The Pros and Cons of AWS EKS Anywhere
From security to hardware compatibility and costs, discover the Pros and cons of AWS EKS Anywhere with Control Plane.
Kubernetes is one of the key technologies powering the Cloud and making modern software delivery and deployment possible. However, it has many different parts and processes that require a high level of proficiency in K8s management to use effectively.
This complexity led 84% of companies to outsource the setup and maintenance of Kubernetes to managed Kubernetes services. But as managed cloud costs climb and corporate data centers collect dust, many businesses want to move some of their workloads and data closer to the edge with private clouds and on-prem Kubernetes clusters.
For those already employing AWS Elastic Kubernetes Service, one way to increase security, lower cloud costs, and use existing resources is a relatively new solution – AWS EKS Anywhere.
In this post, we’ll review the capabilities of AWS EKS Anywhere, its pros and cons, and the need for flexibility and scalability in hybrid and complex app containerization architectures.
The need for flexibility in private clouds
There’s no shortage of reasons to adopt private clouds and on-prem K8s cluster deployment, especially for businesses that already possess the resources to run it (such as owned hardware and data center connectivity). Among other perks, private clouds offer more control over sensitive data assets (necessary for compliance in highly regulated industries), better overall performance, and lower cloud computing costs than public clouds.
But it’s not all silver lining on-prem. Private cloud architectures are notoriously challenging to scale at the speed of CI/CD and provide only limited reliability and flexibility while adding a lot of management overhead for infrastructure engineers and DevOps teams.
Major cloud vendors offer their open-source version of a downloadable distribution to solve these challenges with maintaining, scaling, and securing on-prem Kubernetes clusters. With AWS, this solution is EKS Anywhere, and it aims to extend the administrative and operational tooling that powers the different flavors of Amazon EKS to your on-prem infrastructure, even if it is air-gapped (disconnected from the Internet).
How AWS EKS Anywhere works
Amazon launched EKS Anywhere in 2020, allowing anyone to create and operate their Kubernetes clusters on-premise. A user-managed product that runs on user-managed infrastructure, EKS Anywhere is open-source and free to use. It currently supports VMWare vSphere, bare metal, Snow, Nutanix, and Apache CloudStack as deployment targets.
To view your EKS Anywhere clusters in the Amazon EKS console, you can use the EKS Connector. You can also employ AWS IAM to authenticate your EKS Anywhere clusters, IAM Roles for Service Accounts (IRSA) to authenticate Pods with other AWS services, and AWS Distro for OpenTelemetry to send metrics to Amazon Managed Prometheus for monitoring cluster resources. Alternatively, you can run your Amazon EKS Anywhere clusters disconnected from the internet without direct integration with online AWS services.
There are several options for deploying Amazon EKS Anywhere, whether in virtualized or non-virtualized environments (bare metal). You can even run it locally on your machine for testing or debugging.
If you’re an avid AWS user, you can get support and extended features for EKS Anywhere by purchasing the EKS Anywhere Enterprise subscription. This subscription grants you access to EKS Anywhere Curated Packages and 24/7 expert support, which you may need if you’re not a Cluster API (CAPI) expert. Since EKS Anywhere is built on the Kubernetes sub-project Cluster API (CAPI), if you intend to employ EKS Anywhere, you need to have a firm grasp of the basics of CAPI.
The Benefits of AWS EKS Anywhere
Flexibility & Disconnected Mode
With AWS EKS Anywhere, you can use your on-premise infrastructure with all the levels of control that come with it. Using a familiar interface, you can administer control plane and data plane nodes where your workloads run, operating and orchestrating the complete Kubernetes cluster.
In addition, EKS Anywhere can run workloads in a “disconnected” mode, eliminating the need to communicate with the AWS data center. It also lets you validate workload compatibility with cloud-managed EKS in on-prem conditions.
The ability to run your clusters offline is not the only security benefit EKS Anywhere offers. With workloads running on private servers instead of the public cloud, you can isolate them better than standard cloud-managed EKS.
Businesses with hybrid cloud setups can continue to use the same unified resource configurations between the various infrastructures while protecting your data by keeping it on local EKS Anywhere clusters.
Data privacy laws like GDPR and CCPA may require organizations to keep their data private and run workloads away from public cloud infrastructure. AWS EKS Anywhere aims to help organizations maintain data sovereignty and lets them keep sensitive datasets on-prem to comply with data location legal requirements.
Reducing cloud bills is a top priority for most businesses. AWS ESK Anywhere is free, and Amazon doesn’t charge companies for using it. You don’t need to be an AWS subscriber to download and install it on your on-premise infrastructure. Unless you want support or access to curated packages, you won’t need to pay AWS a cent to run your workloads on your EKS Anywhere clusters.
Centralized Management & AWS Services
For businesses that deploy and manage Kubernetes workloads on the AWS public cloud with traditional cloud-based EKS, EKS Anywhere helps streamline management through one centralized platform – EKS – with the same built-in administrative tools. This saves infrastructure teams the hassle of learning and employing different tools for the organization’s private and public cloud assets.
In addition, even though the EKS cluster is deployed on your infrastructure, you can still enable integration with some AWS cloud services through the EKS Connector.
The Cons of AWS EKS Anywhere
While EKS Anywhere offers the option of freedom from cloud constraints, it’s not suitable for customer-facing production environments. One of the main challenges is the lack of native support for service discovery and load balancing. This demands you employ additional multi-cloud management tools to enable dynamic workload scaling, similar to traditional cloud-based AWK EKS clusters.
Another issue is how EKS Anywhere is preconfigured and how opinionated it is. Since the configuration of all components is synced with the cloud-based EKS control plane, it can limit users that require specialized setups with custom control place configurations. In this case, you will also need to adopt third-party tools to enable more granular control over configuration and cluster lifecycle management.
Security and maintenance overhead
One of the main advantages of cloud computing is the ability to offload much of the administrative and ongoing maintenance of the infrastructure to cloud vendors. With AWS EKS Anywhere, the ball is back in your court. As it was with classic on-prem servers, AWS EKS Anywhere makes you responsible for protecting your servers, clusters, nodes, and data from potential threats. You will also need to manage access controls, encryption, logging, auditing, and software updates and ensure high availability and low latency – all with minimal built-in tools.
Hardware compatibility and costs
The hardware and software you use in your EKS Anywhere setup must be compatible with EKS Anywhere. So, if you’re using virtualization software currently unsupported by AWS or old hardware, you must look elsewhere for self-hosted managed Kubernetes services. Alternatively, you must invest a relatively large sum of money in compatible on-prem infrastructure, including hardware and software licenses.
While the repo itself is free to download, the costs of EKS Anywhere Enterprise Subscriptions (that enable support and access to curated packages) are quite high. EKS Anywhere Enterprise Subscriptions currently cost $24,000 per cluster per year (or for three years at $18,000 per cluster per year). It’s also worth noting that a prerequisite to the EKS Anywhere Enterprise Subscription is subscribing to either AWS Enterprise Support or AWS Enterprise On-Ramp Support Plan.
One of the main challenges with AWK EKS Anywhere is that it’s AWS-centric. For businesses with multi-vendor cloud infrastructure architectures, this can be a roadblock. This is especially true if you buy into the Enterprise Subscription to get access to mission-critical components in the curated packages library.
The best of all clouds, anywhere you choose
To make your workloads fully portable and vendor-agnostic, you can employ Control Plane’s Universal Cloud Identity™. Control Plane enables you to leverage any combination of AWS, GCP, and Azure services no matter where your workloads run – even when workloads execute on off-cloud or on-premise infrastructure. With 99.999% reliability, hardened workload isolation, AI-powered cost optimization, and geo-optimization for minimal latency, Control Plane lets you make the best of all clouds and the most of your infrastructure with one dev-centric tool.
Sign up now and start streamlining your DevOps while cutting infrastructure costs.