Making EKS Anywhere Highly Available and Secure
AWS has recently launched the Amazon EKS Anywhere (EKS-A) service; a way to get the value of Amazon’s Kubernetes distribution, but running in an isolated environment on your on-premises environment. We partnered with the Amazon team to help our customers leverage F5 solutions to make their EKS Anywhere environment highly available and secure.
What is EKS Anywhere?
EKS-A takes Amazon’s managed Kubernetes distribution and makes it available to run in customer’s on-premises data center. This provides the familiarity of Amazon EKS, but the flexibility of running it in environments where you want to run hybrid workloads.
Keeping it Highly Available
When running in AWS you can leverage Elastic Load Balancing services such as Network Load Balancer or Application Load Balancer to keep your applications up and running. F5 provides these critical services on EKS-A by leveraging BIG-IP and NGINX platforms.
BIG-IP can be the front door for your EKS-A services. Customers can define how they want to expose services running in EKS-A using k8s native configuration objects like LoadBalancer Service type and/or F5 BIG-IP Custom Resource Definition (CRD). F5’s Container Ingress Controller (CIS) running inside the EKS-A cluster automatically configures those services on the BIG-IP platform.
If you need fine grain access and intelligent access to your applications F5’s Kubernetes Ingress Controller (KIC)* can be deployed to support Kubernetes Ingress resources and/or the F5 NGINX CRD.
These services can be deployed separately or together using F5 Ingress Link, a unified deployment of BIG-IP and NGINX in EKS-A.
Keep it Secure
In addition to the performance and automation that you gain from using CIS and F5 KIC you can also opt to enable greater security enhancements by using BIG-IP AWAF or NGINX App Protect to provide advanced Web Application Firewall (WAF) protection for your Kubernetes applications.
Try it Today
If you’re interested in seeing how F5 helps make EKS-A even better be sure to check out Mark Dittmer’s GitHub repo where he showcases these solutions. https://github.com/mdditt2000/k8s-bigip-ctlr/blob/main/user_guides/eks-anywhere/ingresslink/README.md
* There are two projects that have the name Kubernetes Ingress Services. In this article we are referring to the F5 project that is hosted at: https://github.com/nginxinc/kubernetes-ingress. There is also a community Kubernetes Ingress Service that is hosted at: https://github.com/kubernetes/ingress-nginx. These projects are similar in intent, but have differing implementation/capabilities.