
Amazon EKS – Highly available and scalable Kubernetes service - res0nat0r
https://aws.amazon.com/eks/
======
Rezo
I think almost everyone was expecting this, still, it's great to see it
happen.

Amazon truly listens to their customers and delivers what they want, even if
they have their own competing in-house solution as well. I do think that for
new projects, you'll see EKS being the more popular pick over ECS, which never
reached quite the same mind-share as Kubernetes.

~~~
corg890
They resisted vehemently for a long time, even when it was painfully obvious
it was wrong, and you’d just end up having these totally surreal conversations
with their ECS product manager that would make your head spin they made so
little sense. Glad that’s over.

~~~
zenlikethat
That’s cause it’d be way better for them if ECS “won”, but it didn’t, so they
adapted. Similar to how Docker now has had to add Kubernetes support after
being combative and dragging their feet for years.

~~~
corg890
It was just pride since google is their rival, didn’t make any sense
otherwise.

~~~
yebyen
I'm glad that I can run Kubernetes on AWS now (again), but I still can't run
ECS on my laptop... hello Amazon? Are you home?

~~~
zenlikethat
I thought that’s what Blox is for
[https://github.com/blox/blox/blob/dev/README.md](https://github.com/blox/blox/blob/dev/README.md)

~~~
yebyen
Does this just use a tool that runs on your laptop, to schedule and manage ECS
clusters on Amazon? That's really not what I was looking for... I was hoping
to prototype ECS-based solutions without spending money on cloud resources.

I have a laptop with 8GB+ RAM and a fast SSD, it doesn't have any trouble
running fairly complex constellations on Minikube and I could later rebuild
and/or install them on a production Kubernetes cluster, without any changes.

Can I do something like that with Blox, or is this another different way to
consume ECS and spend money on EC2 nodes to run containers?

Edit: I would be satisfied if you told me, I still need to consume some AWS
services like SNS and CloudWatch to use this toolkit, but that with Blox, I
don't actually need to run my containers on ECS unless I want to expose them
to the world.

I haven't found any tutorial or guide that indicates this is anything other
than a different scheduler for ECS.

------
alexdrans
If you had just convinced your CEO you need to hire a contractor to implement
k8s on EC2 for your startup, what would you do now?

~~~
arohner
Having done multiple K8s migrations, I can tell you that many of the problems
around migrating to k8s have little to do with actually setting up the
cluster. There's dockerizing all your apps, setting up the build->deploy
pipeline for each app, and fixing all the hardcoded hacks where your apps
aren't properly 12-factor (failing to take config from env vars, assuming you
"always" deploy to a specific cloud, etc).

The other main component of my time in a k8s engagement revolves around
logging, monitoring, alerting and backups of the k8s cluster, which hopefully
EKS handles for you.

All told, actually starting the k8s cluster is probably less than 10% of my
time.

~~~
nikon
> All told, actually starting k8s cluster is probably less than 10% of my
> time.

+1.

I've found myself (with Azure ACS) re-creating clusters quite often - as they
don't support upgrades. This takes minutes with my deploy scripts, replicating
the state of the cluster you're copying is the main bit of work.

------
meddlepal
Not surprising ever since AWS joined the CNCF. Glad this is happening... not
operating a Kubernetes cluster will be nice and integration with IAM is a nice
value add! Most excellent :)

~~~
kemitche
RBAC via IAM will be a huge selling point for this.

------
k__
Is there a reason why some of these services are called "AWS <servicename>"
and some "Amazon <servicename>"?

~~~
querulous
same reason there's like nine distinct api protocols the various aws services
use. teams just aren't coordinated at that level

~~~
k__
Is it better with GCP or Azure?

~~~
manigandham
Azure is about the same, better in some areas and with the new CLI but plenty
of confusing and badly named services.

GCP is the best at standardization, but also the slowest at releasing updates
and with the fewest services.

~~~
k__
I see.

Yes, I already saw a tutorial for WebSocket stuff which relies on AWS IoT,
whilw SNS sounded more fitting..

------
nikon
Happy with Kops but this is awesome. Especially if the controller is not
billed for (like Azure and now GCP).

------
puzzle
How does one set up the workers? None of the announcements, documentation or
FAQs explain how that's supposed to happen. It's pretty clear that Amazon
manages the masters (any of the latest three public versions), but it's not
clear what you'd do next: bring your own instances with kubelet and do TLS
bootstrapping or similar?

~~~
moondev
I would guess AMI + userdata to point to the master(s)

~~~
puzzle
So you're going to have to use a subset of possible distros/images. Then you
have to figure your node update strategy. These are the kind of details I
hoped they would discuss.

------
achanda358
What does this mean for Kops?
[https://github.com/kubernetes/kops](https://github.com/kubernetes/kops)

~~~
meddlepal
Some teams will want custom cluster deployments for whatever reasons but it
will probably lose a lot of traction now... which is fine. Kops is a big
expansive tool with a little too much surface area for my liking in a
infrastructure management tool.

I'll be interested to know if EKS will support custom CNI or if it will use
kubenet.

~~~
rbankston
They announced they were going to be using their open source cni plugin
[https://github.com/aws/amazon-vpc-cni-k8s/](https://github.com/aws/amazon-
vpc-cni-k8s/)

------
s0l1dsnak3123
Brilliant,

We're rolling out a k8s setup right now on AWS - having a managed k8s that we
can upgrade nicely would be amazing.

------
erikb
Ah okay, here it is. First I thought this other release of a container engine
would be it. Yeah that's "gg" for many cluster management providers.

------
chrisbolt
Announcement: [https://aws.amazon.com/blogs/aws/amazon-elastic-container-
se...](https://aws.amazon.com/blogs/aws/amazon-elastic-container-service-for-
kubernetes/)

------
mariojv
Does anyone know what the implementation(s) are for the Ingress resource?
Google uses their own custom implementation, I'm curious if Amazon's version
will be more portable. [0]

[0] [https://cloud.google.com/kubernetes-
engine/docs/tutorials/ht...](https://cloud.google.com/kubernetes-
engine/docs/tutorials/http-balancer#step_3_create_an_ingress_resource)

~~~
xur17
I'm assuming Amazon will also write their own custom implementation that
controls elbs.

~~~
SEJeff
Or something akin to this: [https://github.com/coreos/alb-ingress-
controller](https://github.com/coreos/alb-ingress-controller)

And the blog post with a full writeup:

[https://aws.amazon.com/blogs/apn/coreos-and-ticketmaster-
col...](https://aws.amazon.com/blogs/apn/coreos-and-ticketmaster-collaborate-
to-bring-aws-application-load-balancer-support-to-kubernetes/)

Or for the ELB stuff and not the ALBs:

[https://github.com/sky-uk/feed](https://github.com/sky-uk/feed)

------
brango
Thanks Amazon! Now I can finally drop GCP :-)

~~~
einfach
I'm curious about your reasons for wanting to drop GCP. I am having a grass-
is-greener-on-the-other-side moment right now being on AWS.

~~~
brango
Google's approach to auth is cumbersome and leaves a lot to be desired. Also,
there's nothing like cloudformation for configuring supporting services (their
equivalent is a pathetic joke).

The only thing I'd use GCP for today is bigquery. For everything else I'd
rather use AWS.

~~~
rifung
I work for Google.. Sorry to hear that your experience was poor but thanks for
the candid feedback!

Is the equivalent to CloudFormation on GCP supposed to be Deployment Manager?
Would you mind elaborating what could have been done better?

I work closely with them so I can at least relay the feedback. If it's easy
enough maybe I'll even get to help since I am interested in working on that
project =D

~~~
brango
Yes Deployment Manager. I can't remember now. I looked at it when I needed to
automate something and found that I couldn't do it. IIRC it seemed too limited
in its capabilities.

The GKE auth thing is so bad to the point we had to roll back from using
service accounts to using normal API keys because there was nowhere in stack
driver to add a service account key file. So the choice was either lose all
our endpoint monitoring or just switch to API keys. When I opened a support
ticket about this the support guy seemed incompetent. He literally couldn't
understand what I was saying despite repeating myself 3 times in a way I
struggled to make any clearer. It wasn't worth the hassle.

I'm running a gRPC/REST service on GKE with Endpoints and to add a new
credential I needed to add the key to the service.yml file and update the
endpoint. There's no way that scales. I can't wait to use AWS IAM for this
instead. We had to backtrack and give out API keys instead of having anything
better.

Follow this tutorial for what I was trying to do before going back to just
normal API keys:
[https://cloud.google.com/endpoints/docs/grpc/authenticating-...](https://cloud.google.com/endpoints/docs/grpc/authenticating-
users-grpc)

It's like GCP services weren't designed to work with each other. Just a
hodgepodge of services that are fine if you can run CLI commands, but as soon
as you want to get an ops team involved who want to do everything through a UI
you're screwed.

Oh, and I can't tell you how frustrating it is for the k8s alpha clusters to
just vanish on you. I'm a big boy. Let me decide when I want to kill an alpha
cluster because, you know, I might know better than whichever engineer put
that 30 day limit in.

Sorry for the rant, but as you can imagine I'm done with GCP and can't wait to
head back to AWS land.

~~~
rifung
> Sorry for the rant, but as you can imagine I'm done with GCP and can't wait
> to head back to AWS land.

Nonsense, the feedback is much appreciated! Thanks for taking the time!

------
devj
Any idea how Kubo or Cloud Foundry Container Runtime(CFCR) fare against
solutions like AKS, EKS, GKS, etc

------
iamdeedubs
Very excited to see this exit preview. I really hope this gets covered under
the BAA and available in a HIPAA context.

------
zegl
It's not surprising, but this is a _very_ welcome announcement!

------
mk89
Finally!!!

