EKS – AWS Technologies Blog

Sure! Here’s the EKS Control Plane vs. Data Plane comparison without the icons:

EKS: Control Plane vs. Data Plane

This is the “brain” of your Kubernetes cluster. In EKS:

This is where your actual workloads (pods and containers) run.

You have three options:

Feature	Control Plane (AWS-managed)	Data Plane (You manage)
Responsibility	AWS	You (fully or partially)
Components	API server, etcd, schedulers	EC2 worker nodes or Fargate
Visibility	No access	Full access to worker nodes (except Fargate)
High Availability	Built-in (multi-AZ)	You configure
Updates	AWS handles	You manage or automate
Billing	$0.10/hr per cluster	Based on EC2 or Fargate usage

Absolutely — here’s a clean breakdown of EKS configuration modes without any icons or emojis:

These define how you provision and manage the infrastructure for the Kubernetes cluster.

Managed Node Groups: EKS provisions and manages the EC2 instances. Easier to use, supports auto-scaling, and integrates with updates.
Self-Managed Nodes: You manage EC2 instances yourself. Offers more customization, but with more operational overhead.
Fargate: Serverless compute for running pods. No need to manage EC2 instances. Ideal for lightweight or burst workloads.

IAM Authentication: Uses AWS IAM to authenticate users and services to the Kubernetes API.
RBAC (Role-Based Access Control): Native Kubernetes authorization system used for fine-grained access control.
aws-auth ConfigMap: Maps IAM users/roles to Kubernetes RBAC.
IAM Roles for Service Accounts (IRSA): Associates IAM roles with Kubernetes service accounts to provide fine-grained permissions to pods.

VPC CNI Plugin: Each pod gets an IP address from the VPC, allowing seamless communication across AWS services.
Custom Networking: Allows assignment of pods to specific subnets and security groups, improving isolation or multi-tenancy.
Network Policies: Kubernetes-native way to control traffic flow between pods. Requires a compatible CNI plugin such as Calico.

kubectl: Direct command-line tool to deploy and manage workloads.
Helm: Package manager for Kubernetes, used for templated deployments.
GitOps Tools: Tools like ArgoCD or Flux for managing Kubernetes manifests through version control.
Infrastructure-as-Code: Tools like eksctl, Terraform, or AWS CloudFormation for declarative cluster and resource management.

Amazon EBS: Block storage for stateful workloads; persistent volumes attached to pods.
Amazon EFS: Shared file storage for multiple pods or across Availability Zones.
Amazon FSx: High-performance or Windows file systems for specific workloads.

Even though AWS manages the control plane, you can configure:

Endpoint Access: Public, private, or both, with CIDR-based access control.
Logging: Enable logging for API, audit, scheduler, etc., to CloudWatch.
Kubernetes Version: Select version during creation and upgrade when needed.
Add-ons: Managed Kubernetes components like CoreDNS, kube-proxy, and VPC CNI can be updated and managed via the EKS console or CLI.

Would you like an architecture example that mixes these modes? For example, using Fargate for some workloads and managed nodes for others?

Sure — here’s the overview of EKS Storage Classes without any examples:

Provides shared file storage that can be mounted by multiple pods across nodes and Availability Zones.
Provisioner: efs.csi.aws.com.
Supports ReadWriteMany access mode.
Good for workloads that require shared storage, such as content management systems, CI/CD systems, and shared caches.

Storage Type	Provisioner	Access Modes	Use Case
EBS	`ebs.csi.aws.com`	ReadWriteOnce	Databases, stateful apps
EFS	`efs.csi.aws.com`	ReadWriteMany	Shared volumes, content systems
FSx Lustre	`fsx.csi.aws.com`	ReadWriteMany	HPC, machine learning, analytics
FSx Windows	`fsx.csi.aws.com`	ReadWriteMany	Windows applications

Let me know if you want a breakdown of performance or pricing differences across these storage options.