetes is an open-source software that helps you manage and deploy your containerized applications. Kubernetes consists of two major component control planes (which decide where to run your pod) and a worker node (where your workload runs). As Kubernetes is a complex system, managing these components is challenging, and this is where you can use a Kubernetes as a Service solution like Amazon Elastic Kubernetes Service (EKS). In this blog, we will see how you can set up and manage EKS and take advantage of the native integration of EKS with other AWS services (Amazon CloudWatch, Amazon VPC, etc.).

What is Amazon Elastic Kubernetes Service (EKS)?

Amazon EKS is a managed Kubernetes service that makes it easy to run Kubernetes on AWS without installing and managing your Kubernetes cluster. AWS takes care of all the heavy lifting like cluster provisioning, performing upgrades and patching. EKS runs the upstream Kubernetes version, so you can easily migrate your existing Kubernetes cluster to AWS without changing the codebase. EKS runs your infrastructure to multiple availability zones, eliminating a single point of failure.

Different Components of EKS

An AWS EKS cluster consists of two primary components:

  • Control plane consists of nodes that run the Kubernetes software etcd, and the Kubernetes API server. AWS takes care of scalability and high availability of the control plane and makes sure two API server nodes and three etcd nodes are always available across three Availability Zones.
  • Data plane is where your application/workload runs. It consists of Kubelet and Kube-proxy server.

Amazon EKS will completely manage your controlplane, but how much or little control you need to manage your data plane depends on your requirements. AWS gives three options to manage your data plane nodes.

  • Unmanaged worker nodes: You will fully manage these yourself.
  • Managed node groups: These worker nodes are partially managed by EKS, but you still control your resources.
  • AWS Fargate: AWS Fargate will fully take care of managing your worker nodes.

In this competitive cloud market, there are numerous cloud providers that offer services which support the usage of Kubernetes. Here is the comparison to help you pick a cloud provider that meets your needs better.

Comparing Amazon’s EKS, Google’s GKE and Azure AKS

Before selecting a managed Kubernetes service, it's vital to know the strengths and weaknesses of each. All managed services solve your goal of easily deploying your Kubernetes cluster. The first decision is where your existing workload is running. It might be easier to remain with the cloud provider you already use.

Some comparisons between the three managed services:

  • Google Kubernetes Engine (GKE) has been in the market since 2015. Amazon Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS) have been available since 2018.
  • The GKE control plane is free for one zone cluster; otherwise, it costs $72. The EKS control plane costs you $72, while the AKS control plane is free. AKS and GKE have easier setup.
  • EKS setup is slightly complicated but can be simplified using tools like eksctl.
  • AWS and GKE can manage your worker nodes using services like Fargate and Autopilot. Currently, AKS doesn't offer such services/features.

These were the major differences between the three cloud offerings in how they offer Kubernetes solutions.

Here are the primary reasons to use EKS:

  • It is the most widely used Kubernetes-managed service.
  • Kubernetes tooling like certificate management and DNS is fully integrated with AWS.
  • You can bring your own Amazon Machine Image (AMI)
  • Support tools like Terraform and eksctl to quickly set up your EKS cluster.
  • Large user community support

Installing EKS using eksctl

This section will show how to set up your EKS cluster using eksctl. It is a simple command-line utility that helps you set up and manage the EKS cluster. For more information, check the documentation at https://github.com/weaveworks/eksctl.

Prerequisites

You must fulfill a few prerequisites before installing and setting up the EKS cluster using eksctl.

Installing Kubectl on Linux

  • Download the kubectl binary from your Amazon S3 bucket

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/118aa784c92901084ec5dae0c6de559e.js</p>

  • Change the permission to make the binary executable

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/6d6054023072c6b36bcbc98e54e399c9.js</p>

  • Copy the binary to $PATH so that you don't need to type the complete path when executing the binary, and optionally you can add it into your bash profile so that it will be initialized during shell initialization.

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/2fcf09165175ac9f3b8a1027072d98c1.js</p>

  • Verify the version of kubectl installed using the following command

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/239bad94dc94a48a1d3049e3a62b03bd.js</p>

NOTE: To install Kubectl on other platforms like Windows or Mac, check the following documentation: https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html

Installing eksctl on Linux

  • Download the latest release of eksctl and extract it using the following command

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/33aed411295adb613796624510416329.js</p>

  • Move the downloaded binary to `/usr/local/bin` or to your $PATH definition

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/49b92d1b5a993982ee59709a5abc0339.js</p>

  • Verify the version of eksctl installed using the following command

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/76e228ad268a7c9d3328dc4c188f39e4.js</p>

Creating your EKS cluster

The next step is to create the EKS cluster with all the prerequisites in place. Run the eks cluster command and pass the following options

  • eksctl create cluster will create the EKS cluster for you.
  • name is used to give your EKS cluster name. If you omit this value, eksctl will generate a random name for you.
  • version will let you specify the Kubernetes version.
  • region is the name of the region where you want to set up your EKS cluster.
  • nodegroup-name is the name of the node group.
  • node-type Iis the instance type for the node (default value is m5.large)
  • nodes: Total number of worker nodes (default value is 2)
  • nodes-min to specify the minimum number of worker nodes.

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/083feffaebbe3b28de9fa03863788a3b.js</p>

  • You can verify if the EKS cluster is up by executing the below command

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/04672e38406fc79b1ece2675f1983e91.js</p>

  • To update the kubeconfig file to use your newly created EKS cluster as the current context run the following command

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/9c4955e682653ab959e09a4c2cd2fad9.js</p>

  • To verify if the worker nodes are up and running use the following

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/0999a26ba33dfadb18a0be3e772a8b1a.js</p>

  • Deploy your application

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/8f5d54f8f4fac3d166b147839442a292.js</p>

  • Verify if its deployed in different nodes in your cluster by using -o wide option

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/9497e2c1fce3a737ce0976160824c097.js</p>

Amazon CloudWatch Container Insight

  • Amazon EKS is integrated with other AWS services like Amazon CloudWatch to collect metrics and logs for your containerized application. Amazon CloudWatch container insight collects, summarizes and aggregates metrics and logs from your containerized microservices and applications. These metrics include CPU, memory, network and disk utilization. It also helps you provide diagnostic information such as container restart failure to isolate and resolve these issues quickly.
  • It runs as a containerized version of the CloudWatch agent to discover all the running containers. Also, it runs as a daemonset as a log collector with a CloudWatch plugin on each node in the cluster. It then creates aggregate metrics by collecting all performance data.

Installing CloudWatch Container Insight

At this stage, your EKS cluster is up and running. The next step is to install CloudWatch container insight to collect your metrics. But first, ensure that the identity and access management (IAM) policy is attached to your instance. In this case, you need a CloudWatch Full Access policy for your worker node so it can push metrics to CloudWatch.

Figure 1: EKS Worker node EC2 console
Figure 2: IAM console with policies attached to Worker nodes
Figure 3: Attaching CloudWatchFullAccess policy to worker nodes
  • Deploy CloudWatch container insight by running the following command

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/242d1df61175481a3fa506be40dccf0d.js</p>

  • Verify that CloudWatch and Fluentd pods created among the amazon-cloudwatch name, run the following command

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/71393c71fe32e1bd379c41e63239c102.js</p>

  • Once the CloudWatch container insight is configured, you can see various metrics like CPU, memory, disk and network statistics across your EKS cluster.
  • Go to the CloudWatch dashboard https://console.aws.amazon.com/cloudwatch/home. Under Container Insights, click on Performance monitoring to view the various metrics.
Figure 4:CloudWatch container insight console to view EKS cluster metrics
Figure 5: CloudWatch container insight console to view EKS node metrics

Amazon Virtual Private Cloud (VPC) for Pod Networking Using VPC CNI Plugin

AWS EKS supports virtual private cloud (VPC) networking using the AWS VPC Container Network Interface (CNI) plugin for Kubernetes. Using this plugin, Kubernetes pods have the same IP as on the VPC network. For more information, check the following link: https://github.com/aws/amazon-vpc-cni-k8s

  • CNI uses EC2 to provision multiple Elastic Network Interfaces (ENIs) to a host instance, and thus each interface will get multiple IPs from the VPC pool. It then assigns these IPs to the pod, connects the ENI to the VETH (virtual Ethernet) port created by a pod, and finally, the Linux kernel takes care of the rest. The advantage of this approach is that each pod will have the real routable IP address allocated from VPC and can communicate with other pods and AWS services.
  • To implement the network policies, EKS uses the Calico plugin. A calico node agent is deployed in each node in the cluster. This helps to route information propagated among all the nodes in the cluster using Border Gateway Protocol (BGP).

Identity and Access Management (IAM) for Role-based Access Control

For EKS, authorization is managed by role-based access control (RBAC) for Kubernetes commands, but for AWS commands, identity and access management (IAM) manages both authentication and authorization. EKS is tightly integrated with the IAM authenticator service, which uses IAM credentials to authenticate the Kubernetes cluster. This greatly helps to avoid managing separate credentials for Kubernetes access. Once an identity is authenticated, RBAC is used for authorization. Here is the step-by-step procedure:

  • Suppose you made a kubectl call to get pod. In this case, your IAM identity is passed along with the Kubernetes call.
  • Kubernetes verifies the IAM identity by using the authenticator tool.
  • Authenticator token-based response is passed back to Kubernetes.
  • Kubernetes checks RBAC for authorization. This is where pod calls are either allowed or denied.
  • Kubernetes API either allows or denies the request.

Amazon Elastic Container Registry (ECR) Repository

Amazon Elastic Container Registry (ECR) Repository is a fully managed registry to store container images. Every AWS account comes with a single (default) ECR registry, but you can create one or more registries to store container images. ECR is well-integrated with other AWS services like identity and access management (IAM), and you can use it to set permissions to control access. You can use ECR to store other artifacts like Helm charts.

To push your image to ECR Repository, follow these steps

  • Authenticate your docker client to your registry by retrieving the authentication token

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/03115d33661e1df3fbb1ab5456af8a94.js</p>

NOTE: The authentication token is valid only for 12 hours from when it is issued.

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/9b45adbee4797d924a48fe3536e534e4.js</p>

  • Tag the image so that you can push it to the repository.

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/3fda5f90028b3809795d45881b06e2a0.js</p>

NOTE: 1234567890 is your AWS account ID. Replace it with your account ID.

  • Push the newly created image to the ECR registry.

<p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/598249327fde372096acc453f62eebcd.js</p>

Conclusion

Amazon EKS is one of the most widely used Kubernetes managed services. In this blog, you have learned how to set up an EKS cluster and deploy your workload. One of the primary advantages of using EKS is its integration with AWS services like identity management and virtual private cloud. Also, AWS will take care of all the heavy lifting like patching, performing an upgrade and provisioning your cluster. On top of that, if you use AWS offerings like Fargate, AWS will manage your worker node.

Plug: Use K8s with Squadcast for Faster Resolution

Written By:
Squadcast Community
Vishal Padghan
Squadcast Community
Vishal Padghan
June 20, 2022
Kubernetes
Cloud Computing
Share this blog:
In This Article:
Get reliability insights delivered straight to your inbox.
Get ready for the good stuff! No spam, no data sale and no promotion. Just the awesome content you signed up for.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
If you wish to unsubscribe, we won't hold it against you. Privacy policy.
Get reliability insights delivered straight to your inbox.
Get ready for the good stuff! No spam, no data sale and no promotion. Just the awesome content you signed up for.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
If you wish to unsubscribe, we won't hold it against you. Privacy policy.
Get the latest scoop on Reliability insights. Delivered straight to your inbox.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
If you wish to unsubscribe, we won't hold it against you. Privacy policy.
Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2 Users love Squadcast on G2
Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2 Users love Squadcast on G2
Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2
Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2
Users love Squadcast on G2
Copyright © Squadcast Inc. 2017-2024

Kubernetes as a Service using Amazon EKS

Jun 20, 2022
Last Updated:
November 20, 2024
Share this post:
Kubernetes as a Service using Amazon EKS
Table of Contents:

    Kubernetes is an open-source software that helps you manage and deploy your containerized applications. Kubernetes consists of two major component control planes (which decide where to run your pod) and a worker node (where your workload runs). As Kubernetes is a complex system, managing these components is challenging, and this is where you can use a Kubernetes as a Service solution like Amazon Elastic Kubernetes Service (EKS). In this blog, we will see how you can set up and manage EKS and take advantage of the native integration of EKS with other AWS services (Amazon CloudWatch, Amazon VPC, etc.).

    What is Amazon Elastic Kubernetes Service (EKS)?

    Amazon EKS is a managed Kubernetes service that makes it easy to run Kubernetes on AWS without installing and managing your Kubernetes cluster. AWS takes care of all the heavy lifting like cluster provisioning, performing upgrades and patching. EKS runs the upstream Kubernetes version, so you can easily migrate your existing Kubernetes cluster to AWS without changing the codebase. EKS runs your infrastructure to multiple availability zones, eliminating a single point of failure.

    Different Components of EKS

    An AWS EKS cluster consists of two primary components:

    • Control plane consists of nodes that run the Kubernetes software etcd, and the Kubernetes API server. AWS takes care of scalability and high availability of the control plane and makes sure two API server nodes and three etcd nodes are always available across three Availability Zones.
    • Data plane is where your application/workload runs. It consists of Kubelet and Kube-proxy server.

    Amazon EKS will completely manage your controlplane, but how much or little control you need to manage your data plane depends on your requirements. AWS gives three options to manage your data plane nodes.

    • Unmanaged worker nodes: You will fully manage these yourself.
    • Managed node groups: These worker nodes are partially managed by EKS, but you still control your resources.
    • AWS Fargate: AWS Fargate will fully take care of managing your worker nodes.

    In this competitive cloud market, there are numerous cloud providers that offer services which support the usage of Kubernetes. Here is the comparison to help you pick a cloud provider that meets your needs better.

    Comparing Amazon’s EKS, Google’s GKE and Azure AKS

    Before selecting a managed Kubernetes service, it's vital to know the strengths and weaknesses of each. All managed services solve your goal of easily deploying your Kubernetes cluster. The first decision is where your existing workload is running. It might be easier to remain with the cloud provider you already use.

    Some comparisons between the three managed services:

    • Google Kubernetes Engine (GKE) has been in the market since 2015. Amazon Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS) have been available since 2018.
    • The GKE control plane is free for one zone cluster; otherwise, it costs $72. The EKS control plane costs you $72, while the AKS control plane is free. AKS and GKE have easier setup.
    • EKS setup is slightly complicated but can be simplified using tools like eksctl.
    • AWS and GKE can manage your worker nodes using services like Fargate and Autopilot. Currently, AKS doesn't offer such services/features.

    These were the major differences between the three cloud offerings in how they offer Kubernetes solutions.

    Here are the primary reasons to use EKS:

    • It is the most widely used Kubernetes-managed service.
    • Kubernetes tooling like certificate management and DNS is fully integrated with AWS.
    • You can bring your own Amazon Machine Image (AMI)
    • Support tools like Terraform and eksctl to quickly set up your EKS cluster.
    • Large user community support

    Installing EKS using eksctl

    This section will show how to set up your EKS cluster using eksctl. It is a simple command-line utility that helps you set up and manage the EKS cluster. For more information, check the documentation at https://github.com/weaveworks/eksctl.

    Prerequisites

    You must fulfill a few prerequisites before installing and setting up the EKS cluster using eksctl.

    Installing Kubectl on Linux

    • Download the kubectl binary from your Amazon S3 bucket

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/118aa784c92901084ec5dae0c6de559e.js</p>

    • Change the permission to make the binary executable

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/6d6054023072c6b36bcbc98e54e399c9.js</p>

    • Copy the binary to $PATH so that you don't need to type the complete path when executing the binary, and optionally you can add it into your bash profile so that it will be initialized during shell initialization.

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/2fcf09165175ac9f3b8a1027072d98c1.js</p>

    • Verify the version of kubectl installed using the following command

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/239bad94dc94a48a1d3049e3a62b03bd.js</p>

    NOTE: To install Kubectl on other platforms like Windows or Mac, check the following documentation: https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html

    Installing eksctl on Linux

    • Download the latest release of eksctl and extract it using the following command

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/33aed411295adb613796624510416329.js</p>

    • Move the downloaded binary to `/usr/local/bin` or to your $PATH definition

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/49b92d1b5a993982ee59709a5abc0339.js</p>

    • Verify the version of eksctl installed using the following command

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/76e228ad268a7c9d3328dc4c188f39e4.js</p>

    Creating your EKS cluster

    The next step is to create the EKS cluster with all the prerequisites in place. Run the eks cluster command and pass the following options

    • eksctl create cluster will create the EKS cluster for you.
    • name is used to give your EKS cluster name. If you omit this value, eksctl will generate a random name for you.
    • version will let you specify the Kubernetes version.
    • region is the name of the region where you want to set up your EKS cluster.
    • nodegroup-name is the name of the node group.
    • node-type Iis the instance type for the node (default value is m5.large)
    • nodes: Total number of worker nodes (default value is 2)
    • nodes-min to specify the minimum number of worker nodes.

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/083feffaebbe3b28de9fa03863788a3b.js</p>

    • You can verify if the EKS cluster is up by executing the below command

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/04672e38406fc79b1ece2675f1983e91.js</p>

    • To update the kubeconfig file to use your newly created EKS cluster as the current context run the following command

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/9c4955e682653ab959e09a4c2cd2fad9.js</p>

    • To verify if the worker nodes are up and running use the following

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/0999a26ba33dfadb18a0be3e772a8b1a.js</p>

    • Deploy your application

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/8f5d54f8f4fac3d166b147839442a292.js</p>

    • Verify if its deployed in different nodes in your cluster by using -o wide option

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/9497e2c1fce3a737ce0976160824c097.js</p>

    Amazon CloudWatch Container Insight

    • Amazon EKS is integrated with other AWS services like Amazon CloudWatch to collect metrics and logs for your containerized application. Amazon CloudWatch container insight collects, summarizes and aggregates metrics and logs from your containerized microservices and applications. These metrics include CPU, memory, network and disk utilization. It also helps you provide diagnostic information such as container restart failure to isolate and resolve these issues quickly.
    • It runs as a containerized version of the CloudWatch agent to discover all the running containers. Also, it runs as a daemonset as a log collector with a CloudWatch plugin on each node in the cluster. It then creates aggregate metrics by collecting all performance data.

    Installing CloudWatch Container Insight

    At this stage, your EKS cluster is up and running. The next step is to install CloudWatch container insight to collect your metrics. But first, ensure that the identity and access management (IAM) policy is attached to your instance. In this case, you need a CloudWatch Full Access policy for your worker node so it can push metrics to CloudWatch.

    Figure 1: EKS Worker node EC2 console
    Figure 2: IAM console with policies attached to Worker nodes
    Figure 3: Attaching CloudWatchFullAccess policy to worker nodes
    • Deploy CloudWatch container insight by running the following command

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/242d1df61175481a3fa506be40dccf0d.js</p>

    • Verify that CloudWatch and Fluentd pods created among the amazon-cloudwatch name, run the following command

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/71393c71fe32e1bd379c41e63239c102.js</p>

    • Once the CloudWatch container insight is configured, you can see various metrics like CPU, memory, disk and network statistics across your EKS cluster.
    • Go to the CloudWatch dashboard https://console.aws.amazon.com/cloudwatch/home. Under Container Insights, click on Performance monitoring to view the various metrics.
    Figure 4:CloudWatch container insight console to view EKS cluster metrics
    Figure 5: CloudWatch container insight console to view EKS node metrics

    Amazon Virtual Private Cloud (VPC) for Pod Networking Using VPC CNI Plugin

    AWS EKS supports virtual private cloud (VPC) networking using the AWS VPC Container Network Interface (CNI) plugin for Kubernetes. Using this plugin, Kubernetes pods have the same IP as on the VPC network. For more information, check the following link: https://github.com/aws/amazon-vpc-cni-k8s

    • CNI uses EC2 to provision multiple Elastic Network Interfaces (ENIs) to a host instance, and thus each interface will get multiple IPs from the VPC pool. It then assigns these IPs to the pod, connects the ENI to the VETH (virtual Ethernet) port created by a pod, and finally, the Linux kernel takes care of the rest. The advantage of this approach is that each pod will have the real routable IP address allocated from VPC and can communicate with other pods and AWS services.
    • To implement the network policies, EKS uses the Calico plugin. A calico node agent is deployed in each node in the cluster. This helps to route information propagated among all the nodes in the cluster using Border Gateway Protocol (BGP).

    Identity and Access Management (IAM) for Role-based Access Control

    For EKS, authorization is managed by role-based access control (RBAC) for Kubernetes commands, but for AWS commands, identity and access management (IAM) manages both authentication and authorization. EKS is tightly integrated with the IAM authenticator service, which uses IAM credentials to authenticate the Kubernetes cluster. This greatly helps to avoid managing separate credentials for Kubernetes access. Once an identity is authenticated, RBAC is used for authorization. Here is the step-by-step procedure:

    • Suppose you made a kubectl call to get pod. In this case, your IAM identity is passed along with the Kubernetes call.
    • Kubernetes verifies the IAM identity by using the authenticator tool.
    • Authenticator token-based response is passed back to Kubernetes.
    • Kubernetes checks RBAC for authorization. This is where pod calls are either allowed or denied.
    • Kubernetes API either allows or denies the request.

    Amazon Elastic Container Registry (ECR) Repository

    Amazon Elastic Container Registry (ECR) Repository is a fully managed registry to store container images. Every AWS account comes with a single (default) ECR registry, but you can create one or more registries to store container images. ECR is well-integrated with other AWS services like identity and access management (IAM), and you can use it to set permissions to control access. You can use ECR to store other artifacts like Helm charts.

    To push your image to ECR Repository, follow these steps

    • Authenticate your docker client to your registry by retrieving the authentication token

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/03115d33661e1df3fbb1ab5456af8a94.js</p>

    NOTE: The authentication token is valid only for 12 hours from when it is issued.

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/9b45adbee4797d924a48fe3536e534e4.js</p>

    • Tag the image so that you can push it to the repository.

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/3fda5f90028b3809795d45881b06e2a0.js</p>

    NOTE: 1234567890 is your AWS account ID. Replace it with your account ID.

    • Push the newly created image to the ECR registry.

    <p>CODE: https://gist.github.com/ShubhanjanMedhi-dev/598249327fde372096acc453f62eebcd.js</p>

    Conclusion

    Amazon EKS is one of the most widely used Kubernetes managed services. In this blog, you have learned how to set up an EKS cluster and deploy your workload. One of the primary advantages of using EKS is its integration with AWS services like identity management and virtual private cloud. Also, AWS will take care of all the heavy lifting like patching, performing an upgrade and provisioning your cluster. On top of that, if you use AWS offerings like Fargate, AWS will manage your worker node.

    Plug: Use K8s with Squadcast for Faster Resolution

    What you should do now
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    What you should do now?
    Here are 3 ways you can continue your journey to learn more about Unified Incident Management
    Discover the platform's capabilities through our Interactive Demo.
    See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    Share the article
    Share this blog post on Facebook, Twitter, Reddit or LinkedIn.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Compare our plans and find the perfect fit for your business.
    See Redis' Journey to Efficient Incident Management through alert noise reduction With Squadcast.
    Discover the platform's capabilities through our Interactive Demo.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Compare Squadcast & PagerDuty / Opsgenie
    Compare and see if Squadcast is the right fit for your needs.
    Compare our plans and find the perfect fit for your business.
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    Discover the platform's capabilities through our Interactive Demo.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Discover the platform's capabilities through our Interactive Demo.
    Enjoyed the article? Explore further insights on the best SRE practices.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Enjoyed the article? Explore further insights on the best SRE practices.
    Share this post:
    Subscribe to our LinkedIn Newsletter to receive more educational content
    Subscribe now
    ant-design-linkedIN

    Subscribe to our latest updates

    Enter your Email Id
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.
    FAQs
    More from
    Squadcast Community
    What is Runbook Automation and Best Practices for Streamlined Incident Resolution
    What is Runbook Automation and Best Practices for Streamlined Incident Resolution
    November 29, 2024
    Scaling Success: How Squadcast Helped Fortune 500 Giants Migrate and Optimize Operations
    Scaling Success: How Squadcast Helped Fortune 500 Giants Migrate and Optimize Operations
    November 28, 2024
    The Shift Left Movement: Empowering Developers and Responders to Secure Code Early
    The Shift Left Movement: Empowering Developers and Responders to Secure Code Early
    November 27, 2024
    Learn how organizations are using Squadcast
    to maintain and improve upon their Reliability metrics
    Learn how organizations are using Squadcast to maintain and improve upon their Reliability metrics
    mapgears
    "Mapgears simplified their complex On-call Alerting process with Squadcast.
    Squadcast has helped us aggregate alerts coming in from hundreds...
    bibam
    "Bibam found their best PagerDuty alternative in Squadcast.
    By moving to Squadcast from Pagerduty, we have seen a serious reduction in alert fatigue, allowing us to focus...
    tanner
    "Squadcast helped Tanner gain system insights and boost team productivity.
    Squadcast has integrated seamlessly into our DevOps and on-call team's workflows. Thanks to their reliability...
    Alexandre Lessard
    System Analyst
    Martin do Santos
    Platform and Architecture Tech Lead
    Sandro Franchi
    CTO
    Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2022 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Mid-Market Asia Pacific Incident Management on G2 Users love Squadcast on G2
    Squadcast awarded as "Best Software" in the IT Management category by G2 🎉 Read full report here.
    What our
    customers
    have to say
    mapgears
    "Mapgears simplified their complex On-call Alerting process with Squadcast.
    Squadcast has helped us aggregate alerts coming in from hundreds of services into one single platform. We no longer have hundreds of...
    Alexandre Lessard
    System Analyst
    bibam
    "Bibam found their best PagerDuty alternative in Squadcast.
    By moving to Squadcast from Pagerduty, we have seen a serious reduction in alert fatigue, allowing us to focus...
    Martin do Santos
    Platform and Architecture Tech Lead
    tanner
    "Squadcast helped Tanner gain system insights and boost team productivity.
    Squadcast has integrated seamlessly into our DevOps and on-call team's workflows. Thanks to their reliability metrics we have...
    Sandro Franchi
    CTO
    Revamp your Incident Response.
    Peak Reliability
    Easier, Faster, More Automated with SRE.