Amazon Fargate for Amazon EKS

During my recent visit to AWS re:Invent 2019 conference in Las Vegas, I was fortunate enough to catch Andy Jassy’s keynote, where he announced an update to AWS container offering: Amazon Fargate for Amazon EKS.

Amongst other announcements, AWS now offer four container services:

1. Amazon ECS — Launched a preview of the service back in 2014. This was a AWS homegrown fully managed container orchestration service for Docker. It can natively integrate with other services such as Amazon Route 53, Secrets Manager, AWS Identity and Access Management (IAM), and Amazon CloudWatch.
2. Amazon EKS — Announced in 2018, this is Amazon’s managed Kubernetes offering. The service has tried to remain as close to vanilla Kubernetes as possible and offers a fully managed Kubernetes service providing a managed control plane. The service is deeply integrated with services such as Amazon CloudWatch, Auto Scaling Groups, AWS Identity and Access Management (IAM), and Amazon Virtual Private Cloud (VPC).
3. Amazon Fargate for ECS (Elastic Container Service) — A serverless container offering based on Amazon ECS technology. The advantage here is that there is no need to managed a cluster to run containers.
4. Amazon Fargate for EKS (Elastic Kubernetes Service) — announced at this year’s AWS re:Invent 2019 conference in Las Vegas, this is the latest addition to AWS container services offering. A serverless container orchestration service offering is based on EKS technology and Kubernetes.
   If you want to deploy Kubernetes pods without worrying about cluster management, then this may be a good choice since it provides a managed control plane and data plane so you can just focus on building containerised applications.

What is AWS Fargate?

AWS Fargate is best described as a serverless compute engine for containers. The service removes the need to provision and manage servers, and lets you specify and pay for resources per application. Its this feature that makes the service attractive to developers as it allows them to focus solely on application design — leaving the provisioning and management of servers to AWS.

It works with both ECS and EKS services and is the latest service allowing users to deploy Kubernetes pods onto Fargate without worrying about the management of clusters and servers.

How does Fargate EKS work?

EKS uses native tooling and APIs. Fargate provides a managed control plane and data plane which means you will not see the EC2 cluster nodes it uses to deploy your pod to. Your pods are deployed to an AWS-owned account against a fleet of VMs and then gets connected to your VPC via an ENI (Elastic Network Interface). The advantage here is there are no nodes to manage. The unit of charge is the pod itself. When you deploy a pod there is a 1:1 mapping, with one pod deployed to a single micro VM.

The diagram below shows how the container is exposed to you. User requests to run a container on Fargate which then will provision a VM within the AWS Fargate account which you have no visibility over. The service then connects the VM to your VPC within your AWS Account via ENI interface. Capacity planning and management is handled for you via the service — as is the management of the Kubernetes cluster. This is what makes the service attractive. Managing Kubernetes requires a certain amount of commitment to understanding the technology. Fargate removes that need and takes care of the management, scheduling, scaling, and patching of resources for you.

Fargate Flow

What Fargate EKS and Amazon EKS options offer developers is the opportunity to choose which type of control plane and data plane to deploy to:

• AWS Fargate EKS — serverless container data plane which runs your container on their managed infrastructure without the need for you to provision and maintain your own cluster.
• Amazon EKS — traditional container data plane with managed or unmanaged nodes. There is no visiblity of the EC2 of nodes when it comes to managing a contol plane. However there is more work with have to manage a Kubernetes cluster.

Developers and architects are offered the opportunity to deploy to both Fargate EKS and AWS EKS clusters or just Fargate EKS with this new service offering.

The diagram below shows the two different types of services with their respective data planes.

EKS data plane mixed mode options

With the introduction of Fargate EKS you now have ability to deploy to either AWS Fargate or Amazon EKS, or both. The key parameters to take note here are:

• Defining a Fargate profile — This allows Fargate to understand the AWS infrastructure and assign a scheduler i.e. EKS or Fargate.
• Associated Namespace — This ties back to the namespace defined within the pod.
• Labels (Optional parameters).

How does deployment work with Fargate EKS?

There is an introduction of a fargate-profile. This exists to give the Kubernetes pod definition file some context on AWS infrastructure and which orchestrator platform to deploy to.

The namespace helps the Fargate scheduler decide to deploy to a Fargate cluster running AWS account or AWS EKS cluster running in your own AWS account. The diagram below introduces some new and existing features to allow AWS to deploy to Fargate while still remaining true to the Kubernetes codebase. These include:

• Kubernetes Webhooks — piece of code that intercepts requests to the Kubernetes API server; in this case either mutating/vaildating requests or both.
• Custom Fargate Scheduler — AWS custom piece of code which schedules pod deployment to Fargate platform.
• Fargate profile — allows an administrator to declare which pods run on Fargate. This is done through profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels.

Simplified deployment flow

The diagram above shows a simplified deployment flow

1. User deploys a pod base on a specific namespace i.e. prod with the label stack: blue.
2. Using Kubernetes webhooks, the requests goes through a mutating / validating before forwarding to Amazon EKS.
   AWS EKS performs a check to see if there is a match for in coming request based on namespace and labels in this case. The webhooks determine whether there is a match, and if so, the matching Fargate profile is inserted into the pod request and forwarded to either Fargate Scheduler or Kubernetes for deployment.
3. The forwarded pod in this case, is sent to the Fargate scheduler to be scheduled for deployment on the Fargate platform.

Q. Do you need to update existing pod definitions in order to utilise Fargate EKS?

No, you just need to define a Fargate profile with a namespace that will match your pod definition and redeploy your pod.

Benefits of EKS for Fargate:

• Create proof of concepts for your applications quickly
• No need to determine placement of resources, scheduling, scaling and patching, i.e. managed Kubernetes worker nodes
• Don’t pay for unused capacity
• No longer need Kubernetes Cluster Autoscaler that automatically adjusts the number of nodes in your cluster when pods fail to launch. This can happen for a number of reason, two being a lack of resources, or when nodes in the cluster are underutilized and their pods can be rescheduled onto other nodes in the cluster.
• VM isolation at pod level
• Pod Level billing, on each line: namespace, cluster , account, region, service, pod ID
• Easy chargeback in multi-tenant scenarios

Limitations of EKS for Fargate:

With Amazon EKS on AWS Fargate, there are certain limitations you should be aware of.

• Resource limitation per pod: 4 vCPU and 30 Gb memory.
• No GPU pod configurations available.
• No support for stateful workloads that need persistent volumes or file systems. Everything you run with Fargate is ephemeral and only lives for the time the pod lives. It is recommended that you use DynamoDB or S3 for pod data storage.
• Fargate doesn’t provide a local storage space for containers to share.
• Only available option for load balancer currently is Application Load Balancer. Network Load Balancer support is coming soon.
• Classic Load Balancer will not work as there are no EC2 instances within your AWS Account with EKS For Fargate.
• You cannot run Daemonsets, Privileged pods, or pods that use HostNetwork or HostPort.

See ref[2, 8] for more information on current limitations of EKS for Fargate

In conclusion, the addition of EKS on Fargate from AWS extends the containerisation story on the AWS platform and offers companies a multitude of options, as well as a path to serverless using containers via Kubernetes platform. For instance when architecting your containerisation programme here are a breif setup of options:

• Build own Container Platform on EC2
• Use ECS to run containers
• Use EKS — Managed Kubernetes providing a managed Control Plane. Useful if you have your own Kubernetes on-premise cluster and still want some measure of control over the environment. Also mention ealier there are some limitations with AWS Fargate platform.
• Fargate ECS / EKS — As a serverless offering, this platform — if it fits your needs — will provide lower costs as you only pay for what you use. It also takes away the complexities of managing hosts and clusters including a Kubernetes cluster.

For more on this announcement, watch the 2019 re:Invent session recording on “Running Kubernetes applications on AWS Fargate” by Nathan Taber and Massimo Re Ferrè.

References

1. YouTube — AWS re:Invent 2019 — Keynote with Andy Jassy
2. YouTube — AWS re:Invent 2019: [NEW LAUNCH!] Running Kubernetes Applications on AWS Fargate (CON326-R1)
3. blog — AWS Fargate Through the Lens of Kubernetes, 13 Dec 2019, by Janakiram MSV
4. blog — How AWS Fargate Turned Amazon EKS into Serverless Container Platform, 16 Dec 2019, by Janakiram MSV
5. blog — Container orchestration in AWS: comparing ECS, Fargate and EKS, 21 Oct 21 2018, diogoaurelio
6. blog — What Is Amazon EKS On Fargate?, 27 Dec 2019, Nilesh Deo (Senior Technical Product Marketing Manager)
7. stackoverflow — Difference between control plane, data plane and management plane?
8. blog — Amazon EKS on AWS Fargate Now Generally Available, 3 Dec 2019, by Martin Beeby
9. doc — Amazon EKS User Guide > Fargate