HAQM EKS Distro FAQs

HAQM EKS Distro is a distribution of the same open-source Kubernetes and dependencies deployed by HAQM Elastic Kubernetes Service (EKS), helping you to manually run Kubernetes clusters anywhere. EKS Distro includes binaries and containers of open-source Kubernetes, etcd (cluster configuration database), networking, and storage plugins, tested for compatibility. EKS Distro will provide extended support for Kubernetes versions after community support expires by updating builds of previous versions with the latest critical security patches. You can securely access EKS Distro releases as open source on GitHub or within AWS using HAQM Simple Storage Service (S3) and HAQM Elastic Container Registry (ECR) for a common source of releases and updates. Deploy clusters and let AWS take care of testing and tracking Kubernetes updates, dependencies, and patches. Each EKS Distro verifies new Kubernetes versions for compatibility. The source code, open-source tools, and settings are provided for reproducible builds.

If you create Kubernetes clusters manually, you probably spend a lot of effort tracking updates, determining compatible versions of Kubernetes and its dependencies, testing them for compatibility, and maintaining pace with the Kubernetes release cadence. However, you may be uncertain when choosing the required Kubernetes component versions and security releases for the right balance of performance, security, and latest stable versions. You need to allocate resources and time to maintain Kubernetes testing infrastructure to ensure component version compatibility, support tooling compatibility, and performance regressions for each version release of Kubernetes and its dependencies. You likely either don’t perform these tests, or take on significant effort and expense to keep up with the Kubernetes version release lifecycle. A new Kubernetes release is announced every three to four months, with critical security patch support provided only for the three latest versions. If you are unable to maintain pace for testing and qualifying new versions, you risk breaking changes, version compatibility issues, and running unsupported versions of Kubernetes lacking critical security patches.

EKS Distro helps you manually run clusters using a Kubernetes distribution of compatible versions of the latest release and its dependencies, tested for reliability and security. EKS Distro provides access to installable, reproducible Kubernetes builds for cluster creation, as well as extended security patching support after community support expires. Extended Kubernetes maintenance support is offered for up to 14 months in accordance with HAQM EKS Version Lifecycle Policy, giving you the time necessary to update your infrastructure in alignment with your software lifecycle.

HAQM EKS Distro alleviates the need to track updates, determine compatibility, and standardize on a common Kubernetes version across distributed teams. This makes it easier for you to create clusters and manage the Kubernetes lifecycle. While you may be able to do this on your own, it takes significant effort. EKS Distro provides you the confidence of the latest, secure versions tested for compatibility through HAQM EKS version support.

To create an HAQM EKS Distro cluster, you will need to set up the servers, networking, and install a supported operating system (OS) on each server of the cluster. If you have existing cluster creation tools, you can update their settings to download EKS Distro from GitHub or HAQM S3 and HAQM ECR. If you are creating EKS Distro-based clusters for the first time, you can use kubeadm or Kubernetes Operations (kops).

You can create HAQM EKS Distro clusters on AWS using HAQM Elastic Compute Cloud (EC2), on premises on your own hardware, and on other clouds using the tooling of your choice.

HAQM EKS Distro includes open-source (upstream) Kubernetes components and third-party tools including configuration database, network, and storage components necessary for cluster creation. These include Kubernetes Control Plane components (for example, kube-controller-manager, etcd, and CoreDNS), Kubernetes Node components (for example, kubelet, Kubernetes CSI, and CNI), and command line clients (for example, kubectl and etcdctl).

HAQM EKS Distro supports the same versions of Kubernetes and point releases as HAQM EKS. The current version is noted in the GitHub repository.

HAQM EKS Distro will include all the upstream patches used by HAQM EKS, including fixes that HAQM has contributed back to the community.

HAQM EKS Distro does not include the official Kubernetes network, storage plugins, or AWS Identity and Access Management (IAM) authenticator. EKS Distro includes the Kubernetes components required to work in all environments, not all the components for every environment.

HAQM EKS Distro provides the same upstream versions of Kubernetes and dependencies tested by OS vendors and confirmed to work with Kubernetes. As a result, EKS Distro works with common operating systems already used to run Kubernetes clusters, such as CentOS, Canonical Ubuntu, Red Hat Enterprise Linux, Suse, and more. EKS Distro is tested with select vendors to ensure support on Bottlerocket, HAQM Linux 2 (AL2), and Canonical has tested EKS Distro for compatibility with Ubuntu. AWS continues to work with partners to expand the vendors which have qualified EKS Distro as compatible with their operating system.

New version releases of HAQM EKS Distro will be aligned with HAQM EKS version lifecycle, and will be posted on the same day or soon after HAQM EKS. Alignment with HAQM EKS is necessary in order for EKS Distro releases to follow the same release qualification of Kubernetes versions and third-party dependencies, and ensures your clusters are created using the same component versions tested by HAQM EKS to confirm reliability and updated security patches.

You can subscribe for notifications when new versions are available, eliminating the need to track version releases for Kubernetes and each dependency. You will be able to leverage HAQM Simple Notification Service (SNS) for event-driven triggers to begin workflows to adopt new EKS Distro versions.

Yes. HAQM EKS Distro provides extended maintenance of critical Kubernetes security patches by patching previous versions of Kubernetes, including versions no longer supported by the open-source Kubernetes community. Community support for previous Kubernetes versions includes the last three releases (nine months), but with EKS Distro, you can receive security patching of Kubernetes versions aligned with the HAQM EKS Version Lifecyle Policy of the last four versions plus 60 days (14 months).

No. HAQM EKS Distro only provides builds and dependency updates (for example, CoreDNS and etcd) in alignment with Kubernetes version and point releases for which HAQM EKS provides support.

You will be provided the build environment flags and source code links for each binary, which will confirm you are using reproducible builds. AWS will provide the Kubernetes source code, patches used at build time, tools, and build time options including timestamps. Once built, you can verify that the published EKS Distro version hashes match what you compile. GitHub documentation and versioning will let you review the difference between builds for verification.

In order to provide a trusted reproducible build, you need to trust the supply chain and compilation of the build tooling. HAQM EKS Distro build jobs will be run using the suggested upstream Kubernetes CI and build infrastructure, so you can use the same process. Components, like CoreDNS, will be packaged in containers using HAQM Linux2. Publishing our process and tooling will also serve as an audit trail of the tooling supply chain going forward to support this process.

HAQM EKS Distro is aligned with HAQM EKS versions and components, and is supported by the HAQM EKS operations dashboard. EKS Distro also provides copies of builds in HAQM S3 and ECR for developers creating Kubernetes clusters on AWS. EKS Distro has been tested for use with HAQM Linux 2, Bottlerocket, and AWS Outposts. EKS Distro will support ECR Public repositories as a secure, fast source for you to download EKS Distro for use within AWS Regions or on premises.

AWS is committed to maintaining this open-source project, engaging the community, and triaging issues. AWS will review and respond to issues customers submit, but fixes or patches will be on a best effort basis. Partners will receive support through the HAQM Partner Network program to enable their HAQM EKS Distro adoption, access to artifacts and tooling, documentation, and issues with producing reproducible builds. Customers that adopt EKS Distro through partners and systems integrators will receive support from those providers.

Get started building with HAQM EKS Distro on GitHub. Also learn more about AWS Partners for HAQM EKS Distro.

Other things go here