Managed Kubernetes Breakdown
Overview of the managed k8s solutions from GCP, AWS and Azure
19 June 2018
Rael Garcia
Systems Engineer at CAPSiDE
Rael Garcia
Systems Engineer at CAPSiDE
Australia East, Canada Central, Canada East, Central US, East US, North Europe, UK South, West US and West 2.
Only available in North Virgnia (us-east-1) and Oregon (us-west-2).
Montreal, Iowa, Orgeon, Northen Virginia, South Carolina, São Paulo, Finland, Belgium, London, Frankfurt, Netherlands, Mumbai, Singapore, Taiwan, Tokyio and Syndey.
Control plane is free, only pay for the workers, storage and network services.
The control plane costs $0.20 per hour (~$150 per month and EKS cluster).
Same pay per use for the workers, storage and network services.
Since the 28th November 2017, the control plane is free, only pay for the workers, storage and network services.
From 1.7.7 to 1.9.6.
Only 1.10.3.
From 1.8.10 to 1.10.4.
No support for availability zones. However, Azure seek to maintain availability of at least 99.5% for the Kubernetes API server.
Amazon EKS runs the Kubernetes management infrastructure across multiple AWS Availability Zones, automatically detects and replaces unhealthy control plane nodes.
Cluster can be deployed as Regional, with masters spread across multiple zones within a Region or Local.
Nodes are deployed in availability sets that protect against zone hardware failures.
Worker nodes can be deployed across zones in the same region.
Worker nodes can be deployed across zones in the same region.
Only support one node pool per cluster.
Independents group of servers can be added to the cluster, which different carachteristics and sizes, including spot instances.
Independent node pools of instance groups, each one with their own configuration in sizes, OS and preemptiveness.
Node autoscaling is not supported but is on the roadmap.
Autoscaling using EC2 Auto Scaling Groups.
Native with Cluster Autoscaler and Compute Engine Instance Groups.
Cluster Autoscaler is a tool that automatically adjusts the size of the Kubernetes cluster.
Azure Container Registry is a managed Docker registry service based on the open-source Docker Registry 2.0.
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.
Google Container Registry provides secure, private Docker image storage on Google Cloud Platform.
Basic networking creates a new VNet for your cluster using default values or
Advanced networking allows clusters to use a new or existing VNet with customizable addresses and application pods are connected directly to the VNet.
Native VPC networking via the Amazon VPC CNI plugin for Kubernete, allowing pods to have the same IP address inside the pod as they do on the VPC network.
With Alias IPs, Kubernetes Engine clusters can allocate IP addresses from a CIDR block known to Google Cloud Platform (GCP), allowing pod IPs to be natively routable within the GCP network and access to hosted services without using a NAT gateway.
Kubernetes RBAC system grants granular permissions for specific resources and operations within your clusters.
Kubernetes RBAC with support to use Azure Active Directory for user authentication.
Kubernetes RBAC with IAM authentication through a collaboration with Heptio.
Cloud IAM to grant users access to Kubernetes Engine and Kubernetes resources.
Kubernetes RBAC for access control within your clusters.
With Azure Kubernetes Service, you will get CPU and memory usage metrics for each node. In addition, you can enable container monitoring capabilities and get insights into the performance and health of your entire Kubernetes cluster.
Logs and metrics from pods, nodes and masters published to CloudWatch and CloudTrail.
Logs and metrics from pods, nodes and masters published to GCP Monitoring and Stackdriver.
Azure Kubernetes Service (AKS) is compliant with SOC and ISO/HIPPA/HITRUST.
No information provided yet.
Kubernetes Engine is backed by Google security team of over 750 experts and is both HIPAA and PCI DSS 3.1 compliant.
Virtual Kubelet with Azure Container Instances
AWS Fargate is already supported in ECS and for Amazon EKS will be available in 2018.
Open Source implementation can be found at github.com/virtual-kubelet.
Not implemented, yet.
18