EKS vs GKE vs AKS – July 2020 Update
In February, we published an article providing a side-by-side comparison of the managed Kubernetes offerings from the three largest cloud providers: Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE). The Kubernetes ecosystem changes rapidly, as do the feature sets of these managed platforms. This post covers important updates to these services made since our original comparison and our April, May, and June updates.
Kubernetes Version Support Matrix
| Version | AKS | EKS | GKE | Kubernetes |
|---|---|---|---|---|
| 1.18 | preview | X | ||
| 1.17 | preview | Rapid Channel | X | |
| 1.16 | X | default | X | X |
| 1.15 | default | X | X | |
| 1.14 | X | X | default | |
| 1.13 | deprecated |
Azure Kubernetes Service
Kubernetes Version Changes Coming in July
AKS plans to make Kubernetes 1.17 support generally available (GA) beginning July 1, at which time support for new Kubernetes 1.14 clusters will be dropped. Kubernetes 1.16 will become the new default version for new AKS clusters.
Confidential Workloads (Preview)
Azure has released Confidential Workloads for AKS as a Preview feature. After signing up for Preview access, AKS users can create nodes that use the new DC-series Azure Virtual Machines. These machines use CPUs which provide secure hardware enclaves to protect workloads during execution.
Kubernetes-native security: what is it and why it matters
Download this ebook to learn why a Kubernetes-native approach to protecting your containerized applications provides the most comprehensive security in Kubernetes environments
Azure Monitor Support for Windows Container Log Collection (Preview)
Azure Monitor for containers now supports end-to-end monitoring for Windows workloads on AKS clusters with the addition of log collection for Windows containers.
Application Gateway Ingress Controller (Preview)
The Application Gateway Ingress Controller cluster add-on provides an interface to Azure Application Gateway load-balancer, allowing integration of AKS workloads with services running outside AKS clusters without additional routing layers.
User-Defined Cluster Egress Now GA
AKS now allows users to define an OutboundType user-defined route to use for all cluster egress traffic. By default, AKS clusters use a Standard Azure Load Balancer for egress traffic. This feature allows customers to use a custom proxy or security service to monitor or manage egress routing, such as Azure Firewall.
Custom egress routing must be selected at cluster creation time. Users must configure the alternate egress routes themselves if they are using the Standard Azure LB.
Amazon Elastic Kubernetes Service
AWS App Mesh Controller For EKS Now GA
Support for integrating EKS workloads with the AWS App Mesh is now generally available. AWS App Mesh allows users to create a service mesh spanning workloads hosted on multiple AWS compute platforms, including EC2, ECS, and now EKS.
Google Kubernetes Engine
Node Auto-Repair Now Enabled By Default
Starting with new GKE clusters created with Kubernetes 1.17, node pools have node auto-repair enabled by default. Users will still need to enable node auto-repair manually if they are upgrading their clusters and the node pools do not already use auto-repair.
Node auto-repair automatically detects nodes which are not functioning properly or have become unresponsive and attempts to repair or remove them from the cluster so they can be replaced with healthy nodes.
*** This is a Security Bloggers Network syndicated blog from The Container Security Blog on StackRox authored by The Container Security Blog on StackRox. Read the original post at: https://www.stackrox.com/post/2020/06/eks-vs-gke-vs-aks-july-2020-updates/
