AWS Kubernetes roadmap includes Flux for GitOps
Amazon EKS will include a Flux-based GitOps add-on, while ECS Anywhere seems destined for a niche in edge computing, per roadmap plans unveiled by AWS execs this week.
The AWS Kubernetes roadmap will include an EKS GitOps add-on, along with tighter security and observability integrations with other AWS services and edge computing support, the cloud giant's container executives said this week.
AWS first launched "add-ons," its term for managed instances of Kubernetes cluster administration tools, as part of its Amazon Elastic Kubernetes Service (EKS) last December. Users with managed Kubernetes clusters on EKS can invoke EKS add-ons with a single command instead of configuring them in detail every time they create a new EKS cluster within the service.
Now, the Amazon EKS product team plans to provide a series of add-on updates to make other aspects of Kubernetes clusters easier to manage, including support for the open source Flux GitOps utility, according to a presentation at the company's re:Invent 2021 conference this week.
"We're going to make it possible to install Flux directly using an EKS add-on," said Allan Naim, a senior product manager for Amazon EKS, in a conference session on the company's EKS roadmap and strategy. "This will simplify ... change management across multiple clusters."
With GitOps support, AWS aims to ease EKS management
GitOps has gained momentum among mainstream enterprises over the last two years because of how it enforces consistency automatically within complex distributed systems, such as Kubernetes infrastructures. Under GitOps, IT teams manage both applications and infrastructure as code in the same repositories, using a tool such as Flux or Argo CD to keep production Kubernetes clusters consistent with their desired state as expressed in code.
The ability to dependably configure EKS clusters and avoid common errors during their detailed installation process was a big part of the draw for AWS in designing a Flux add-on, company officials said.
"An ECS [Elastic Container Service] cluster is just an object. ... It's essentially a resource in a database somewhere," said Deepak Singh, vice president of compute services at AWS, in an interview. "A Kubernetes cluster comes with a control plane, a database and it has a [Domain Name Service (DNS)] engine running ... so the chances of making mistakes are much higher."
GitOps, by contrast, offers a more formal, standardized cluster configuration under EKS, Singh said.
"That reliability and consistency of being able to say, 'Hey, this is what I want my cluster to look like here. It's defined in code and we can do it again and again' is absolutely the reason we like [GitOps]," he said.
Users should also expect AWS to offer multiple Flux instances in the same cluster or multiple clusters under the same Flux controller, and further abstract GitOps complexity in the AWS Console as part of the EKS add-on, according to one industry analyst.
"That simplicity of customer experience is why basic container users gravitate to ECS versus EKS; EKS is more a power user container solution," said Rob Strechay, an analyst at Enterprise Strategy Group, a division of TechTarget. "Flux fits the AWS ethos of segregation of duties and smallest blast radius pretty well, [and] the ease of install and upgrade is huge when you are doing this at scale and managing it."
Rob StrechayAnalyst, Enterprise Strategy Group
In the open source world, Flux competes with Intuit's Argo CD project for enterprise GitOps adoption, but the choice of Flux for the first EKS GitOps add-on isn't intended as an Argo snub, Singh said.
"Flux is lower-level, and allows us to do more things on top of it than Argo CD, which is more of a system end to end, but that doesn't mean that if you are an Argo CD user, you're [out of luck]," he said. "It's just the way we are going to do GitOps with EKS. At least in the near term, we feel Flux fits our needs better because we can add our own look on it more easily than you can with Argo CD."
AWS has also built its own GitOps tool to support AWS Proton's higher level of abstractions, and an Argo CD add-on wasn't outside the realm of possibility for the future, Singh said.
AWS Kubernetes roadmap: security, observability in focus
AWS also plans Amazon EKS add-ons that support its distribution of the OpenTelemetry digital tracing project; Kubernetes Cluster Storage Interface drivers that connect container clusters to external data storage systems; a load-balancer controller; and a Prometheus-based metrics monitoring server, according to Naim's presentation.
"For observability, today, we expose Prometheus metrics for the [Kubernetes] control plane, but [customers] still have to do the work of ingesting those metrics and analyzing them," Naim said. "We want to make that easier ... so that [users] can just go to the EKS console and see what's happening with [the] control plane."
Other roadmap plans for Amazon EKS include cost allocation features for chargeback, support for continuous container image scanning with version two of Amazon Inspector and improvements to service discovery between multiple EKS clusters using an upstream Kubernetes multiservice API and the AWS Cloud Map service discovery utility.
These latter updates will add to a multicluster management tool, EKS Connector, that AWS launched in preview Sept. 8, which can import data about EKS and non-EKS clusters to give EKS administrators visibility into multicluster environments.
EKS Connector, at first glance, may hint at the notion of a SUSE Rancher-like multicluster management across Kubernetes distros from AWS, but Singh said the cloud vendor doesn't plan to take EKS that far outside of Amazon's own domain.
"For many [customers], the majority of their estate is inside AWS. They're using EKS very heavily, but they would like that single pane of glass into what else is going on," Singh said. "For now, that is the problem we're going to go solve."
ECS Anywhere finds edge computing spotlight
Amazon EKS is among several hosted container services offered by AWS, which also includes Amazon ECS, the cloud provider's original hosted container service that emphasizes simplicity. Amazon added EKS when customers demanded more Kubernetes-native features, but novice container users are more likely to favor Amazon ECS or a more highly abstracted service such as AWS Proton, which hosts template-based microservices deployments, or the AWS Fargate serverless container platform.
AWS also markets multiple hybrid cloud and on-premises infrastructure services, including Outposts, which moves AWS-compatible hardware and infrastructure management tools into on-premises data centers, and ECS Anywhere and EKS Anywhere services, which are software-only hybrid cloud container frameworks.
As with the cloud-based ECS and EKS, ECS Anywhere is usually chosen by users for its simplicity, while EKS Anywhere offers deeper cluster-level control. However, Singh said AWS has been surprised by strong interest in ECS Anywhere for edge computing at sites such as fast-food restaurant locations, where hardware and IT personnel resources are scarce.
"We fully expected ECS Anywhere to be heavily data center-driven, which we are seeing [with] EKS Anywhere ... but we are also seeing a ton of interest with people doing things in manufacturing facilities, so much that we actually changed our roadmap," Singh said. "GPU support was not in our roadmap for this year, but there were so many people doing machine learning at the edge with ECS Anywhere, or at least so much interest, that we made it our first follow-on feature."
AWS beefed up its broader edge computing strategy at re:Invent this week with the launch of its own private 5G managed service, along with products targeting specific industries that tend to employ edge and Internet of Things architectures, such as auto manufacturing.
"It's an area that we are paying more attention to, because the ECS and EKS Anywhere launches put a spotlight on it for us," Singh said.
Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.