Container Security Maturity Model – Understand your security needs at every stage of the container journey Download eBook
{ .link_text }}

EKS vs GKE vs AKS - May 2020 Update

In February, we published an article providing side-by-side comparison between the managed Kubernetes offerings of the three largest cloud providers: Amazon’s Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE). The Kubernetes ecosystem changes rapidly, as do the feature sets of these managed platforms. This post covers important updates to these services made since our original comparison and our April update.

Kubernetes Version Support Matrix

VersionAKSEKSGKEKubernetes
1.18X
1.17previewRapid ChannelX
1.16XXRapid ChannelX
1.15defaultdefaultX
1.14XXdefault
1.13deprecated

Azure Kubernetes Service

Node Pool Modes

AKS node pools now use “modes.” A node pool can either be a “system” or “user” node pool. AKS now requires clusters to have at least one system node pool, which must contain Linux nodes only, for use by cluster services like CoreDNS. Users can schedule their production application workloads on “user” nodes or on “system” nodes when the cluster only has only one node pool.

Node pool modes use node labels to separate nodes optimized for higher application performance from those nodes suitable for critical but steady workloads needed for cluster overhead.

Features Now Generally Available

The following features graduated from Preview to GA.

Kubernetes-native security: what is it and why it matters

Download this ebook to learn why a Kubernetes-native approach to protecting your containerized applications provides the most comprehensive security in Kubernetes environments

Download Now

Amazon Elastic Kubernetes Service

Kubernetes version 1.16 Support

EKS clusters now support Kubernetes version 1.16. New clusters now default to Kubernetes version 1.16. Support for version 1.13 is now deprecated and will be removed on June 30.

AWS Fargate PTRACE Support

AWS Fargate version 1.4 offers some new features, most notably support for the Linux CAP_SYS_PTRACE kernel capability, which allows kernel-level monitoring of container process system calls and memory usage. Enabling this capability allows more advanced monitoring and debugging of processes executed in Fargate containers. EKS supports using Fargate for ‘nodeless’ pod deployments.

Fully Private Managed Node Group Networking

Previously, nodes in EKS managed node groups all had public IP addresses, whether or not they were in private VPC subnets and the EKS cluster had a private API endpoint in the VPC. This requirement conflicted with many common best practices for node security, because it increased the possibility of exposing nodes to network attacks and their exploitability if infiltrated, and it also forced node-to-API server traffic to leave the VPC network. EKS has now removed that requirement, allowing managed node groups in new clusters to use private IP addressing only.

AWS Console Improvements for EKS

A redesign of the web-based AWS Console user interface for EKS streamlines and simplifies cluster creation and management.

Google Kubernetes Engine

Kubernetes Version 1.17 Moves To Rapid Channel

Support for Kubernetes version 1.17 graduates to the Raid Release (beta) channel. Previously, version 1.17 was only available in limited preview.

Control Plane Pricing Change

Beginning June 6, GKE control planes will incur a charge of US $0.10 per cluster per hour, with a financially-backed Service Level Agreement(SLA) and one free zonal cluster control plane per billing account. Currently, control planes are free but the SLA is best-effort.

Master Global Access for Private Clusters (Beta)

Previously, the Kubernetes API endpoint of clusters configured to use private networks was only accessible within the same Google Cloud region. This new feature, now in beta release, allows optional access from other GCP regions or connected on-premises environments.

Windows Support Now Generally Available

GKE now fully supports Windows nodes and containers.