Kubernetes on AWS: Tips for Cloud-Native Development

Kubernetes AWS Tips

Kubernetes is a container orchestration and management tool that automates container deployment. Kubernetes is mainly used in the cloud. A recent survey by CNCF showed that 83% of organizations deploy Kubernetes on at least one public cloud. Amazon Web Services (AWS) provides a mature and robust infrastructure and multiple deployment options for Kubernetes. Read on to understand the key options for running Kubernetes on AWS, how they work, and which is best for your organization’s needs.

Why Run Kubernetes on AWS?

Kubernetes is an open-source container deployment and orchestration system developed by Google. When managing containers in the cloud with Kubernetes, developers can scale applications without rebuilding the cluster and managing the infrastructure. However, setting up Kubernetes on AWS can be complex.

Despite this complexity, there are many reasons to run Kubernetes on AWS. Here are four benefits:

  • Complete control over your servers—as opposed to other cloud providers, AWS always enables you to control your instances.
  • Portability—you can run Kubernetes in any environment, including bare metal, private and public cloud, and can even run on multi-clouds.
  • No vendor lock-in—Kubernetes and the surrounding tools are all open sources. This provides you with an open, and well-supported community.
  • Cloudbursting—you can protect your Kubernetes workloads at peak times by running a part of a cluster on AWS and moving you sensitive workloads to a private cloud.

Kubernetes on AWS: What are the Options?

You can manage Amazon Elastic Compute Cloud (EC2) clusters instances with the Amazon EKS managed service. EKS enables you to run Kubernetes on AWS without operating your own clusters. Managed Kubernetes services take responsibility for the configuration, deployment, and maintenance of clusters. The list below reviews the different AWS services you can use for running Kubernetes.

Amazon Elastic Kubernetes Service (EKS)

EKS is a managed Kubernetes service offered by AWS. It enables you to run Kubernetes control plane instances to achieve high availability across zones. EKS automatically identifies and replaces unhealthy control plane instances, and provides automated version upgrades. You can also integrate other AWS services with EKS to add security and scalability features. This includes Elastic Load Balancing (ELB), Identity and Access Management (IAM) for authentication, and Elastic Container Registry (ECR) for container images.

Amazon Virtual Private Cloud (VPC)

Amazon VPC enables you to use AWS services and other resources on virtual networks. You can define your IP address range and have complete control over your virtual networking environment. This includes control over network gateways, subnets, and route table definitions.

The networking capabilities of VPC enable you to connect Kubernetes cluster nodes or EC2 instances to each other. You set routes through the kubenet plugin. This is a Linux networking plugin that provides native performance throughput for your cluster. However, it lacks other features like extensive networking across availability zones.

Amazon Route53

Kubernetes clusters need a Domain Name System (DNS) to enable communication between the worker and the master nodes. DNS is also needed when Kubernetes discovers the etcd and then the remaining components.

When running Kubernetes in AWS, you can use the Amazon Route 53 service. Route 53 is a DNS service that connects the network traffic to appropriate servers. This subscription-based service enables you to register domain names, perform infrastructure health checks, apply routing policies, and manage configurations using the AWS Console.

Best Practices for Using Amazon EKS

Running Kubernetes workloads on EKS brings new challenges and responsibilities. The following best practices, combined with the regular Kubernetes rules of thumb, should point you in the right direction.

1. Install Calico for cluster network controls

Network traffic in Kubernetes can be internal between pods or with external services. Since pods in EKS clusters have the same security groups as their nodesthe pods can make any network connection that the nodes can. Therefore, you can decrease the number of potential targets for malicious or misconfigured pods by allowing only necessary connections.

The Calico Container Network Interface (CNI) enables you to control network traffic to and from Kubernetes pods by applying the standard Kubernetes Network Policy API. Calico also provides some extensions to the standard policy type. Network policies can control both egress and ingress traffic.

2. Monitor additional resource usage

The deployment of EKS into an existing VPC enables you to create ELB load balancers and EBS volumes as part of your Kubernetes applications.

However, these deployments carry additional costs. Therefore, you should use the Kubernetes Role-Based Access Control (RBAC) to give users the permissions they need. When users have access only to the resources they need, they won’t add unnecessary loads. You should also monitor the resource usage by using the Kubernetes API or the Kubernetes CLI. Monitoring enables you to shut-down unnecessary across all namespaces.

2. Limit network access to the Kubernetes API endpoint

EKS leaves the Kubernetes API endpoint fully open to the public Internet. Despite that, EKS allows unauthenticated connections when running the API server with the –anonymous-auth=true flag. The problem is that you cannot disable this flag. Even if you don’t give any Kubernetes RBAC privileges to anonymous users, this tag still poses a danger

EKS provides several options for protecting API endpoints of a cluster:

  • Disable the public endpoint—use only private endpoints in the cluster’s VPC.
  • Restrict IP addresses—that connect to the public endpoint by using a whitelist of Classless Inter-Domain Routing (CIDR) blocks.
  • Network policies—enable communication only with workloads that require access by blocking traffic from pods to the API endpoint.

Conclusion

Running Kubernetes in AWS enables you to run and manage containers on EC2 cluster instances. AWS makes it easy to run Kubernetes in the cloud with scalable and highly-available virtual machine infrastructure, Amazon EKS, Amazon VPC, and Route 53 for DNS services. There are several best practices that can help you deploy Kubernetes on AWS. This includes using Calico, monitoring resource usage, and limiting network access.

By Eddie Segal

DivvyCloud Podcast

Episode 7: Haste Makes Waste: The Dangers of Rushing to the Cloud

Dangers of Rushing to the Cloud The pressure to accelerate your company’s plans to move to the public cloud is substantial. But it should never be taken lightly. It’s a democratized world far away from ...
Mark Banfield

A Seamless Customer Experience Is Essential to Success in Today’s Digital Economy

Implement A Seamless Customer Experience The need for digital interaction has never seemed more critical than it does today. As the coronavirus continues to spread, citizens around the world are being asked to hunker down ...
Matt Holleran

Cloud Platforms, Marketplaces, and Startups

Cloud Platforms, Marketplaces, and Startups One of the most exciting recent developments in the cloud software business is the proliferation of partner ecosystems, with large public and late-stage private cloud companies creating their own marketplaces ...
Christian Buckley

The Evolution of SharePoint Customization

When I started working with SharePoint back in 2005, deploying WSS 2.0 followed and then SharePoint Portal Server 2003 for a large client, the concept of "customization" as we define it today was not really ...
Dan Saks 1

How to Transform to Succeed in the Digital Economy

Succeed in the Digital Economy In today’s increasingly competitive business climate, companies must put digital technologies at the core of their operations. In order to avoid the same fate as companies like Sears or Yellow ...
Martin Mendelsohn

How Will COVID-19 Impact Security Talent?

New Security Talent As we emerge from the era of COVID-19, unemployment will recede, and new jobs will be created more rapidly than jobs were lost between March and May of this year. We’re already ...