In February, we published an article providing side-by-side comparison between the managed Kubernetes offerings of the three largest cloud providers: Amazon’s Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE). The Kubernetes ecosystem changes rapidly, as do the feature sets of these managed platforms. This post covers important updates to these services made since our original comparison and our April update.
Kubernetes Version Support Matrix
Azure Kubernetes Service
Node Pool Modes
AKS node pools now use “modes.” A node pool can either be a “system” or “user” node pool. AKS now requires clusters to have at least one system node pool, which must contain Linux nodes only, for use by cluster services like CoreDNS. Users can schedule their production application workloads on “user” nodes or on “system” nodes when the cluster only has only one node pool.
Node pool modes use node labels to separate nodes optimized for higher application performance from those nodes suitable for critical but steady workloads needed for cluster overhead.
Features Now Generally Available
The following features graduated from Preview to GA.
- Windows Server nodes and containers
- Private Link, to keep your cluster API endpoint and all node-to-API traffic in your Virtual Private Cloud
- Managed Identity, to automate and secure the Azure credentials needed by your AKS cluster’s control plane components
Kubernetes-native security: what is it and why it mattersDownload Now
Amazon Elastic Kubernetes Service
Kubernetes version 1.16 Support
EKS clusters now support Kubernetes version 1.16. New clusters now default to Kubernetes version 1.16. Support for version 1.13 is now deprecated and will be removed on June 30.
AWS Fargate version 1.4 offers some new features, most notably support for the Linux
CAP_SYS_PTRACE kernel capability, which allows kernel-level monitoring of container process system calls and memory usage. Enabling this capability allows more advanced monitoring and debugging of processes executed in Fargate containers. EKS supports using Fargate for ‘nodeless’ pod deployments.
Fully Private Managed Node Group Networking
Previously, nodes in EKS managed node groups all had public IP addresses, whether or not they were in private VPC subnets and the EKS cluster had a private API endpoint in the VPC. This requirement conflicted with many common best practices for node security, because it increased the possibility of exposing nodes to network attacks and their exploitability if infiltrated, and it also forced node-to-API server traffic to leave the VPC network. EKS has now removed that requirement, allowing managed node groups in new clusters to use private IP addressing only.
AWS Console Improvements for EKS
A redesign of the web-based AWS Console user interface for EKS streamlines and simplifies cluster creation and management.
Google Kubernetes Engine
Kubernetes Version 1.17 Moves To Rapid Channel
Support for Kubernetes version 1.17 graduates to the Raid Release (beta) channel. Previously, version 1.17 was only available in limited preview.
Control Plane Pricing Change
Beginning June 6, GKE control planes will incur a charge of US $0.10 per cluster per hour, with a financially-backed Service Level Agreement(SLA) and one free zonal cluster control plane per billing account. Currently, control planes are free but the SLA is best-effort.
Master Global Access for Private Clusters (Beta)
Previously, the Kubernetes API endpoint of clusters configured to use private networks was only accessible within the same Google Cloud region. This new feature, now in beta release, allows optional access from other GCP regions or connected on-premises environments.
Windows Support Now Generally Available
GKE now fully supports Windows nodes and containers.