Wednesday, July 30, 2025

Elastic Kubernetes Service (EKS) | Overview & Hands-On.

Elastic Kubernetes Service (EKS) - Overview & Hands-On.

Scope:

Intro,
The concept: Amazon EKS,
Key Features,
EKS Architecture Overview,
Amazon EKS Use cases,
Pricing,
When to Use EKS,
EKS cluster vs ECS cluster vs Self-Managed Kubernetes cluster,
When to Use Amazon EKS Cluster,
When to Use Amazon ECS Cluster,
When to Use Self-Managed Kubernetes Cluster (Kubeadm).
Project: Hands-on.

Intro:

The concept: Amazon EKS

Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS infrastructure.
Kubernetes is cloud-agnostic... it can be used with services of Multi-Cloud providers like, Azure, GCP and many more.

Key Features

Feature	Description
Fully Managed Control Plane.	AWS manages the Kubernetes control plane (API servers, etcd), including scalability and availability.
Integration with AWS Services.	Native integration with IAM, VPC, CloudWatch, ELB, EBS, and more.
Supports EC2 and Fargate.	twtech can run workloads on either Amazon EC2 or AWS Fargate (serverless).
High Availability.	Control plane is automatically deployed across multiple Availability Zones.
Security.	IAM-based authentication, Kubernetes RBAC, and support for PrivateLink and encryption.

EKS Architecture Overview

Control Plane (Managed by AWS)

Kubernetes API server
etcd database
Control plane logs available via CloudWatch

Worker Nodes (Managed by twtech)

EC2 Instances (self-managed or managed node groups)
Fargate (serverless pods)

Networking

Integrates with Amazon VPC
Uses Amazon VPC CNI plugin for pod networking (pods get VPC IPs)

How twtect Uses Amazon EKS

Create an EKS Cluster

Via Console, CLI, CloudFormation, or Terraform

Provision Worker Nodes

EC2 (via node groups) or Fargate profiles

Configure kubectl

Connect to the EKS API using kubectl and the AWS CLI

Deploy Applications

Use standard Kubernetes manifests (YAML)

Pricing

Control Plane: ~$0.10/hour per cluster
Compute: Based on EC2 or Fargate pricing
Other Costs: Networking, EBS, and logging (CloudWatch)

When to Use EKS

twtech should already be using Kubernetes and want a managed solution.
twtech wants tight integration with AWS services.
twtech needs multi-AZ, scalable, secure Kubernetes clusters.
twtech wants to avoid managing the Kubernetes control plane, so aws can do the management.

EKS cluster vs ECS cluster vs Self-Managed Kubernetes cluster:

Here's a clear comparison of Amazon EKS, Amazon ECS, and Self-Managed Kubernetes across key dimensions:

EKS vs ECS vs Self-Managed Kubernetes

Feature / Criteria	Amazon EKS (Elastic Kubernetes Service)	Amazon ECS (Elastic Container Service)	Self-Managed Kubernetes
Control Plane Management.	Fully managed by AWS.	Fully managed by AWS.	twtech manages everything
Orchestration Engine.	Kubernetes.	AWS-native (not Kubernetes)	Kubernetes
Standards & Portability.	Open-source, portable across clouds.	AWS-specific.	Fully portable
Ease of Use.	Moderate (Kubernetes complexity exists).	Easier (simplified abstractions)	Harder (install, upgrade, maintain)
Cost for Control Plane.	~$0.10/hour per cluster.	Free.	Varies (depends on setup)
Compute Options.	EC2, Fargate.	EC2, Fargate.	Any (EC2, on-prem, other cloud)
Networking.	VPC CNI plugin (pods get VPC IPs).	ENIs for tasks.	Depends on configuration
Logging & Monitoring.	CloudWatch, Fluent Bit, Prometheus, etc.	CloudWatch.	twtch configures and manage
Auto Scaling.	K8s HPA, Cluster Autoscaler, Karpenter.	ECS Service Auto Scaling.	Requires manual setup
Deployment Options.	Declarative YAML (kubectl, Helm, etc.)	JSON/YAML or AWS. console/API.	Declarative YAML (kubectl)
CI/CD Integration.	Works well with GitOps (e.g., ArgoCD)	Works well with CodePipeline, CodeDeploy.	Full control, more setup
Security (IAM/RBAC).	IAM + Kubernetes RBAC.	IAM roles/tasks.	Manual RBAC & cert management
Use Case Fit.	Complex microservices, multi-cloud.	Simpler AWS-native workloads.	Custom infra, full control

When to Use Amazon EKS Cluster

twtech needs Kubernetes, but want AWS to manage the control plane.
twtech is already using Kubernetes-native tooling (Helm, ArgoCD, etc.).
twtech wants portability or hybrid/multi-cloud.

When to Use Amazon ECS Cluster

twtech wants the easiest way to run containers on AWS.
twtech doesn’t need Kubernetes complexity.
twtech workloads are AWS-centric and can be tightly coupled to AWS services.

When to Use Self-Managed Kubernetes Cluster (Kubeadm)

twtech needs full control over everything (e.g., for compliance).
twtech is running on-prem, multi-cloud, or edge environments.
twtech wants to experiment with low-level Kubernetes internals.

Project: Hands-on

How twtech deploys and use Amazon EKS in its environment.

Step-1:

Search for aws services: Elastic Kubernetes Service

Step-2:

Create EKS Cluster and assign a name: twtech-eks-cluster
Configure cluster

Create a IAM role to manage services in the cluster: twtech-eks-cluster-role
Cluster IAM roleInfo
Select the Cluster IAM role to allow the Kubernetes control plane to manage AWS resources on twtech behalf.
This cannot be changed after the cluster is created.
To create a new custom role.

Select trusted entity: Trusted entit type.

Select the type of aws service: EKS

Auto Selected permissions

Assign Name, review, and create

Step-3:

Go back to eks cluster configuration, refresh and select the role created: twtech-eks-cluster-role.

Create: Node IAM role
Nodes need an EC2 Instance IAM Role to launch and register with a cluster.
To create a new custom role, follow the instructions in the Amazon EKS

Step-4:

Add permissions: EKSWorkerNodePolicy & EC2ReadOnlyAccess
Name, review, and create

Assign node role name: twtech-node-role

Step-5:

Go back to eks cluster configuration, refresh and select the role created: twtech-node-role

From: creating

To: Active

Step-6:

twtech verifies all resources auto-provisioned with the eks cluster as defined in the launch template.

Resources auto-provisioned with eks-cluster: security group

When cluster has been fully created (it takes a couple of minutes to be fully provisioned),
Next twtech needs to add the compute groups(target or node groups):twtech-eks-tg
Select the cluster and click open to create node groups: twtech-node-group

Step-7:

twtech Navigates to Compute-tab / Node group configuration to create the node group: twtech-node-group.

Configure node group

A node group is a group of EC2 instances that supply compute capacity to twtech Amazon EKS cluster.
twtech can add multiple node groups to its cluster.
twtech Assignsa name for the node group: twech-node-group

Set compute and scaling configuration

Node group scaling configuration

Node group update configuration

Specify networking

Review and create

From: creating

Ec2 intanstances provisioned:

Step-8:

twtech verifies the ASG created:

NB:

Fargate profiles(serverless) can also be added

Step-9:
How twtech may add add-ons to the eks cluster: twtech-eks-cluster.
add-ons perform addinal rule to the eks cluster.

Select add-ons

Review the add-ons from multiple categories, then select add-ons to enhance the functioning of the created cluster.

Community add-ons (5)

When installing Amazon EKS Add-ons, twtech carefully review the scope of support.
twtech is responsible for the open source or third party software (including community add-ons) that twtech may also install on the cluster.

Step-10:

How twtech may choose to delete (Clean-up) its unwanted eks cluster: twtech-eks-cluster
First, twtech deletes the node groups created and attached to the cluster: twtech-node-group
Select the node group attached to the cluster and unwanted to: delete

Type node group name to confirm deletion: twtech-node-group

NB:

This action will delete the instances created with the node group.

When the node group(twtech-node-group) is fully deleted, twtech prceeds to delete the entire cluster(twtech-eks-cluster) with all the resources created with it.