BT

Facilitating the spread of knowledge and innovation in professional software development

Contribute

Topics

Choose your language

InfoQ Homepage News ECS Anywhere and EKS Anywhere: Q&A with Deepak Singh of Amazon Web Services

ECS Anywhere and EKS Anywhere: Q&A with Deepak Singh of Amazon Web Services

This item in japanese

Bookmarks

AWS announced the GA of Amazon ECS Anywhere earlier this year followed by an announcement of GA of Amazon EKS Anywhere more recently. Existing InfoQ coverage, on ECS and EKS, provides more details regarding the respective announcements and explore how they are aimed primarily at simplifying on-premises containers orchestration.

InfoQ caught up with Deepak Singh, VP of compute services at Amazon Web Services and discussed the motivation, technical details, limitations, and the roadmap for ECS Anywhere and EKS Anywhere.

InfoQ: Can you comment on the motivation for EKS Anywhere and ECS Anywhere and how it addresses limitations with EKS and ECS respectively?

Deepak Singh: AWS is committed to providing the best tools and services to help customers run and manage their containerized applications, whether those workloads are running in the cloud or on premises. While the cloud is perfectly suited for many workloads, some customers told us they wanted to run workloads on premises because of data residency, latency, regulatory, or compliance considerations, or they wanted to take advantage of existing on-premises infrastructure investments. These customers also told us that they liked the solutions they were using on AWS and asked us to help them manage their on-premises and edge applications.

To meet the needs of those customers, we offer several different ways to run containerized applications on premises. If a customer wants to reduce the time, resources, operational risk, and maintenance downtime that comes with maintaining their own IT infrastructure, they can run both Amazon EKS and Amazon ECS on AWS Outposts in their own on-premises facility.

If a customer has already invested in their own IT infrastructure, but they want the same management and deployment mechanisms they have on AWS, they can choose between Amazon ECS Anywhere or Amazon EKS Anywhere. Amazon ECS Anywhere gives customers the ability to run Amazon ECS on any infrastructure using the same cloud-based, fully-managed, highly scalable container orchestration service and control plane they use in AWS today.

For customers invested in the Kubernetes ecosystem, we created Amazon EKS Anywhere, which allows customers to run Kubernetes in their own data centers and in the cloud using the same consistent Amazon EKS experience.

InfoQ: How critical is the EKS connector to both ECS Anywhere and EKS Anywhere?

Singh: Customers can operate their Amazon EKS Anywhere clusters with or without the Amazon EKS Connector, but it is a valuable tool for any company that wants greater visibility across all of their Kubernetes clusters running in the cloud or on-premises. From Amazon EKS Anywhere clusters to self-managed Kubernetes clusters running on Amazon EC2 or outside of AWS, customers can use the Amazon EKS Connector with any Kubernetes cluster and visualize it through the Amazon EKS Console. Once connected, customers can see their cluster's status, configuration, and workloads using a single dashboard.  

Amazon ECS Anywhere maintains a connection to an AWS region and shares the Amazon ECS control plane, so customers have visibility across all of their Amazon ECS Anywhere containers without needing a tool like the Amazon EKS Connector.

InfoQ: Can you go more in-depth into the inner workings of EKS Anywhere, ECS Anywhere and the EKS connector?

Singh: Amazon ECS Anywhere extends the reach of Amazon ECS to provide customers with a single management interface for all of their container-based applications, regardless of where they are running.

Customers can use Amazon ECS to manage and run containers on a wide range of different platforms, from bare metal servers to Raspberry Pi, by installing an Amazon ECS agent onto their system, which allow them to connect with the Amazon ECS control plane. The Amazon ECS control plane running in an AWS region handles the orchestration of containers, so customers get a completely managed solution that enables them to standardize container management across all of their infrastructure.

Because the control plane is running in an AWS region, Amazon ECS Anywhere is great for traditional on-premises container workloads or processing information on the edge where managing a control plane is not feasible or expensive.
Amazon EKS Anywhere is a new deployment option that helps customers create and operate Kubernetes clusters on their on-premises infrastructure. To operate Kubernetes on premises, customers need two things—a trusted Kubernetes distribution and management tooling to run Kubernetes at scale.

At re:Invent 2020, we launched Amazon EKS Distro, which is the distribution of open-source Kubernetes and its dependencies that we use to run Amazon EKS. By using Amazon EKS Distro, customers get a distribution that is compatible with the latest Kubernetes releases and its dependencies, tested for reliability and security by AWS. Amazon EKS Anywhere uses Amazon EKS Distro for its Kubernetes distribution, but it also provides management tooling that simplifies cluster creation, administration, and operations, and provides default configurations for the operating system and networking.

By using Amazon EKS Anywhere, customers have access to Kubernetes operational tooling that is consistent with Amazon EKS and significantly simplifies what it takes to run Kubernetes on premises. Amazon EKS Anywhere also reduces operational complexity when running Kubernetes on premises by allowing customers to leverage AWS for on-premises support, so customers can reduce their support costs and tap into our years of experience operating Kubernetes at scale.

The Amazon EKS Connecter is a software agent that runs on a Kubernetes cluster and allows customers to register those clusters with Amazon EKS. This allows customers to use the Amazon EKS Console to view all of their connected Kubernetes clusters and their underlying resources, regardless of where those clusters are running. The Amazon EKS Connector works with Amazon EKS Anywhere clusters, self-managed clusters running on Amazon EC2, and even clusters running outside of AWS.

InfoQ: What are the existing limitations of EKS Anywhere and ECS Anywhere? Specifically, how do observability, security, and other cross-cutting concerns with the hybrid offerings differ from AWS cloud-based services?

Singh: If a customer wanted to operate their own on-premises container orchestration software prior to the launch of Amazon ECS Anywhere and Amazon EKS Anywhere, they would need to manually install, operate, and manage the software themselves, which is tedious and time consuming. Additionally, they would need to assemble, test, and integrate multiple third-party and open-source tools and keep everything up-to-date with the latest security patches and updates, greatly increasing their operational overhead. This means customers had to allocate significant engineering time just to maintain these offerings rather than innovating on behalf of their end users.

Regardless of whether a customer is running their own on-premises container orchestration software, Amazon ECS Anywhere, or Amazon EKS Anywhere, they’re responsible for the physical security of their infrastructure because it is running on their premises. Outside of that consideration, Amazon ECS Anywhere and Amazon EKS Anywhere were designed to significantly simplify the process of running container orchestration software on premises.

With Amazon ECS Anywhere specifically, customers can leverage Amazon CloudWatch for their monitoring and observability needs. Additionally, the connection between Amazon ECS Anywhere and the AWS region is secure by default, so customers do not need to take additional steps to secure their on-premises deployment. Because Amazon EKS Anywhere runs a distribution of open-source Kubernetes, customers are able to use the same monitoring and observability tools they use today for their Amazon EKS Anywhere clusters, and we plan to add additional default configurations for monitoring and observability in the future.

In terms of security, we provide all the necessary mechanisms to upgrade Amazon EKS Anywhere clusters to ensure they’re up-to-date with the latest security patches, so customers just need to install the latest version on their on-premises infrastructure.

We also work with a wide range of AWS partners to further augment the capabilities of both offerings, including companies such as Armory, Aqua Security, CrowdStrike, Dynatrace, HashiCorp, Pulumi, and Weaveworks, among many others. We’ll continue to add even more partners as time goes on to provide customers with even greater choice.

InfoQ: Can you comment on the roadmap for ECS Anywhere, EKS Anywhere and any other major efforts underway vis-a-vis containers that developers and architects should pay special attention to?

Singh: Customers interested in learning about the latest updates coming to Amazon ECS Anywhere and Amazon EKS Anywhere, along with our other container services like AWS Fargate, should check out our containers roadmap GitHub repository. Ninety percent of our roadmap and features at AWS are a direct result of customer feedback, and we encourage customers to share their thoughts on the containers roadmap on GitHub and vote for the key features they want to see in the future.

For Amazon ECS Anywhere, some of the most requested features include support for load balancers, instance autoscaling, and the Windows OS. We also just recently added support for managing containerized GPU-base workloads, which was a highly requested feature for many Amazon ECS Anywhere customers. For Amazon EKS Anywhere, we will make it possible to run Amazon EKS Anywhere on bare metal next year, and we will continue to add new default configurations for various Kubernetes tooling, including local container registries, ingress, load balancers, and monitoring and observability tools.

The ECS FAQ and the EKS FAQ go into details and address some of the more nuanced questions.

Rate this Article

Adoption
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT