Amazon kubernet

Amazon EKS
  • An Amazon EKS cluster consists of two primary components:

    The Amazon EKS control plane

    The Amazon EKS control plane consists of control plane nodes that run the Kubernetes software, such as etcd and the Kubernetes API server.

    The control plane runs in an account managed by AWS, and the Kubernetes API is exposed via the Amazon EKS endpoint associated with customers cluster. Each Amazon EKS cluster control plane is single-tenant and unique, and runs on its own set of Amazon EC2 instances.

    All of the data stored by the etcd nodes and associated Amazon EBS volumes is encrypted using AWS KMS. The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec , logs , and proxy data flows).

    Amazon EKS nodes run in your AWS account and connect to customers cluster’s control plane via the API server endpoint and a certificate file that is created for their cluster.

    There are two getting started guides available for creating a new Kubernetes cluster with nodes in Amazon EKS:

    Getting started with eksctl – This getting started guide helps customers to install all of the required resources to get started with Amazon EKS using eksctl, a simple command line utility for creating and managing Kubernetes clusters on Amazon EKS. This is the fastest and simplest way to get started with Amazon EKS.

    Getting started with the AWS Management Console – This getting started guide helps customers to create all of the required resources to get started with Amazon EKS using the AWS Management Console.

    Amazon EKS uses IAM to provide authentication to customers Kubernetes cluster (through the aws eks get-token command, available in version 1.16.156 or later of the AWS CLI, or the AWS IAM Authenticator for Kubernetes), but it still relies on native Kubernetes Role Based Access Control (RBAC) for authorization. This means that IAM is only used for authentication of valid IAM entities. All permissions for interacting with their Amazon EKS cluster’s Kubernetes API is managed through the native Kubernetes RBAC system.