🏗️ High-Level EKS Architecture
EKS Cluster Architecture Overview
AWS MANAGED CONTROL PLANE
API Server
etcd
Scheduler
Controller Manager
⬇️ API Calls ⬇️
YOUR MANAGED DATA PLANE
Worker Node 1
kubelet + kube-proxy
Container Runtime
Pods
kubelet + kube-proxy
Container Runtime
Pods
Worker Node 2
kubelet + kube-proxy
Container Runtime
Pods
kubelet + kube-proxy
Container Runtime
Pods
Worker Node N
kubelet + kube-proxy
Container Runtime
Pods
kubelet + kube-proxy
Container Runtime
Pods
⚙️ Control Plane Components (AWS Managed)
🌐 API Server
Primary Role: Gateway for all cluster operations
- Exposes Kubernetes API
- Validates and processes API requests
- Authentication and authorization
- Communicates with etcd
- Serves kubectl commands
💾 etcd
Primary Role: Cluster state database
- Stores all cluster configuration
- Maintains desired state
- Distributed key-value store
- Backup and recovery point
- Highly available (multi-AZ)
📅 Scheduler
Primary Role: Pod placement decisions
- Assigns pods to nodes
- Considers resource requirements
- Evaluates constraints and affinity
- Balances cluster load
- Handles node failures
🎛️ Controller Manager
Primary Role: Maintains desired state
- Node Controller (node health)
- Replication Controller (pod replicas)
- Endpoints Controller (service endpoints)
- Service Account Controller
- Deployment Controller
🖥️ Data Plane Components (Your Worker Nodes)
🔧 kubelet
Primary Role: Node agent and pod lifecycle manager
- Communicates with API server
- Manages pod lifecycle
- Monitors pod health
- Reports node status
- Executes container operations
🌐 kube-proxy
Primary Role: Network proxy and load balancer
- Implements Service networking
- Load balances traffic to pods
- Manages iptables rules
- Handles service discovery
- Enables ClusterIP communication
📦 Container Runtime
Primary Role: Runs containers
- containerd (default in EKS)
- Pulls container images
- Creates and manages containers
- Handles container networking
- Manages container lifecycle
🔌 CNI Plugin
Primary Role: Pod networking
- AWS VPC CNI (default)
- Assigns VPC IPs to pods
- Creates network interfaces
- Handles pod-to-pod communication
- Integrates with AWS networking
EKS-Specific Components
Essential EKS Add-ons
AWS VPC CNI
- Native VPC networking for pods
- Each pod gets VPC IP address
- Integrates with security groups
- Supports network policies with Calico
CoreDNS
- Cluster DNS server
- Service discovery
- Internal name resolution
- Configurable DNS policies
AWS Load Balancer Controller
- Manages ALB and NLB
- Ingress controller functionality
- Service type LoadBalancer
- SSL termination and WAF integration
EBS CSI Driver
- Persistent volume management
- Dynamic provisioning
- Snapshot support
- Multiple volume types
AWS Fargate Integration
EKS Control Plane
(Managed by AWS)
(Managed by AWS)
CONNECTS TO
Fargate Profiles
• Namespace Selectors
• Pod Selectors
• Execution Role
• Subnet Configuration
• Namespace Selectors
• Pod Selectors
• Execution Role
• Subnet Configuration
RUNS ON
Fargate Task 1
Pod A
Pod A
Fargate Task 2
Pod B
Pod B
Fargate Task 3
Pod C
Pod C
Fargate Benefits:
- Serverless container execution
- No node management required
- Automatic scaling and patching
- Pay per pod resource usage
- Isolated compute environments
Managed Node Groups
Managed Node Groups
- Automated node provisioning
- Auto Scaling Group integration
- Automated updates and patching
- Multiple instance types support
- Spot instance integration
Self-Managed Nodes
- Full control over node configuration
- Custom AMIs and bootstrap scripts
- Advanced networking setups
- Specialized instance types
- Custom security configurations
Key AWS Service Integrations
EKS Integration Ecosystem
SECURITY
- IAM Roles & Policies
- Security Groups
- KMS Encryption
- Secrets Manager
NETWORKING
- VPC & Subnets
- Load Balancers (ALB/NLB)
- Route53 DNS
- CloudFront CDN
STORAGE
- EBS Volumes
- EFS File Systems
- S3 Object Storage
- ECR Container Registry
OBSERVABILITY
- CloudWatch Metrics & Logs
- X-Ray Tracing
- CloudTrail Audit
- VPC Flow Logs