Amazon has released Amazon Elastic Kubernetes Service (EKS) Anywhere on Snow. This release automates the creation and management of EKS clusters on AWS Snowball Edge devices. These devices are able to run with or without an internet connection.
With this release, a newly ordered AWS Snowball Edge device can come pre-installed with Amazon EKS Anywhere. Amazon EKS Anywhere is an open-source deployment option for Amazon EKS that enables running Kubernetes clusters on-premises.
The eksctl anywhere
CLI can be used to create an EKS Anywhere cluster onto a single AWS Snowball Edge device or across multiple devices. In a multi-device setup, the control plane and data plane nodes can be spread across up to three devices.
For devices running disconnected from the internet, a local Harbor registry can be hosted on an Amazon EC2 instance deployed on the AWS Snowball Edge device. Harbor is an open-source registry and uses policies and role-based access control to secure artifacts. It is also possible to either connect to a local container registry or if internet connectivity is available, use Amazon Elastic Container Registry (ECR).
An Amazon EKS Anywhere Administrative (EKS-A Admin) instance on the Snowball Edge device is used to run the cluster creation workflow. A kind bootstrap cluster running inside of a Docker container uses the cluster configuration file to instantiate the Amazon EKS Anywhere cluster.
The cluster configuration file can be bootstrapped by creating a template manifest from the EKS-A Admin instance:
export CLUSTER_NAME=snow-cluster
eksctl anywhere generate clusterconfig $CLUSTER_NAME --provider snow > eksa-cluster.yaml
Note that the above command will produce a cluster configured for a stacked etcd topology where are components are on the same instance. For a high availability, dedicated instance configuration, a static IP range using the SnowIPPool
object should be defined.
Once credentials and certificates are created and stored, eksctl anywhere can be used to create the Amazon EKS Anywhere cluster using the configuration file as input:
eksctl anywhere create cluster \
-f eksa-cluster.yaml \
--bundles-override /usr/lib/eks-a/manifests/bundle-release.yaml
Both Cilium and kube-vip are also available. Cilium is open-source software that enables securing and observing network connectivity between container workloads. It is used on EKS Anywhere to allow pod-to-pod communication without network address translation (NAT). kube-vip provides Kubernetes clusters with virtual IPs and load balancing. EKS Anywhere is leveraging it as a control plane load balancer.
Before ordering the AWS Snowball Edge device, some pre-requisite steps must be completed. This includes building an Amazon EKS Distro AMI based on the Ubuntu 20.04 LTS - Focal subscription from AWS Marketplace. This AMI is used for both the control plane and the data plane. These AMIs will come pre-installed on the AWS Snowball Edge device.
AWS Partners are able to validate their solutions for conformance using the Amazon EKS Anywhere Conformance and Validation Framework. At the time of writing several partners are validated including HashiCorp, Dynatrace, Kubecost, and Sysdig.
Amazon EKS Anywhere on Snow is now in general availability. In addition to the pricing model for AWS Snowball, an additional Amazon EKS Anywhere Enterprise Subscription is required to get support for Amazon EKS Anywhere clusters.