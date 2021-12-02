The AWS Kubernetes roadmap will include an EKS GitOps add-on, along with tighter security and observability integrations with other AWS services and edge computing support, the cloud giant's container executives said this week.

AWS first launched "add-ons," its term for managed instances of Kubernetes cluster administration tools, as part of its Amazon Elastic Kubernetes Service (EKS) last December. Users with managed Kubernetes clusters on EKS can invoke EKS add-ons with a single command instead of configuring them in detail every time they create a new EKS cluster within the service.

Now, the Amazon EKS product team plans to provide a series of add-on updates to make other aspects of Kubernetes clusters easier to manage, including support for the open source Flux GitOps utility, according to a presentation at the company's re:Invent 2021 conference this week.

"We're going to make it possible to install Flux directly using an EKS add-on," said Allan Naim, a senior product manager for Amazon EKS, in a conference session on the company's EKS roadmap and strategy. "This will simplify ... change management across multiple clusters."

With GitOps support, AWS aims to ease EKS management GitOps has gained momentum among mainstream enterprises over the last two years because of how it enforces consistency automatically within complex distributed systems, such as Kubernetes infrastructures. Under GitOps, IT teams manage both applications and infrastructure as code in the same repositories, using a tool such as Flux or ArgoCD to keep production Kubernetes clusters consistent with their desired state as expressed in code. The ability to dependably configure EKS clusters and avoid common errors during their detailed installation process was a big part of the draw for AWS in designing a Flux add-on, company officials said. "An ECS [Elastic Container Service] cluster is just an object. ... It's essentially a resource in a database somewhere," said Deepak Singh, vice president of compute services at AWS, in an interview. "A Kubernetes cluster comes with a control plane, a database and it has a [Domain Name Service (DNS)] engine running ... so the chances of making mistakes are much higher." GitOps, by contrast, offers a more formal, standardized cluster configuration under EKS, Singh said. "That reliability and consistency of being able to say, 'Hey, this is what I want my cluster to look like here. It's defined in code and we can do it again and again' is absolutely the reason we like [GitOps]," he said. Users should also expect AWS to offer multiple Flux instances in the same cluster or multiple clusters under the same Flux controller, and further abstract GitOps complexity in the AWS Console as part of the EKS add-on, according to one industry analyst. "That simplicity of customer experience is why basic container users gravitate to ECS versus EKS; EKS is more a power user container solution," said Rob Strechay, an analyst at Enterprise Strategy Group, a division of TechTarget. "Flux fits the AWS ethos of segregation of duties and smallest blast radius pretty well, [and] the ease of install and upgrade is huge when you are doing this at scale and managing it." In the open source world, Flux competes with Intuit's ArgoCD project for enterprise GitOps adoption, but the choice of Flux for the first EKS GitOps add-on isn't intended as an Argo snub, Singh said. "Flux is lower-level, and allows us to do more things on top of it than ArgoCD, which is more of a system end to end, but that doesn't mean that if you are an ArgoCD user, you're [out of luck]," he said. "It's just the way we are going to do GitOps with EKS. At least in the near term, we feel Flux fits our needs better because we can add our own look on it more easily than you can with ArgoCD." AWS has also built its own GitOps tool to support Proton's higher level of abstractions, and an ArgoCD add-on wasn't outside the realm of possibility for the future, Singh said.

AWS Kubernetes roadmap: security, observability in focus AWS also plans Amazon EKS add-ons that support its distribution of the OpenTelemetry digital tracing project; Kubernetes Cluster Storage Interface drivers that connect container clusters to external data storage systems; a load-balancer controller and a Prometheus-based metrics monitoring server, according to Naim's presentation. "For observability, today, we expose Prometheus metrics for the [Kubernetes] control plane, but [customers] still have to do the work of ingesting those metrics and analyzing them," Naim said. "We want to make that easier ... so that [users] can just go to the EKS console and see what's happening with [the] control plane." Other roadmap plans for Amazon EKS include cost allocation features for chargeback, support for continuous container image scanning with version two of Amazon Inspector and improvements to service discovery between multiple EKS clusters using an upstream Kubernetes multi-service API and the AWS Cloud Map service discovery utility. These latter updates will add to a multi-cluster management tool, EKS Connector, that AWS launched in preview Sept. 8, which can import data about EKS and non-EKS clusters to give EKS administrators visibility into multi-cluster environments. EKS Connect, at first glance, may hint at the notion of a SUSE Rancher-like multi-cluster management across Kubernetes distros from AWS, but Singh said the cloud vendor doesn't plan to take EKS that far outside Amazon's own domain. "For many [customers], the majority of their estate is inside AWS. They're using EKS very heavily, but they would like that single pane of glass into what else is going on," Singh said. "For now, that is the problem we're going to go solve."