Ultimate EKS Bootcamp - Introduction Module

Building Your EKS Foundation

Slide 1: Welcome to the Ultimate EKS Bootcamp

Master Amazon EKS from Zero to Production

• Today's Mission:

  • Understand what EKS is and why it matters

  • Learn EKS architecture and core components

  • Explore deployment options and networking

  • Discover real-world use cases and success stories

Slide 2: What is Amazon EKS?

The Managed Kubernetes Solution

Think of EKS as "Kubernetes with Training Wheels":

• Native Kubernetes: Like building a car from scratch

• Amazon EKS: Like buying a Tesla - fully featured, maintained, and optimized

Key Definition:

• Fully managed Kubernetes service that runs on AWS

• AWS handles the heavy lifting - control plane, updates, security patches

• You focus on applications - not infrastructure management

The Magic Formula:

EKS = Kubernetes + AWS Integration + Operational Excellence

Slide 3: EKS vs Native Kubernetes

Why Choose Managed Over Self-Built?

Aspect Native Kubernetes Amazon EKS Control Plane You install, manage, upgrade AWS manages completely High Availability You design multi-master setup Built-in across 3 AZs Security Patches Your responsibility AWS handles automatically Upgrades Manual, risky process One-click upgrades Backup/Recovery You implement etcd backups AWS handles it Cost Hidden operational costs Transparent pricing Time to Production Weeks to months Hours to days

Analogy: Native K8s is like maintaining your own data center, EKS is like using AWS - same power, less hassle!

Slide 4: EKS Architecture - The Big Picture

Understanding the Two-Tier System

┌─────────────────────────────────────────────────────────────┐ │ AWS MANAGED │ │ ┌─────────────────────────────────────────────────────┐ │ │ │ EKS Control Plane │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ │ │ AZ-1 │ │ AZ-2 │ │ AZ-3 │ │ │ │ │ │ API Server │ │ API Server │ │ API Server │ │ │ │ │ │ Scheduler │ │ Scheduler │ │ Scheduler │ │ │ │ │ │ Controller │ │ Controller │ │ Controller │ │ │ │ │ │ etcd │ │ etcd │ │ etcd │ │ │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ └─────────────────────────────────────────────────────┘ │ └─────────────────────────────────────────────────────────────┘ ▲ │ kubectl, APIs ▼ ┌─────────────────────────────────────────────────────────────┐ │ YOUR VPC │ │ ┌─────────────────────────────────────────────────────┐ │ │ │ Data Plane │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ │ │ Node │ │ Node │ │ Fargate │ │ │ │ │ │ Group │ │ Group │ │ Pods │ │ │ │ │ │ (EC2) │ │ (EC2) │ │(Serverless) │ │ │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ └─────────────────────────────────────────────────────┘ │ └─────────────────────────────────────────────────────────────┘

Key Insight: AWS manages the "brain" (control plane), you control the "muscles" (data plane)

Slide 5: EKS Control Plane Deep Dive

What AWS Manages for You

The Control Plane is like a Restaurant Kitchen:

• API Server: The head chef taking orders

• Scheduler: The sous chef assigning dishes to stations

• Controller Manager: The kitchen manager ensuring everything runs smoothly

• etcd: The recipe book storing all information

AWS Magic:

• Multi-AZ by default - If one kitchen fails, others continue

• Automatic updates - Latest recipes without downtime

• Security hardening - Enterprise-grade protection

• Backup and recovery - Never lose your recipes

You pay: $0.10/hour per cluster (~$72/month) - that's it!

Slide 6: Data Plane Options - Where Your Apps Live

Three Ways to Run Your Workloads

Option 1: Managed Node Groups

┌─────────────────────────────────────┐ │ Auto Scaling Group │ │ ┌─────────┐ ┌─────────┐ ┌─────────┐│ │ │ EC2 │ │ EC2 │ │ EC2 ││ │ │ Instance│ │ Instance│ │ Instance││ │ │ Pod │ │ Pod │ │ Pod ││ │ │ Pod │ │ Pod │ │ Pod ││ │ └─────────┘ └─────────┘ └─────────┘│ └─────────────────────────────────────┘

Best for: Most workloads, cost-effective, full control

Option 2: Self-Managed Nodes

• Complete control over EC2 instances

• Custom AMIs and configurations

• More responsibility for updates and patching

Option 3: AWS Fargate

┌─────────────────────────────────────┐ │ Serverless │ │ ┌─────────┐ ┌─────────┐ ┌─────────┐│ │ │ Pod │ │ Pod │ │ Pod ││ │ │ (Right │ │ (Right │ │ (Right ││ │ │ Size) │ │ Size) │ │ Size) ││ │ └─────────┘ └─────────┘ └─────────┘│ └─────────────────────────────────────┘

Best for: Variable workloads, no server management

Slide 7: Node Groups vs Fargate - The Decision Matrix

When to Use What?

Use Case Managed Node Groups AWS Fargate Steady workloads ✅ Cost-effective ❌ More expensive Variable workloads ❌ Always running ✅ Pay per use Custom requirements ✅ Full control ❌ Limited options Operational overhead ⚠️ Some management ✅ Zero management Startup time ✅ Fast ⚠️ Slower cold start Debugging ✅ SSH access ❌ No node access

Pro Tip: Start with managed node groups, add Fargate for specific use cases!

Real-world example: Use node groups for web servers, Fargate for batch jobs

Slide 8: EKS Networking - The Connectivity Story

How Everything Talks to Everything

VPC Native Networking

┌─────────────────────────────────────────────────────────────┐ │ VPC │ │ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────┐ │ │ │ Subnet A │ │ Subnet B │ │ Subnet C │ │ │ │ (AZ-1) │ │ (AZ-2) │ │ (AZ-3) │ │ │ │ ┌─────────────┐ │ │ ┌─────────────┐ │ │┌─────────────┐│ │ │ │ │Pod: 10.0.1.5│ │ │ │Pod:10.0.2.10│ │ ││Pod:10.0.3.15││ │ │ │ │Pod: 10.0.1.6│ │ │ │Pod:10.0.2.11│ │ ││Pod:10.0.3.16││ │ │ │ └─────────────┘ │ │ └─────────────┘ │ │└─────────────┘│ │ │ └─────────────────┘ └─────────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Key Concepts:

• Each pod gets a real VPC IP - no NAT needed!

• AWS VPC CNI - Native AWS networking

• Security Groups apply to pods directly

• Network ACLs provide subnet-level security

Coming in Labs: We'll configure ALB ingress and EBS storage networking

Slide 9: EKS Setup Options - Choose Your Adventure

Multiple Paths to Success

1. eksctl - The Easy Button

# One command to rule them all eksctl create cluster --name my-cluster --region us-west-2

Best for: Quick start, learning, development

2. AWS CLI + kubectl - The Manual Way

# Step by step control aws eks create-cluster --name my-cluster... aws eks create-nodegroup --cluster-name my-cluster...

Best for: Understanding internals, custom configurations

3. Terraform - The Infrastructure as Code Way

resource "aws_eks_cluster" "main" { name = "my-cluster" role_arn = aws_iam_role.cluster.arn # ... more configuration }

Best for: Production environments, repeatable deployments

4. AWS CDK - The Developer-Friendly Way

new eks.Cluster(this, 'MyCluster', { version: eks.KubernetesVersion.V1_27, });

In Our Labs: We'll start with eksctl, then explore AWS CLI methods

Slide 10: EKS Add-ons - Supercharging Your Cluster

The Plugin Ecosystem

Core Add-ons (Essential)

┌─────────────────────────────────────────────────────────────┐ │ EKS Cluster │ │ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────┐ │ │ │ AWS Load │ │ Amazon EBS │ │ CoreDNS │ │ │ │ Balancer │ │ CSI Driver │ │ (DNS) │ │ │ │ Controller │ │ (Storage) │ │ │ │ │ └─────────────────┘ └─────────────────┘ └─────────────┘ │ │ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────┐ │ │ │ VPC CNI │ │ kube-proxy │ │ Amazon │ │ │ │ (Networking) │ │ (Networking) │ │ GuardDuty │ │ │ │ │ │ │ │ (Security) │ │ │ └─────────────────┘ └─────────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Popular Third-Party Add-ons

• Monitoring: Prometheus, Grafana, Loki

• Security: Falco, Twistlock

• Networking: Istio, Linkerd

• Storage: EFS CSI, FSx CSI

In Our Labs: We'll install and configure ALB Controller, EBS CSI Driver, and monitoring stack

Slide 11: Real-World EKS Success Stories

Who's Using EKS and Why

? Spotify

• Challenge: Scale music streaming for 500M+ users

• Solution: EKS for microservices architecture

• Result: 40% reduction in infrastructure costs

? Netflix

• Challenge: Global content delivery platform

• Solution: EKS for data processing and ML pipelines

• Result: Faster feature deployment, better reliability

? Snapchat

• Challenge: Handle billions of daily messages

• Solution: EKS with Fargate for variable workloads

• Result: 60% cost savings on compute resources

? Capital One

• Challenge: Modernize banking infrastructure

• Solution: EKS for cloud-native transformation

• Result: Faster innovation, improved security

? Shopify

• Challenge: Handle Black Friday traffic spikes

• Solution: EKS with cluster autoscaling

• Result: Seamless scaling from 1K to 100K+ requests/sec

Slide 12: EKS in Your Architecture

Common Patterns and Use Cases

Pattern 1: Microservices Architecture

┌─────────────────────────────────────────────────────────────┐ │ Application Layer │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ User │ │ Product │ │ Order │ │ │ │ Service │ │ Service │ │ Service │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ User │ │ Product │ │ Order │ │ │ │ Database │ │ Database │ │ Database │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Pattern 2: Data Processing Pipeline

Data Ingestion → EKS Processing → Analytics → Visualization ↓ ↓ ↓ ↓ Kinesis → Spark Jobs → S3 → QuickSight

Pattern 3: CI/CD Platform

Code Push → Build (EKS) → Test (EKS) → Deploy (EKS) → Monitor

Slide 13: EKS Networking Deep Dive

Understanding the Network Flow

Pod-to-Pod Communication

┌─────────────────────────────────────────────────────────────┐ │ Same Node │ │ ┌─────────────┐ ┌─────────────┐ │ │ │ Pod A │ ────────→ │ Pod B │ │ │ │ 10.0.1.100 │ │ 10.0.1.101 │ │ │ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘ ┌─────────────────────────────────────────────────────────────┐ │ Different Nodes │ │ ┌─────────────┐ ┌─────────────┐ │ │ │ Pod A │ ────────→ │ Pod C │ │ │ │ 10.0.1.100 │ VPC │ 10.0.2.100 │ │ │ │ Node 1 │ Routing │ Node 2 │ │ │ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Service Types We'll Use

• ClusterIP: Internal communication only

• NodePort: Access via node IP and port

• LoadBalancer: AWS ELB integration

• Ingress: HTTP/HTTPS routing (ALB)

Lab Preview: We'll configure ALB ingress for our microservices app

Slide 14: Storage in EKS - Persistent Data Solutions

Where Your Data Lives

Storage Options

┌─────────────────────────────────────────────────────────────┐ │ EKS Storage │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ EBS │ │ EFS │ │ FSx │ │ │ │ (Block │ │ (Network │ │ (High │ │ │ │ Storage) │ │ File) │ │ Performance)│ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Databases │ │ Shared │ │ HPC │ │ │ │ StatefulSets│ │ Storage │ │ Workloads │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Container Storage Interface (CSI)

• EBS CSI Driver - Block storage for databases

• EFS CSI Driver - Shared file storage

• FSx CSI Driver - High-performance workloads

In Our Labs: We'll configure EBS storage for a database and set up persistent volumes

Slide 15: Security in EKS - Defense in Depth

Multiple Layers of Protection

Identity and Access Management

┌─────────────────────────────────────────────────────────────┐ │ Security Layers │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ IAM │ │ RBAC │ │ IRSA │ │ │ │ (AWS │ │ (Kubernetes │ │ (Pod-level │ │ │ │ Level) │ │ Level) │ │ AWS) │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Cluster │ │ Namespace │ │ Pod │ │ │ │ Access │ │ Access │ │ Access │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Network Security

• Security Groups - Instance-level firewall

• Network ACLs - Subnet-level firewall

• Network Policies - Pod-to-pod communication rules

Lab Highlight: We'll implement IRSA to give pods secure access to S3 buckets

Slide 16: Autoscaling in EKS - Scale with Demand

Three Dimensions of Scaling

Horizontal Pod Autoscaler (HPA)

Low Traffic: [Pod] [Pod] High Traffic: [Pod] [Pod] [Pod] [Pod] [Pod]

Vertical Pod Autoscaler (VPA)

Low Load: [Pod: 1 CPU, 1GB RAM] High Load: [Pod: 2 CPU, 4GB RAM]

Cluster Autoscaler

Light Usage: [Node] [Node] Heavy Usage: [Node] [Node] [Node] [Node]

Advanced Topics Coming:

• KEDA - Event-driven autoscaling

• Karpenter - Next-gen node provisioning

In Our Labs: We'll configure all three autoscaling methods with real workloads

Slide 17: Monitoring and Observability

See Everything, Understand Everything

The Three Pillars

┌─────────────────────────────────────────────────────────────┐ │ Observability │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Metrics │ │ Logs │ │ Traces │ │ │ │ (Prometheus)│ │ (Loki) │ │ (Jaeger) │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Grafana │ │ CloudWatch │ │ X-Ray │ │ │ │(Dashboards) │ │ (AWS Native)│ │(AWS Tracing)│ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Monitoring Stack Options

• AWS Native: CloudWatch + Container Insights

• Open Source: Prometheus + Grafana + Loki

• Hybrid: Best of both worlds

Lab Preview: We'll set up comprehensive monitoring with both approaches

Slide 12: EKS in Your Architecture

Common Patterns and Use Cases

Pattern 1: Microservices Architecture

┌─────────────────────────────────────────────────────────────┐ │ Application Layer │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ User │ │ Product │ │ Order │ │ │ │ Service │ │ Service │ │ Service │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ User │ │ Product │ │ Order │ │ │ │ Database │ │ Database │ │ Database │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Pattern 2: Data Processing Pipeline

Data Ingestion → EKS Processing → Analytics → Visualization ↓ ↓ ↓ ↓ Kinesis → Spark Jobs → S3 → QuickSight

Pattern 3: CI/CD Platform

Code Push → Build (EKS) → Test (EKS) → Deploy (EKS) → Monitor

Slide 13: EKS Networking Deep Dive

Understanding the Network Flow

Pod-to-Pod Communication

┌─────────────────────────────────────────────────────────────┐ │ Same Node │ │ ┌─────────────┐ ┌─────────────┐ │ │ │ Pod A │ ────────→ │ Pod B │ │ │ │ 10.0.1.100 │ │ 10.0.1.101 │ │ │ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘ ┌─────────────────────────────────────────────────────────────┐ │ Different Nodes │ │ ┌─────────────┐ ┌─────────────┐ │ │ │ Pod A │ ────────→ │ Pod C │ │ │ │ 10.0.1.100 │ VPC │ 10.0.2.100 │ │ │ │ Node 1 │ Routing │ Node 2 │ │ │ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Service Types We'll Use

• ClusterIP: Internal communication only

• NodePort: Access via node IP and port

• LoadBalancer: AWS ELB integration

• Ingress: HTTP/HTTPS routing (ALB)

Lab Preview: We'll configure ALB ingress for our microservices app

Slide 14: Storage in EKS - Persistent Data Solutions

Where Your Data Lives

Storage Options

┌─────────────────────────────────────────────────────────────┐ │ EKS Storage │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ EBS │ │ EFS │ │ FSx │ │ │ │ (Block │ │ (Network │ │ (High │ │ │ │ Storage) │ │ File) │ │ Performance)│ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Databases │ │ Shared │ │ HPC │ │ │ │ StatefulSets│ │ Storage │ │ Workloads │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Container Storage Interface (CSI)

• EBS CSI Driver - Block storage for databases

• EFS CSI Driver - Shared file storage

• FSx CSI Driver - High-performance workloads

In Our Labs: We'll configure EBS storage for a database and set up persistent volumes

Slide 15: Security in EKS - Defense in Depth

Multiple Layers of Protection

Identity and Access Management

┌─────────────────────────────────────────────────────────────┐ │ Security Layers │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ IAM │ │ RBAC │ │ IRSA │ │ │ │ (AWS │ │ (Kubernetes │ │ (Pod-level │ │ │ │ Level) │ │ Level) │ │ AWS) │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Cluster │ │ Namespace │ │ Pod │ │ │ │ Access │ │ Access │ │ Access │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Network Security

• Security Groups - Instance-level firewall

• Network ACLs - Subnet-level firewall

• Network Policies - Pod-to-pod communication rules

Lab Highlight: We'll implement IRSA to give pods secure access to S3 buckets

Slide 16: Autoscaling in EKS - Scale with Demand

Three Dimensions of Scaling

Horizontal Pod Autoscaler (HPA)

Low Traffic: [Pod] [Pod] High Traffic: [Pod] [Pod] [Pod] [Pod] [Pod]

Vertical Pod Autoscaler (VPA)

Low Load: [Pod: 1 CPU, 1GB RAM] High Load: [Pod: 2 CPU, 4GB RAM]

Cluster Autoscaler

Light Usage: [Node] [Node] Heavy Usage: [Node] [Node] [Node] [Node]

Advanced Topics Coming:

• KEDA - Event-driven autoscaling

• Karpenter - Next-gen node provisioning

In Our Labs: We'll configure all three autoscaling methods with real workloads

Slide 17: Monitoring and Observability

See Everything, Understand Everything

The Three Pillars

┌─────────────────────────────────────────────────────────────┐ │ Observability │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Metrics │ │ Logs │ │ Traces │ │ │ │ (Prometheus)│ │ (Loki) │ │ (Jaeger) │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Grafana │ │ CloudWatch │ │ X-Ray │ │ │ │(Dashboards) │ │ (AWS Native)│ │(AWS Tracing)│ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────┘

Monitoring Stack Options

• AWS Native: CloudWatch + Container Insights

• Open Source: Prometheus + Grafana + Loki

• Hybrid: Best of both worlds

Lab Preview: We'll set up comprehensive monitoring with both approaches

Slide 22: Additional Resources

Continue Your Learning

Official Documentation

• AWS EKS User Guide: https://docs.aws.amazon.com/eks/

• Kubernetes Documentation: https://kubernetes.io/docs/

• eksctl Documentation: https://eksctl.io/

Recommended Reading

• "Kubernetes in Action" by Marko Lukša

• "AWS Certified Solutions Architect" by Neil Davis

• AWS Well-Architected Framework: Container workloads

Community Resources

• AWS EKS GitHub: https://github.com/aws/amazon-eks-pod-identity-webhook

• Kubernetes Slack: #eks-users channel

• AWS re:Invent Sessions: EKS-focused talks

Practice Environments

• AWS Free Tier: Limited EKS usage

• Kubernetes Playground: https://labs.play-with-k8s.com/

• Local Development: minikube, kind, k3s