EKS Anywhere is an AWS offering that lets users run Elastic Kubernetes Service (EKS) clusters in on-premises environments. Users can deploy a Kubernetes setup that is compatible with the managed cloud EKS offering without forcing users to migrate data or compute capacity to the cloud. AWS provides this functionality by packaging a collection of tools for deploying a Kubernetes distribution with an opinionated configuration. This feature provides an on-ramp for users interested in gradually shifting toward an EKS-based Kubernetes platform, integrating with other AWS services and benefiting from an AWS support plan.
|How does EKS Anywhere work?||EKS Anywhere uses a collection of AWS-supported tools to deploy clusters and manage their life cycles in on-premises environments.|
|What are EKS Anywhere’s benefits?||EKS Anywhere is useful for developing hybrid cloud setups, preparing for cloud migrations, or implementing tools to deploy and maintain on-premises clusters.|
|How do you scale EKS Anywhere nodes?||Control plane and worker node counts can be scaled by registering hardware to the cluster and either updating the cluster configuration manually or configuring the Cluster Autoscaler tool.|
|What is the support model and pricing?||EKS Anywhere is free to install, but obtaining ongoing developer support from AWS engineers involves a cost. Users pay for a support subscription on a per-cluster basis.|
|What are EKS Anywhere’s security considerations?||Security for EKS Anywhere deployments is primarily the user’s responsibility. AWS supports vulnerability patches for relevant software components, but following best practices and securing on-premises hardware requires user involvement.|
|How is EKS Anywhere deployed?||EKS Anywhere is deployed via the eksctl tool, which will leverage other software like ClusterAPI, EKS Distro, Flux, etc.|
|What are EKS Anywhere’s limitations?||EKS Anywhere will restrict the control plane configuration settings to match the cloud-managed EKS settings. Customizing these settings isn’t allowed for the Anywhere project or for cloud-managed EKS. Use cases requiring customized control plane settings aren’t supported by EKS Anywhere and will be better served by alternative projects, such as Kubeadm.|
EKS Anywhere includes several components that are designed to work together to orchestrate an end-to-end cluster deployment process. These components are mainly transparent to the user, who will primarily interface with EKS Anywhere using the eksctl tool:
While these are the key tools for managing an EKS Anywhere cluster lifecycle, there are other secondary tools curated by AWS that are designed to extend EKS Anywhere's functionality. These tools include MetalLB (a load balancer provisioner), Cluster Autoscaler (a node scaling tool), CertManager (a certificate manager for Kubernetes clusters), and many others. The tools are curated and tested by AWS, and they are deployable directly through the eksctl tool.
There are multiple use cases where users benefit from deploying EKS Anywhere clusters for on-premises environments:
The benefits of EKS Anywhere for on-premises Kubernetes users are significant and can provide a helpful bridge between on-premises and cloud environments. Users can test out EKS Anywhere for free to validate that it suits their requirements.
Note: EKS Anywhere does not allow mixing worker nodes or control planes between on-premises setups and the AWS cloud environment. All cluster resources must be deployed within the same environment.
Users have the ability to horizontally or vertically scale an EKS Anywhere cluster’s worker and control plane nodes. This can be done via either the eksctl command-line tool or the Cluster Autoscaler project. In either case, the cluster will need information about the available hardware to create the new nodes.
The cluster requires information such as the IP address, host name, gateway, and root filesystem device to correctly configure the hardware with an operating system and required software dependencies. This hardware information will need to be generated by the user and stored in a text file (hardware.csv). This file will be supplied to the EKS Anywhere cluster during either cluster creation or upgrade. The cluster will then have an awareness of what hardware is available in the on-premises environment for scaling operations.
Here’s an example of a hardware.csv file:
Hardware information can be supplied during cluster creation:
It can also be supplied during cluster upgrades:
The hardware information supplied to the cluster can be viewed with kubectl:
The above confirms that some hardware resources have been registered to the cluster. The cluster can then be scaled manually by updating the cluster’s configuration file:
We can then deploy the updated node count:
For vertical scaling, users will register more powerful hardware in the hardware.csv file and then run the upgrade command above. This will trigger EKS Anywhere to replace smaller nodes with larger nodes with more hardware capacity.
EKS Anywhere also supports dynamic scaling via the Cluster Autoscaler tool for bare metal hardware.
EKS Anywhere is an open-source project and can be deployed for free. However, users requiring ongoing support from AWS will need to acquire an AWS Enterprise Support subscription and an additional EKS Anywhere Support subscription.
The EKS Anywhere Support subscription enables users to request guidance on deployment and troubleshooting from AWS engineers. The subscription includes support related to all tools included with EKS Anywhere and integrations with curated packages.
The support subscription will be helpful to users running production-critical systems requiring immediate and direct access to vendor support. Users running EKS Anywhere for lower-priority workloads will be fine without the paid subscription. Since the EKS Anywhere components are all open-source, publicly available, and documented, many users can troubleshoot common problems without vendor support.
The cost of an EKS Anywhere Support subscription depends on how many clusters require support and for what duration. At the time this article was written, the baseline cost for one year of support for one EKS Anywhere cluster is $24,000; three-year contracts for one cluster will cost $54,000 ($18,000 per year). This pricing is in addition to the cost of AWS Enterprise Support, which is a requirement for enabling EKS Anywhere Support; AWS Enterprise Support starts at $15,000 per month.
Due to the significant costs associated with accessing EKS Anywhere Support, users will benefit from carefully evaluating whether their setups are mission-critical enough to justify the expenditures.
Maintaining the security of an EKS Anywhere cluster is a shared responsibility between the user and AWS. AWS provides assurances regarding patching vulnerabilities in the bundled software, but the user must regularly upgrade their clusters, secure RBAC configurations, restrict API endpoint access, and maintain the bare metal and virtual machine security posture. The user is responsible for all aspects of securing Kubernetes workloads in the EKS Anywhere cluster, the software dependencies, and the underlying compute hosts.
Users must carefully plan how to approach their security posture when deploying EKS Anywhere. The shared responsibility model is explained further in the EKS Anywhere FAQ.
Users can test EKS Anywhere on their local machines to gain an understanding of what components are involved and how they are deployed. This tutorial involves using eksctl to deploy a cluster on a local machine (such as a laptop).
1. Install the eksctl command-line tool and the eksctl-anywhere plugin.
2. Set a cluster name as an environment variable.
3. Generate a cluster configuration. The following command will output a YAML file with a default configuration for the EKS Anywhere cluster.
4. Now, let’s see the contents of the generated YAML file.
5. We can see the settings that will be applied when the cluster is created. Users may want to customize settings here, such as the Kubernetes cluster version, worker node count, and IP address ranges.
6. Once you are satisfied with the configuration, create the cluster.
7. The command-line output displays the actions executed for creating the cluster, installing tooling, and generating a Kubeconfig file.
8. The step above will generate a Kubeconfig file in the current working directory that contains credentials for connecting to the new Kubernetes cluster. Set an environment variable to ensure that Kubectl commands utilize this Kubeconfig file.
9. Now, verify access to the EKS Anywhere Kubernetes cluster by running a kubectl command. The output will show tools installed by EKS Anywhere for the cluster to function, such as CertManager, Cilium, and other controllers.
You can now proceed with deploying your Kubernetes applications to the new EKS Anywhere cluster.
While there are many benefits to deploying EKS Anywhere, some drawbacks also require consideration:
Users must carefully evaluate the limitations of EKS Anywhere to ensure that it fits the requirements of their on-premises workloads.
EKS Anywhere is a valuable software package for deploying EKS clusters to on-premises environments and managing them. It provides a simple interface for deploying, upgrading, and configuring clusters with similar settings as a managed cloud EKS cluster. This enables users to quickly set up hybrid cloud environments, test the viability of migrating Kubernetes workloads to AWS, or set up disaster recovery between on-premises and cloud-based resources.
Users will benefit from carefully evaluating the limitations of EKS Anywhere, assessing the pricing of support plans, and determining whether the out-of-the-box configuration meets the requirements of their Kubernetes workloads. With EKS Anywhere clusters being free to deploy, testing and use case validation is straightforward.
Overall, EKS Anywhere can be a helpful tool for users managing Kubernetes workloads in on-premises environments. Further information can be found here.
Subscribe to our LinkedIn Newsletter to receive more educational contentSubscribe now