🔍 What is Amazon EKS?
EKS (Elastic Kubernetes Service) is a managed Kubernetes service by AWS. It handles:
Control plane management (API server, etcd)
High availability and scaling
Security with IAM integration
Integration with AWS services (ALB, IAM, VPC, CloudWatch, etc.)
You focus on deploying your workloads (apps), EKS manages the cluster internals.
🧱 Core Kubernetes Concepts You Use in EKS
1. Pod
🧩 The smallest unit of execution in Kubernetes — runs 1 or more containers.
Typically, a pod runs one container (like a microservice).
Containers in the same pod share:
Network (same IP)
Storage (volumes)
Pods are ephemeral (they can die and restart).
yaml
CopyEdit
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: app
image: nginx
2. Deployment
🚀 Defines how many replicas of a pod to run and how to update them.
Ensures your app is always up and running.
Supports rolling updates and rollback.
Managed by Kubernetes controller.
yaml
CopyEdit
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 3
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: app
image: myapp:latest
3. Service
🌐 Exposes your deployment to other services or users.
There are 3 main types:
Type | Use Case |
ClusterIP | Internal-only communication |
NodePort | Exposes on a static port across all nodes |
LoadBalancer | Creates AWS ELB for external access |
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: ClusterIP
selector:
app: myapp
ports:
- port: 80
targetPort: 8080
4. Ingress
🌐 HTTP Layer 7 routing (host/path-based) using a controller like ALB.
You need an Ingress Controller (like AWS ALB Ingress Controller)
Ingress allows multiple services behind one Load Balancer
Supports TLS, host/path routing, etc.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
spec:
ingressClassName: alb
rules:
- host: myapp.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-service
port:
number: 80
5. Namespace
🧪 Logical grouping of resources (like microservices, dev/stage/prod isolation).
Useful to isolate workloads
Can apply different RBAC or network policies
kubectl create namespace dev
kubectl get all -n dev
6. ConfigMap & Secret
🧠 Store configuration or credentials for your apps
ConfigMap: plain config data (e.g., URLs, ports)
Secret: sensitive data (e.g., passwords, tokens)
🚀 Real-World Workflow (EKS + Microservices)
You define Deployments → tells K8s what to run (container, replicas)
You expose them via Services → enables networking between them
Ingress is configured → for HTTP access through ALB
Use Helm Charts → to package everything together
Monitor with Prometheus/Grafana → for metrics and alerts
✅ Example for One Microservice in EKS
Component | Resource | What it does |
Application | Deployment | Defines app pods (e.g., 3 replicas) |
Networking | Service | Exposes the pod internally (ClusterIP) |
Routing | Ingress (ALB) | Routes HTTP traffic to the service |
Config | ConfigMap/Secret | Provides environment/config data |
Namespace | Namespace | Logical separation (e.g., dev, prod) |
🧠 Quick Recap in 1 Sentence Each
Term | Meaning |
Pod | Smallest unit that runs containers |
Deployment | Ensures desired pod state (replicas, version, etc.) |
Service | Internal/external access to pods via stable IP/port |
Ingress | Smart HTTP routing via ALB or NGINX |
Namespace | Divides the cluster logically |
ConfigMap/Secret | Externalize your config and secrets |
⚖️ Stateless vs. Stateful Applications in EKS
Type | Meaning | Examples |
Stateless | No data is stored between restarts; app can start anywhere | Web APIs, microservices, frontend apps |
Stateful | Application stores state/data, needs stable identity & storage | Databases, caches, message queues |
✅ Stateless Apps
These are your typical microservices.
Can run anywhere in the cluster
Can be scaled easily
Use Deployment
No need for persistent storage
yaml
CopyEdit
kind: Deployment
metadata:
name: web-api
spec:
replicas: 3
template:
spec:
containers:
- name: web-api
image: myapi:latest
✅ Stateful Apps (e.g., PostgreSQL, MongoDB)
Stateful apps require:
Stable network identity
Stable persistent storage
Careful pod replacement (order matters)
Use StatefulSet
Attach a PersistentVolumeClaim
🧱 StatefulSet Example (PostgreSQL)
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
spec:
serviceName: "postgres"
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:14
ports:
- containerPort: 5432
volumeMounts:
- name: pgdata
mountPath: /var/lib/postgresql/data
env:
- name: POSTGRES_PASSWORD
value: mysecretpassword
volumeClaimTemplates:
- metadata:
name: pgdata
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
🔁 How It Works in EKS
Component | Purpose |
StatefulSet | Guarantees identity & ordered startup |
PVC (PersistentVolumeClaim) | Claims storage from EBS automatically |
EBS (Elastic Block Store) | AWS-managed disk storage per pod |
EKS will automatically provision EBS volumes for your stateful pods if you have a StorageClass configured (often done by default).
🛠️ When to Use What
Use Case | Resource Type | Example |
Stateless app (API) | Deployment | Python/Node app |
Frontend (React, Angular) | Deployment + Ingress | SPA |
Relational database | StatefulSet + PVC | PostgreSQL |
NoSQL database | StatefulSet + PVC | MongoDB, Cassandra |
File storage | PVC + StatefulSet | MinIO, NFS |
🔐 Example of Stateful & Stateless Together
You might have:
3 microservices (stateless, via Deployment)
1 PostgreSQL DB (stateful, via StatefulSet)
ALB Ingress routing traffic to services
text
CopyEdit
┌──────────────┐
│ ALB │
└─────┬────────┘
▼
┌───────────────────┐
│ Ingress │
└─────┬────┬────┬───┘
▼ ▼ ▼
service-a service-b service-c
│ │ │
Pod A Pod B Pod C
│
▼
PostgreSQL (StatefulSet + PVC)
No comments:
Post a Comment