Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed service offered by AWS that simplifies running, scaling, and managing containerized applications with Kubernetes. Although it’s mainly used in the AWS public cloud, EKS can also be deployed on-premises. The Kubernetes control plane is built for high availability and operates across multiple Availability Zones. EKS also provides flexible options for configuring and managing your worker nodes based on your needs.

WORKING

EKS clusters consist of two main parts: the control plane and the worker nodes. Each cluster operates within its own fully managed Virtual Private Cloud (VPC) for network isolation.

The control plane includes three master nodes, with each node distributed across separate Availability Zones (AZs) to ensure high availability. Requests to the Kubernetes API are routed through an AWS Network Load Balancer (NLB).

Worker nodes run on Amazon EC2 instances inside a VPC that you manage. This gives you full control over how the VPC is configured. You can also use SSH for provisioning worker nodes or integrating with your automation tools.

When it comes to deployment, you have two main approaches: you can set up a separate cluster for each environment or application, or you can run multiple applications on a single cluster using Kubernetes namespaces and IAM security policies for isolation.

To secure communication between the control plane and your cluster, EKS offers Amazon VPC network policies. Only authorized accounts and clusters—defined using Kubernetes RBAC (role-based access control)—can access or interact with control plane components.

To secure communication between the control plane and your cluster, EKS offers Amazon VPC network policies. Only authorized accounts and clusters—defined using Kubernetes RBAC (role-based access control)—can access or interact with control plane components.

Amazon EKS Architecture

Amazon EKS architecture is divided into two main components:

EKS Control Plane

Similar to a Kubernetes cluster spun up using tools like kops, Amazon EKS also includes a master node, but in this case, the control plane is fully managed by AWS.

It has several key components:

Kubernetes API Server – Handles all Kubernetes API requests and serves as the entry point for all cluster management tasks.

etcd (Key-Value Store) – Stores all cluster data and configuration in a consistent and reliable way.

Controller Manager – Watches for changes in cluster state and ensures the desired state is maintained.

Scheduler – Assigns workloads (pods) to the appropriate nodes based on resource availability and constraints.

The EKS control plane runs across multiple Availability Zones (AZs) to provide high availability and fault tolerance. AWS takes care of automatically scaling, patching, and maintaining the control plane, so you don’t have to manage the master nodes yourself.

EKS Managed Node Group

EKS Managed Node Groups consist of worker nodes (EC2 instances) that AWS provisions and manages on your behalf. These nodes register with the EKS cluster and run your pods.

Worker nodes in Amazon EKS (whether managed by AWS or self-managed) run on EC2 instances or on-premises servers (for EKS Anywhere). These nodes contain the components that actually run your workloads:

kubelet – An agent that runs on each node. It ensures that containers described in the PodSpecs are running and healthy on that node.

kube-proxy – Handles network routing and ensures that each pod gets network access according to Kubernetes services and networking rules.

Container runtime (e.g.,containerd, Docker) – Responsible for running the actual containers inside pods.

These worker nodes are part of Auto Scaling groups, which allow the cluster to dynamically scale resources up or down as needed.