Amazon EKS on Amazon Outposts - Amazon EKS
When to use each deployment optionComparing the deployment options
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon EKS on Amazon Outposts

You can use Amazon EKS to run on-premises Kubernetes applications on Amazon Outposts. You can deploy Amazon EKS on Outposts in the following ways:

  • Extended clusters – Run the Kubernetes control plane in an Amazon Web Services Region and nodes on your Outpost.

  • Local clusters – Run the Kubernetes control plane and nodes on your Outpost.

For both deployment options, the Kubernetes control plane is fully managed by Amazon. You can use the same Amazon EKS APIs, tools, and console that you use in the cloud to create and run Amazon EKS on Outposts.

The following diagram shows these deployment options.

Outpost deployment options

When to use each deployment option

Both local and extended clusters are general-purpose deployment options and can be used for a range of applications.

With local clusters, you can run the entire Amazon EKS cluster locally on Outposts. This option can mitigate the risk of application downtime that might result from temporary network disconnects to the cloud. These network disconnects can be caused by fiber cuts or weather events. Because the entire Amazon EKS cluster runs locally on Outposts, applications remain available. You can perform cluster operations during network disconnects to the cloud. For more information, see Preparing for network disconnects. If you're concerned about the quality of the network connection from your Outposts to the parent Amazon Web Services Region and require high availability through network disconnects, use the local cluster deployment option.

With extended clusters, you can conserve capacity on your Outpost because the Kubernetes control plane runs in the parent Amazon Web Services Region. This option is suitable if you can invest in reliable, redundant network connectivity from your Outpost to the Amazon Web Services Region. The quality of the network connection is critical for this option. The way that Kubernetes handles network disconnects between the Kubernetes control plane and nodes might lead to application downtime. For more information on the behavior of Kubernetes, see Scheduling, Preemption, and Eviction in the Kubernetes documentation.

Comparing the deployment options

The following table compares the differences between the two options.

Feature Extended cluster Local cluster

Kubernetes control plane location

Amazon Web Services Region

 Outpost

Kubernetes control plane account

Amazon Web Services account

 Your account

Regional availability

 See Service endpoints

US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (London), Middle East (Bahrain), and South America (São Paulo)

Kubernetes minor versions

1.22 and later supported Amazon EKS versions.

1.22 and later supported Amazon EKS versions.

Platform versions

 See Amazon EKS platform versions See Amazon EKS local cluster platform versions

Outpost form factors

 Outpost racks Outpost racks

User interfaces

Amazon Web Services Management Console, Amazon CLI, Amazon EKS API, eksctl, Amazon CloudFormation, and Terraform

 Amazon Web Services Management Console, Amazon CLI, Amazon EKS API, eksctl, Amazon CloudFormation, and Terraform

Managed policies

 AmazonEKSClusterPolicy and AmazonEKSServiceRolePolicy AmazonEKSLocalOutpostClusterPolicy and AmazonEKSLocalOutpostServiceRolePolicy

Cluster VPC and subnets

 See Amazon EKS VPC and subnet requirements and considerations See Amazon EKS local cluster VPC and subnet requirements and considerations

Cluster endpoint access

 Public or private or both Private only

Kubernetes API server authentication

Amazon Identity and Access Management (IAM) and OIDC

IAM and x.509 certificates

Node types

 Self-managed only Self-managed only

Node compute types

Amazon EC2 on-demand

 Amazon EC2 on-demand
Node storage types

Amazon EBS gp2 and local NVMe SSD

Amazon EBS gp2 and local NVMe SSD

Amazon EKS optimized AMIs

 Amazon Linux, Windows, and Bottlerocket Amazon Linux only

IP versions

IPv4 only

IPv4 only

Add-ons

 Amazon EKS add-ons or self-managed add-ons Self-managed add-ons only

Default Container Network Interface

Amazon VPC CNI plugin for Kubernetes

 Amazon VPC CNI plugin for Kubernetes

Kubernetes control plane logs

Amazon CloudWatch Logs

Amazon CloudWatch Logs

Load balancing

 Use the Amazon Load Balancer Controller to provision Application Load Balancers only (no Network Load Balancers) Use the Amazon Load Balancer Controller to provision Application Load Balancers only (no Network Load Balancers)
Secrets envelope encryption See Enabling secret encryption on an existing cluster Not supported
IAM roles for service accounts See IAM roles for service accounts Not supported

Troubleshooting

 See Amazon EKS troubleshooting See Troubleshooting local clusters for Amazon EKS on Amazon Outposts

Topics