Kubernetes, as an open-source system for managing and orchestrating containerized applications, is widely used among numerous organizations and enterprises, looking for a better mechanism for deployment and scaling of applications. AWS has repeatedly kept innovating while providing its devoted customers with numerous supported services in any environment, whether it is on the cloud or on-premise.
Introducing Amazon EKS-D
Today Amazon announced Amazon EKS Distro (EKS-D), a Kubernetes distribution based on and used by Amazon EKS. Amazon EKS Distro enables infrastructure managers to create reliable and secure Kubernetes clusters using the same versions of Kubernetes and its dependencies deployed by Amazon EKS.
With Amazon EKS Distro, Amazon provides extended support for Kubernetes versions after community support expires, providing updated builds of previous versions including the latest security patches. EKS-D is fully compatible with Kubernetes open-source tools such as kops, kubeadm, kubespray, etc. AWS states that with this project they are not forking Kubernetes, rather taking open-sourced Kubernetes components, packaging, and configuring them in a certain opinionated manner, which is backed by millions of running EKS clusters world-wide.
Each Amazon EKS Distro release follows the EKS process, verifying new Kubernetes versions for compatibility. The Amazon EKS Distro source code, open-source tooling, binaries, and container images as well as configuration are provided for reproducible builds via public Git and S3 storage locations.
Why should I be using EKS-D?
EKS-D enables you to create Kubernetes clusters using a selection of compatible versions of the latest Kubernetes release and its dependencies, tested by Amazon EKS to be reliable and secure. With EKS-D you have a single vendor for secure access to installable, reproducible builds of Kubernetes for cluster creation and extended security patching support of Kubernetes version after community support expires. AWS also provides extended support for up to 14 months, in accordance with EKS Version Policy.
What’s included in EKS-D?
EKS-D includes open-source (upstream) Kubernetes components, security patches, and third-party tools including configuration database, network, and storage components necessary for cluster creation. They include Kubernetes control plane components (such as kube-controller-manager, etcd, and CoreDNS), Kubernetes worker node components (kubelet, Kubernetes CSI, and CNI), and command-line clients (kubectl and etcdctl).
It will also include all of the upstream patches used by Amazon EKS including fixes to which Amazon has contributed back to the community. In addition, it will include patches that AWS deem important for operational stability and security fixes.
Alcide and EKS-D
With the introduction of EKS-D, we at Alcide are proud to take part in this official launch right of the gate, as part of the AWS Partner Network (APN). After other successful integrations we had with AWS such as Security Hub, Bottlerocket, and Outposts, Alcide again joins forces with the AWS team, offering its platform capabilities for Kubernetes domains.
Here at Alcide, we help organizations to drive continuous security guardrails across their Kubernetes workloads and deployments, and with the addition of EKS-D as the new AWS family member, we can now provide the same high standard of operational security for on-prem environments as well.
Alcide provides centralized and unified security coverage across hybrid deployments that span across EKS, Outposts, and the newly added EKS-D. From a customer point of view, we offer the same tools and best practices regardless of the deployment infrastructure.
The Alcide platform addresses all Kubernetes security needs holistically, from design through deployment to production. The platform is designed from a DevOps perspective, while also ensuring robust and comprehensive Kubernetes security and compliance best practices.
Alcide secures your Kubernetes infrastructure and ensures compliance already from the CD pipeline, through deployment, to runtime protection.