Cloud Services / Kubernetes / Service Mesh / Sponsored / Contributed

Ensure Consistency in Hybrid Clouds with Amazon Web Services’ EKS-D and Istio

10 Feb 2021 3:00am, by

Amazon Web Services recently released the Amazon EKS Distro (EKS-D), a service to help users achieve a consistent Kubernetes experience in hybrid cloud scenarios.

What Is EKS-D?

EKS-D is a distribution of Amazon Web Services‘ Elastic Kubernetes Service (EKS). You can run EKS-D on-premises, in a cloud, or on your own systems. The EKS Distro releases Kubernetes versions at the same pace as EKS. In the near future, a supported, packaged product and installation method for EKS-D will be available under the name EKS Anywhere (EKS-A).

The following diagram illustrates the relationship between AWS, EKS-D, Kubernetes, and users.

EKS-D means something different to AWS, its partners, and its users.

  • For AWS: Increases AWS market ownership,
  • For partners: Integrates AWS channel and customer resources to reach more users,
  • For users: Ensures consistency of Kubernetes in heterogeneous environments and simplifies operations and maintenance.

Today’s enterprises have many factors to consider when deciding which cloud providers to choose, while many others have difficulty moving their IT into the cloud and continue to rely on tried and true legacy IT architectures to do business.

When going to the cloud, customers want a consistent experience on-premises and in the cloud for migration or for hybrid cloud setups. Not all applications are suitable for cross-cloud migration, so multicluster and hybrid cloud usage scenarios will be common for various reasons — such as compliance and data security.

Why Do You Need Multicluster and Hybrid Clouds?

We deploy in many cases using multiple clusters, hybrid clouds, etc. For example:

  • To avoid vendor lock-in and to facilitate cross-cluster migration of applications.
  • To achieve high availability of applications.
  • When the size of one cluster is too large, causing performance bottlenecks.
  • For compliance and data security.
  • For proximity deployment, to reduce network latency and improve user experience.
  • To perform some testing.
  • For bursty operations that require cluster expansion.

Kubernetes is the standard for container orchestration and is expected to become the underlying API for cloud native applications. But it presents new challenges for how to manage clusters in multicluster and hybrid cloud environments.

Managing Hybrid Clouds with Istio Service Mesh

Jimmy Song
Jimmy is a developer advocate at Tetrate, CNCF Ambassador, co-founder of ServiceMesher, and Cloud Native Community(China). He mainly focuses on Kubernetes, Istio, and cloud native architectures.

Istio service mesh, as a network infrastructure layer for cloud native applications, can manage both Kubernetes and non-container workloads such as virtual machines. Istio can be deployed in multiple platforms and supports multiple deployment modes, to manage multiple clusters and hybrid clouds. The deployment requires full consideration of Region and Zone distribution, network isolation, multitenancy, and high availability of the control plane.

If we use both EKS and EKS-D deployed in a private data center, how can we manage the two clusters with a unified control plane? As shown in the figure below, cluster1 and cluster2 represent the Kubernetes clusters deployed in EKS and EKS-D, respectively. The networks of these two clusters are isolated and now, because they are suitable for using a hybrid cloud scenario as described above, we have adopted the Primary-Remote multinetwork deployment model — in order to incorporate them into the same service grid and use one control plane for management.

  • Black arrows in the figure indicate requests in the control plane to obtain service and endpoint configurations.
  • Blue arrows in the figure indicate a route for Service A to access Service B.
  • Green arrows in the figure indicate the route for service A/B to obtain the service endpoint from the control plane.

When deploying Istio in this mode, you need to ensure the connectivity of the control plane to the API Server of Kubernetes. Please refer to the Istio documentation for the detailed installation process.

Summary

EKS-D ensures the consistency of Kubernetes clusters in a hybrid cloud environment, reducing the cost of cluster operations and maintenance. Istio’s inherent multicluster awareness capabilities further enhance the consistency of user experience at the service level, helping us to bring services in multiple clusters under a unified control plane. EKS-D was released with numerous partner responses, with Tetrate as the solution provider for the Istio service mesh — providing the Tetrate Service Bridge (TSB) to enable unified application connectivity and security across workloads on EKS and EKS-D.

Feature image via Pixabay.

The New Stack is a wholly owned subsidiary of Insight Partners. TNS owner Insight Partners is an investor in the following companies: Ambassador.

A newsletter digest of the week’s most important stories & analyses.