Amazon Elastic Kubernetes Service (Amazon EKS) Hybrid Nodes, a new feature that allows you to connect your edge and on-premises infrastructure as nodes to cloud-based EKS clusters.
With Amazon EKS Hybrid Nodes, you can use Amazon EKS scale and availability in all the locations where your applications must operate, while also unifying Kubernetes administration across cloud and on-premises settings. You may save on-premises capacity for your workloads by using your current on-premises hardware and giving EKS authority over Kubernetes control plane management. You may implement uniform tools and operating procedures in both your on-premises and cloud environments by using Amazon EKS Hybrid Nodes.
In addition to Amazon EKS on AWS Outposts and Amazon EKS Anywhere, which previously launched, Amazon EKS Hybrid Nodes broadens it support for hybrid Kubernetes installations. Each of the EKS hybrid deployment options allows you to compare the management of physical components and Kubernetes.
Other Amazon EKS capabilities and integrations, such as Amazon EKS add-ons, Pod Identities, cluster access entries, cluster insights, and expanded Kubernetes version support, are available when you utilise Amazon EKS Hybrid Nodes to connect your on-premises and edge infrastructure to EKS clusters. For centralised monitoring, logging, and identity management, Amazon EKS Hybrid Nodes provide with built-in integrations with AWS services such as AWS Systems Manager, AWS IAM Roles Anywhere, Amazon Managed Service for Prometheus, Amazon CloudWatch, and Amazon GuardDuty.
Use Amazon EKS Hybrid Nodes to get started
To use Amazon EKS Hybrid Nodes, follow these instructions. Create an EKS cluster first, then define the subnets for your on-premises nodes and pods. Once your on-premises infrastructure has been configured with network connectivity and AWS Identity and Access Management (AWS IAM) rights, run the Amazon EKS Hybrid Nodes CLI (nodeadm) on each server that will be joining the cluster. The necessary networking components, such CoreDNS and Kube-proxy, are automatically deployed when hybrid nodes join your cluster. A compliant Container Network Interface (CNI) driver must be installed before your hybrid nodes are prepared to serve apps. Amazon EKS Hybrid Nodes are compatible with the Cilium and Calico CNI drivers.
Prerequisites
Before your on-premises infrastructure can become a hybrid node in your EKS cluster, you need to have the following requirements met:
- Utilising AWS Site-to-Site VPN, AWS Direct link, or another virtual private network (VPN) solution, you may link your on-premises environment to and from AWS via a hybrid network.
- A virtual private cloud (VPC) that has your virtual private gateway (VGW) or transit gateway (TGW) as the destination and routes for your on-premises node and, optionally, pod networks in its routing table
- Infrastructure can be either virtual or real computers.
- An operating system that works with hybrid devices
- Your hybrid nodes may be authenticated with the control plane using either AWS Systems Manager or AWS IAM Roles Anywhere.
- IAM roles for EKS clusters and EKS hybrid nodes
- Red Hat Enterprise Linux (RHEL) 8 and 9 or Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, or Amazon Linux 2023 can be used as the node operating system for your hybrid nodes. Although AWS does not support the operating systems themselves, it does facilitate the integration of hybrid nodes with various operating systems. You are in charge of managing and providing the operating system.
Create EKS cluster and enable hybrid nodes
To begin building your EKS cluster, navigate to the Amazon EKS interface. Turn on the CIDR blocks for your on-premises environments that you want to utilise for hybrid nodes in the Configure distant networks to allow hybrid nodes option in the Step 2 Specify networking screen.
Remote nodes’ and pods’ Classless Inter-Domain Routing (CIDRs) must be RFC-1918 IPv4 addresses; they cannot overlap with either the EKS cluster Kubernetes service CIDR or the VPC CIDR. Furthermore, there can be no overlap between the remote node and remote pod CIDRs. If you want to use webhooks on your nodes or if your CNI does not employ NAT for pod addresses once pod traffic exits your nodes, you must provide a pod CIDR block.
Additionally, you may use AWS CloudFormation, eksctl, and the AWS Comand Line Interface (AWS CLI) to establish an EKS cluster. Use the remote-network-config parameter to provide your remote node and, if desired, your remote pod CIDR blocks in order to allow your cluster for Amazon EKS Hybrid Nodes.
API or API_AND_CONFIG_MAP cluster access authentication modes need to be set up for your cluster. To allow nodes to join the cluster, create an Amazon EKS access entry for your EKS Hybrid Nodes IAM role.
Amazon EKS Hybrid Nodes login with the EKS cluster using temporary IAM credentials that are supplied by AWS IAM Roles Anywhere or AWS Systems Manager hybrid activations. You must either add certificates and keys to your nodes for usage with AWS IAM Roles Anywhere or build an AWS Systems Manager hybrid activation before connecting your on-premises nodes.
Connect your hybrid nodes to the EKS cluster
The Amazon EKS Hybrid Nodes can now be connected to your EKS cluster. To make it easier to install, configure, and register your hosts as hybrid nodes, you may utilise the Amazon EKS Hybrid Nodes CLI (nodeadm). When you perform the nodeadm install command, nodeadm installs the necessary IAM Roles Anywhere or AWS Systems Manager components automatically.
To create an image containing the components required to connect your server to an EKS cluster, you may either execute nodeadm install on each host that is currently running or as part of your operating system build pipelines.
$ nodeadm install 1.31 –credential-provider <ssm, iam-ra> {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Loading configuration”,”configSource”:”file://nodeConfig.yaml”} {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Validating configuration”} {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Validating Kubernetes version”,”kubernetes version”:”1.30″} {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Using Kubernetes version”,”kubernetes version”:”1.30.0″} {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Installing SSM agent installer…”} {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Installing kubelet…”} {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Installing kubectl…”} {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Installing cni-plugins…”} {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Installing image credential provider…”} {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Installing IAM authenticator…”} {“level”:”info”,”ts”:…,”caller”:”…”,”msg”:”Finishing up install…”}
On each host, create a nodeConfig.yaml file with the details needed to establish a connection to your EKS cluster. This nodeConfig.yaml example makes advantage of hybrid activations in AWS Systems Manager.
Your hybrid node has joined your EKS cluster if the previous command was successfully executed. You may use the kubectl get nodes command or the Amazon EKS interface to confirm this. It is necessary to install a suitable CNI before your hybrid nodes are marked as ready. See Install CNI for EKS Hybrid Nodes in the Amazon EKS User Guide for further information.
View and manage connected your hybrid nodes in EKS console
When the nodes are prepared, you may use the EKS interface to see your hybrid nodes and the resources that are operating on them.
Updating the software that runs on your hybrid nodes and maintaining them are your responsibilities. To upgrade Kubernetes versions and pull in the most recent patches and upgrades, you may update to the most recent version of the Amazon EKS Hybrid Nodes CLI. See the Amazon EKS User Guide’s Upgrade EKS Hybrid Nodes section for further information.
Currently accessible
With the exception of the AWS GovCloud (US) and China regions, all AWS regions now provide Amazon EKS Hybrid Nodes.
You pay for the hourly use of your EKS cluster and EKS Hybrid Nodes as you use them, with no minimum payments or prior obligations. For both standard and extended support, EKS clusters with your hybrid nodes cost the same per cluster per hour as EKS clusters with nodes operating on AWS Cloud. Additionally, there is an hourly cost per hybrid node vCPU for EKS clusters that contain your hybrid nodes. Use the Amazon EKS interface to test out EKS Hybrid Nodes.