As Kubernetes gains traction in the tech world, many companies leveraging AWS infrastructure are delving into Amazon EKS (Elastic Kubernetes Service) either to dip their toes or to dive in deep. Whether you’re diving headfirst into EKS, AWS’s managed Kubernetes cluster, or crafting your own Kubernetes setup on AWS, understanding the VPC and the networking requirements is essential.

For DevOps engineers and application developers, networking setups might not be your main focus, but understanding the basics can be incredibly helpful. In this article, I’ll give you a simple overview of AWS VPC and using it for Kubernetes on EKS. This won’t cover all the technical details, but it’s a friendly guide for anyone starting out with EKS or Kubernetes on AWS

If you’re eager to get started with EKS and begin deploying microservices, I invite you to explore my k8s course. You’ll learn creating VPC, K8S cluster, RDS database using Terraform and learn deploying micro-services with routing & loadbalancing user traffic using AWS LoadBalancer with Kubernetes.

VPC: Understanding the Basics

VPC, or Virtual Private Cloud, is a fundamental component of AWS that enables users to create a private section of cloud space within the larger public cloud environment. This private section is isolated from other users in the cloud and provides controls to manage access to and from the internet.

With VPC, users are allocated a specific range of IP addresses, allowing them to host a predetermined number of resources or compute instances (such as EC2 instances, Load Balancers etc.) within the confines of their VPC.

Moreover, VPC facilitates the creation of subnets, which are used to group resources and control access. Subnets enable users to designate which groups of resources can be publicly accessible via public IP addresses, which should be strictly internal with internet connectivity but no incoming connections (private subnets), and which are solely for internal communication (intra subnets). Users have the flexibility to create multiple subnets to suit their needs.

Additionally, VPC allows users to define auto-failover setups at both the VPC and subnet levels by distributing resources across two or more Availability Zones (AZs). In AWS, an AZ represents a distinct physical location within a region, and each AWS region typically consists of two or more AZs. For instance, if you choose “North Virginia” as the AWS region for your VPC, you would configure your setup to span at least two AZs within that region.

Kubernetes and Amazon EKS

Kubernetes, commonly known as K8S, is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications. It provides a rich set of features for managing containerized workloads, including automated rollouts, self-healing, and scaling based on resource usage.

In Kubernetes infrastructure, two critical components play pivotal roles: the control plane and the worker nodes. The control plane serves as the brain of the Kubernetes cluster, orchestrating and coordinating various tasks. Conversely, the worker nodes constitute the deployment environment for containerized applications. Managing the control plane is often a complex undertaking in Kubernetes deployments, requiring meticulous attention to detail. This is where Amazon EKS steps in to alleviate the burden, particularly for users operating within the AWS ecosystem.

Amazon EKS, also known as Elastic Kubernetes Service, is AWS’s managed solution for Kubernetes. It simplifies the deployment, management, and scaling of Kubernetes clusters on AWS. With EKS, users can focus on developing and innovating their applications without worrying about managing the complexities of Kubernetes clusters, mainly the Control Plane part. Additionally, EKS seamlessly integrates with various AWS services like Load Balancers, IAM, and CloudWatch, making it easier to manage security, monitor performance, and distribute traffic efficiently.

VPC for Kubernetes on Amazon EKS

When configuring a VPC for a Kubernetes cluster on Amazon EKS, it’s beneficial to establish three types of subnets, each serving distinct purposes: Private Subnets, Public Subnets and Intra Subnets.

Private Subnets

Private subnets primarily host the worker nodes or the compute instances running the actual application containers. Even applications requiring external access for end-users or customers typically operate within private subnets. In most scenarios, applications need to communicate beyond the VPC boundaries, whether for downloading resources or sending HTTP requests. Therefore, making private subnets the primary environment for worker nodes is often preferred. While exceptions may exist, this setup generally ensures smooth operation.

Public Subnets

Public subnets accommodate resources that necessitate internet access, enabling users from the internet to interact with them. For instance, a website accessible via a web browser typically resides in a public subnet. In the Kubernetes context, containers rarely serve as direct public-facing web servers. Instead, public-facing applications are typically served through Reverse Proxies and Load Balancers. These Load Balancers can be deployed in public subnets.

Utilizing AWS Load Balancer service in Kubernetes via Kubernetes Ingress Controller seamlessly integrates with Amazon EKS. Placing Load Balancers in public subnets enables end-users to access the externally facing Load Balancer’s IP or hostname. The Load Balancer then proxies requests to the target container applications running within the worker node space in private subnets.

Intra Subnets

The control plane, the heart of the Kubernetes cluster, is ideally housed within intra subnets. From a security standpoint and best practices perspective, restricting internet access to intra subnets is advisable. This setup ensures that the control plane remains isolated and secure, minimizing potential vulnerabilities.

Conclusion

To wrap up, if AWS is your go-to cloud provider and you’re considering Kubernetes, EKS is a solid choice to kickstart your journey. While there are pros and cons to using EKS versus managing your Kubernetes cluster, EKS typically offers a hassle-free experience. In this brief article, I’ve provided a high-level overview of VPC requirements for Kubernetes. For those eager to dive deeper, I recommend delving into VPC intricacies and exploring EKS further.

If you’re eager to get started with EKS and begin deploying microservices, I invite you to explore my course. In it, I cover essential VPC concepts and guide you through spinning up an EKS cluster using Terraform. We delve into deploying multiple microservices and explore advanced topics like using Ingress Controller with AWS ALB and managing Secret Configs. Dive in and embark on your Kubernetes journey: https://www.devteds.com/kubernetes-course-aws-eks-terraform