AWS Drives Kubernetes Simplification With EKS Hybrid Nodes Gateway
The drive to “modernize” applications that span cloud, on-premises and edge computing environments is apace.
Although it’s a slightly quirky term (there aren’t too many “old-fashioned” applications out there, unless we dip into the murky depths of COBOL), it’s a term we use to talk about progressing enterprise applications forward (occasionally through refactoring, but often through an architectural engineering process) so that they can take advantage of microservices and containers, as well as services such as automated scaling and updates.
In other words, teams are modernizing for the age of Kubernetes, but how are teams doing this?
Very often, through the use of Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon EKS Hybrid Nodes, a technology designed to run Kubernetes operational workloads on your on-premises infrastructure using AWS-managed control planes.
Remote Nodes in the Motherlode
Amazon EKS Hybrid Nodes also enables users to integrate their on-premises and edge computing infrastructure with EKS clusters as “remote nodes,” and those remote entities are useful because they allow centralized cloud management of on-premises hardware, ensuring consistent Kubernetes operations and reduced latency for local data processing.
According to AWS engineers Sheng Chen and Eric Chapman, these technologies come together to create “a unified Kubernetes management experience” across distributed environments while addressing latency, compliance and data residency requirements.
It’s all plain sailing from here on in, is it?
Don’t be silly, this is Kubernetes. We can still see that managing hybrid Kubernetes networking between the Amazon Virtual Private Cloud (Amazon VPC) and on-premises nodes can be challenging. Why? Due to the fact that forming these network connections often requires “network changes” and coordination between Kubernetes platform teams and network infrastructure teams.
Changes in the Network
What network changes? AWS doesn’t specify, but we can see that changes could be required to configure VPNs, or to align IP address spaces and avoid overlaps to allow secure cross-environment communication.
Chen and Chapman do indeed note that a common architecture requirement for EKS Hybrid Nodes is to make on-premises pod networks routable across hybrid networks, which some customers cannot achieve due to constraints like overlapping IP addresses or complex BGP routing requirements.
For completeness here, let’s note that BGP stands for Border Gateway Protocol, i.e., the standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet.
“We are excited to announce the general availability of the Amazon EKS Hybrid Nodes gateway, a new feature for Amazon EKS that simplifies hybrid Kubernetes networking for Amazon EKS Hybrid Nodes,” note the AWS pair on the company blog. “The Amazon EKS Hybrid Nodes gateway automatically manages and forwards pod-to-pod traffic between the EKS VPC and on-premises environments, eliminating the need for complex networking changes to existing on-premises infrastructure.”
Webhook Wiring Wonderment
It also handles the control plane to webhook connectivity and allows AWS services such as Application Load Balancers, and Amazon Managed Service for Prometheus to seamlessly communicate with remote pods running on hybrid nodes. Webhooks require a public URL or secure tunnel to receive automated, real-time HTTP push notifications from external systems.
EKS Hybrid Nodes gateway supports a range of use cases, including:
- Cross-environment pod-to-pod networking & cloud migrations: Organizations migrating applications to Amazon EKS while maintaining some workloads on-premises due to data residency, compliance, or infrastructure requirements. The gateway enables seamless pod-to-pod communication between cloud and on-premises without requiring network infrastructure changes.
- Webhook operations: Customers running admission controllers and policy enforcement tools (cert-manager, OPA, Kyverno) on hybrid nodes. The gateway automatically routes control plane traffic to webhook endpoints on hybrid nodes, removing the need to make on-premises pod networks routable.
- AWS service integrations: Applications with components distributed across cloud and on-premises environments that require AWS service integrations. The gateway enables VPC-to-hybrid pod connectivity, allowing consistent AWS service integrations for metrics scraping, health checks, and load balancing across hybrid environments.
By abstracting away the underlying network complexity, the Amazon EKS Hybrid Nodes gateway allows cloud-native developers to focus on their application modernization efforts rather than managing complex hybrid networking. The EKS Hybrid Nodes gateway is open source and is available on GitHub.
What To Think Next….
Overall, then, it feels like AWS has essentially built a workaround for a problem that Kubernetes itself helped create, i.e., the old-fashioned (yes, okay, here the term does apply) way of managing networking complexity that surfaces when developers attempt to stitch cloud and on-premises infrastructure together with what we might call digital duct tape. The EKS Hybrid Nodes gateway abstracts away the BGP routing nightmares and overlapping IP headaches, which is genuinely useful, though one might reasonably ask why we needed three layers of abstraction to achieve what should have been table stakes.
