Kubernetes on AWS: Tips for Cloud-Native Development

Kubernetes AWS Tips

Kubernetes is a container orchestration and management tool that automates container deployment. Kubernetes is mainly used in the cloud. A recent survey by CNCF showed that 83% of organizations deploy Kubernetes on at least one public cloud. Amazon Web Services (AWS) provides a mature and robust infrastructure and multiple deployment options for Kubernetes. Read on to understand the key options for running Kubernetes on AWS, how they work, and which is best for your organization’s needs.

Why Run Kubernetes on AWS?

Kubernetes is an open-source container deployment and orchestration system developed by Google. When managing containers in the cloud with Kubernetes, developers can scale applications without rebuilding the cluster and managing the infrastructure. However, setting up Kubernetes on AWS can be complex.

Despite this complexity, there are many reasons to run Kubernetes on AWS. Here are four benefits:

  • Complete control over your servers—as opposed to other cloud providers, AWS always enables you to control your instances.
  • Portability—you can run Kubernetes in any environment, including bare metal, private and public cloud, and can even run on multi-clouds.
  • No vendor lock-in—Kubernetes and the surrounding tools are all open sources. This provides you with an open, and well-supported community.
  • Cloudbursting—you can protect your Kubernetes workloads at peak times by running a part of a cluster on AWS and moving you sensitive workloads to a private cloud.

Kubernetes on AWS: What are the Options?

You can manage Amazon Elastic Compute Cloud (EC2) clusters instances with the Amazon EKS managed service. EKS enables you to run Kubernetes on AWS without operating your own clusters. Managed Kubernetes services take responsibility for the configuration, deployment, and maintenance of clusters. The list below reviews the different AWS services you can use for running Kubernetes.

Amazon Elastic Kubernetes Service (EKS)

EKS is a managed Kubernetes service offered by AWS. It enables you to run Kubernetes control plane instances to achieve high availability across zones. EKS automatically identifies and replaces unhealthy control plane instances, and provides automated version upgrades. You can also integrate other AWS services with EKS to add security and scalability features. This includes Elastic Load Balancing (ELB), Identity and Access Management (IAM) for authentication, and Elastic Container Registry (ECR) for container images.

Amazon Virtual Private Cloud (VPC)

Amazon VPC enables you to use AWS services and other resources on virtual networks. You can define your IP address range and have complete control over your virtual networking environment. This includes control over network gateways, subnets, and route table definitions.

The networking capabilities of VPC enable you to connect Kubernetes cluster nodes or EC2 instances to each other. You set routes through the kubenet plugin. This is a Linux networking plugin that provides native performance throughput for your cluster. However, it lacks other features like extensive networking across availability zones.

Amazon Route53

Kubernetes clusters need a Domain Name System (DNS) to enable communication between the worker and the master nodes. DNS is also needed when Kubernetes discovers the etcd and then the remaining components.

When running Kubernetes in AWS, you can use the Amazon Route 53 service. Route 53 is a DNS service that connects the network traffic to appropriate servers. This subscription-based service enables you to register domain names, perform infrastructure health checks, apply routing policies, and manage configurations using the AWS Console.

Best Practices for Using Amazon EKS

Running Kubernetes workloads on EKS brings new challenges and responsibilities. The following best practices, combined with the regular Kubernetes rules of thumb, should point you in the right direction.

1. Install Calico for cluster network controls

Network traffic in Kubernetes can be internal between pods or with external services. Since pods in EKS clusters have the same security groups as their nodesthe pods can make any network connection that the nodes can. Therefore, you can decrease the number of potential targets for malicious or misconfigured pods by allowing only necessary connections.

The Calico Container Network Interface (CNI) enables you to control network traffic to and from Kubernetes pods by applying the standard Kubernetes Network Policy API. Calico also provides some extensions to the standard policy type. Network policies can control both egress and ingress traffic.

2. Monitor additional resource usage

The deployment of EKS into an existing VPC enables you to create ELB load balancers and EBS volumes as part of your Kubernetes applications.

However, these deployments carry additional costs. Therefore, you should use the Kubernetes Role-Based Access Control (RBAC) to give users the permissions they need. When users have access only to the resources they need, they won’t add unnecessary loads. You should also monitor the resource usage by using the Kubernetes API or the Kubernetes CLI. Monitoring enables you to shut-down unnecessary across all namespaces.

2. Limit network access to the Kubernetes API endpoint

EKS leaves the Kubernetes API endpoint fully open to the public Internet. Despite that, EKS allows unauthenticated connections when running the API server with the –anonymous-auth=true flag. The problem is that you cannot disable this flag. Even if you don’t give any Kubernetes RBAC privileges to anonymous users, this tag still poses a danger

EKS provides several options for protecting API endpoints of a cluster:

  • Disable the public endpoint—use only private endpoints in the cluster’s VPC.
  • Restrict IP addresses—that connect to the public endpoint by using a whitelist of Classless Inter-Domain Routing (CIDR) blocks.
  • Network policies—enable communication only with workloads that require access by blocking traffic from pods to the API endpoint.

Conclusion

Running Kubernetes in AWS enables you to run and manage containers on EC2 cluster instances. AWS makes it easy to run Kubernetes in the cloud with scalable and highly-available virtual machine infrastructure, Amazon EKS, Amazon VPC, and Route 53 for DNS services. There are several best practices that can help you deploy Kubernetes on AWS. This includes using Calico, monitoring resource usage, and limiting network access.

By Eddie Segal

Building a Robust Virtual Agent (VA) Rollout Strategy for DSPs

Building a Robust Virtual Agent (VA) Rollout Strategy for DSPs

Building a Robust Virtual Agent (VA) Rollout Strategy for DSPs Proven methods to increase VA containment & customer satisfaction The virtual agent’s market is at ...
Mark Barrenechea

So are Bad and Stranger Things—the Negative Impact of Technology

Negative Impact of Technology Cyberattacks and information breaches are happening every day, from influencing the outcomes of elections to bringing down businesses to massive data ...
Dan Saks 1

How to Transform to Succeed in the Digital Economy

Succeed in the Digital Economy In today’s increasingly competitive business climate, companies must put digital technologies at the core of their operations. In order to ...
Tunio Zafer

The Evolution of Data File Sharing

Data File Sharing Whether due to a lack of time, need or simply because email started at such an advanced stage, digital data-transfer systems have ...
Big Data Explosion

Developing Machine Learning-based Approach for Optimizing Virtual Agent (VA) Training

Optimizing Virtual Agent (VA) Training Achieve NLU model’s precision, recall & accuracy up to 78% The success of any Virtual Agent (VA) depends on the ...
Mark Banfield

A Seamless Customer Experience Is Essential to Success in Today’s Digital Economy

Implement A Seamless Customer Experience The need for digital interaction has never seemed more critical than it does today. As the coronavirus continues to spread, ...
Bruce Guptill

How CFOs and CIOs See Finance Management Priorities

Cloud and the Finance-IT Effectiveness Gap IT leaders today tend to be much better aligned with business and operational leaders and business goals than they ...
Kishore Durg

Relevance at scale is the key to growth – just ask Del Monte Foods

Relevance at scale is the key to growth Consumer goods companies have seldom had things tougher. The possibilities shown to consumers by customer experience leaders ...
Karen Gondoly

You Don’t Need Cloud Desktops, You Need Cloud-Based VDI. Here’s Why

Cloud Desktops / Cloud-Based VDI Virtual Desktop Infrastructures (VDI) have been around for a while. As an example, VMware started selling their first VDI product ...
Christian Buckley

The Evolution of SharePoint Customization

When I started working with SharePoint back in 2005, deploying WSS 2.0 followed and then SharePoint Portal Server 2003 for a large client, the concept ...