Written by Lucas Marsala
Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service provided by AWS that simplifies the deployment and management of containerized applications. This guide provides an overview of EKS, its lifecycle, associated costs, and best practices for managing updates efficiently.
Contents
Understanding the EKS Lifecycle and Costs
Effective EKS cluster management requires an understanding of its lifecycle, as it directly impacts operational costs and maintenance efforts.
Standard Support
Each EKS version receives standard support for 14 months from its release date. During this period, AWS provides updates, security patches, and feature enhancements at the standard pricing.
Example:
- Version 1.30 was released on May 23, 2024.
- Standard support remains available until July 23, 2025.
Extended Support
Once standard support ends, AWS offers an additional 12 months of extended support. However, costs increase significantly, as AWS continues to maintain the older version with critical patches.
Example:
- Version 1.30 standard support ends on July 23, 2025.
- Extended support is available until July 23, 2026.
Cost Implications
Running outdated EKS versions leads to higher costs due to extended maintenance fees. While standard support costs $0.10 per cluster per hour, extended support raises the cost to $0.60 per cluster per hour.
Example:
An analysis of TrackIt’s EKS infrastructure showed a cost increase from $75 per month during standard support to $550 per month under extended support, emphasizing the importance of timely upgrades.
What Happens After Extended Support Ends?
If an EKS version remains outdated beyond the extended support period, AWS enforces an automatic upgrade to a supported version. This may lead to compatibility issues, unexpected downtime, and increased migration efforts.
Managing EKS Updates
Two primary approaches are available for managing and updating EKS:
1. AWS Management Console
The AWS Console offers a graphical interface for managing EKS clusters, upgrading versions, and adjusting configurations. This approach suits those preferring a visual, hands-on experience.
2. Infrastructure as Code (IaC)
Tools such as Terraform and AWS CloudFormation enable automated, scalable EKS management. Using IaC ensures consistency, simplifies version tracking, and streamlines cluster updates.
Automated Monitoring to Reduce Costs
To avoid unnecessary costs, I developed an automated monitoring solution to track all EKS clusters within an account. The script, built with AWS SDK version 3.745.0, runs as an AWS Lambda function and gathers key metrics on cluster support status.
Since AWS SDK updates may take time to become available in Lambda, a custom Lambda layer has been created to ensure compatibility with the latest version. The monitoring system integrates with Amazon EventBridge to trigger the function at scheduled intervals, automatically sending collected data to CloudWatch. All the resources required to run the program are available in the link below.
Link to the repository: https://github.com/LucasMarsala/EKS_monitoring.git
The script categorizes clusters into five statuses:
- SupportStandard – Actively supported
- SoonExtended – Two weeks before transitioning to extended support (adjustable)
- Extended – Under extended support
- SoonDeprecated – Two weeks before deprecation (adjustable)
- Deprecated – No longer supported
Tutorial: Setting Up EKS Monitoring
Open the AWS Management Console and navigate to the Lambda service.
Select “Create Function” and configure it as shown below.
Once the Lambda function is created, the policy needs to be modified to grant access to the necessary resources. In the search bar, type “IAM” and select “IAM role” from the left-hand menu.
The created role will likely appear as “TheNameYouEntered-role-SomethingGenerated,” for example, “eks-monitoring-role-a3f20z1q.” Click on the role, then navigate to the Permissions policies section. Click on the “Add permissions” button on the top right, followed by “Create inline policy.”
In the JSON format, copy and paste the policy provided in the repository.
Next, return to the Lambda function. The SDK layer needs to be created and attached. In the search bar, type “Lambda” and select “Layers” from the left menu. Click the “Create layer” button in the top right. Follow the instructions, and when prompted, upload the “aws-sdk-layer.zip” file from the repository.
Once the layer is created, the ARN for the layer must be copied. Proceed to the “Functions” section, search for the Lambda function name (e.g., “eks-monitoring”), and navigate to the bottom of the page. Click “Add a layer.”
Select the “Specify an ARN” option and paste the ARN of the layer in the provided field, then click the “Add” button.
Now, in the Lambda’s “Configuration” section, edit the “General configuration” and set the timeout from 3 seconds to 30 seconds, then save the changes.
In the “Code” section of the Lambda function, copy and paste the code from the repository into the “index.mjs” file.
Remember to click the “Deploy” button on the left side. To ensure everything is functioning correctly, click the “Test” section, then click the “Test” button.
The metrics will be uploaded under a custom namespace called “EKS/Cluster.” It may take up to 15 minutes for the metrics to appear.
To automate the metric collection, add an event to trigger the Lambda function daily. In the overview section, click on “Add trigger” at the bottom left, and follow the instructions in the on-screen prompts. This event will run automatically on a daily basis.
To set up notifications for outdated clusters, an alarm must be configured in CloudWatch. In the search bar, type “CloudWatch” and select “Alarm” from the left-hand menu. Click the “Create Alarm” button. Under “Select metrics,” the number of metrics available will vary based on the metrics in the custom namespace.
Select the metrics with no dimensions, and choose a metric, such as “SoonExtended.” If there is only one EKS cluster, this metric will alert when it is two weeks away from entering Extended Support. Create the alarm by selecting the appropriate options and clicking “Next.”
An SNS topic can be created to send notifications via email whenever the threshold is breached. Continue through the steps to complete the alarm creation process. If the Lambda function hasn’t triggered yet, “no data available” may appear, but the EventBridge will trigger it as scheduled.
This concludes the tutorial, providing the necessary steps to manage EKS effectively.
Conclusion
Understanding the EKS lifecycle, associated costs, and upgrade strategies is essential for maintaining cost-effective and secure Kubernetes workloads. Proactive upgrades and automation tools help manage EKS clusters efficiently while preventing unexpected expenses.
About TrackIt
TrackIt is an international AWS cloud consulting, systems integration, and software development firm headquartered in Marina del Rey, CA.
We have built our reputation on helping media companies architect and implement cost-effective, reliable, and scalable Media & Entertainment workflows in the cloud. These include streaming and on-demand video solutions, media asset management, and archiving, incorporating the latest AI technology to build bespoke media solutions tailored to customer requirements.
Cloud-native software development is at the foundation of what we do. We specialize in Application Modernization, Containerization, Infrastructure as Code and event-driven serverless architectures by leveraging the latest AWS services. Along with our Managed Services offerings which provide 24/7 cloud infrastructure maintenance and support, we are able to provide complete solutions for the media industry.