Amazon has launched the general availability of the EKS Hybrid Nodes gateway, designed to streamline pod-to-pod networking between cloud-based EKS clusters and remote hybrid nodes on on-premises infrastructure. This eliminates the need for complex network reconfiguration and enhances reliability and observability for hybrid Kubernetes deployments.
- Automates pod routing across cloud and on-premises EKS clusters without complex networking changes
- Deploys gateway pods with built-in high availability across multiple AWS Availability Zones
- Integrates with AWS managed services to extend observability and load balancing to hybrid nodes
Infrastructure signal
The Amazon EKS Hybrid Nodes gateway leverages the Cilium CNI’s VXLAN Tunnel Endpoint feature to create encrypted tunnels between cloud-hosted EC2 gateway nodes and on-premises Kubernetes nodes. This infrastructure enhancement removes the need for customers to implement complicated BGP routing or modify existing on-premises network topologies, which often include overlapping IP address issues. By managing VXLAN tunnels and dynamically updating VPC route tables, the gateway ensures efficient and consistent pod traffic routing.
The gateway runs in an active-standby configuration using Kubernetes Lease objects for leader election, with pods deployed across separate EC2 instances and ideally across different Availability Zones to maximize fault tolerance. This setup maintains synchronized VXLAN tunnel states and forwarding tables, ensuring network resilience and rapid failover without disruption. Overall, this architecture reduces cloud operational costs related to manual network management and risks associated with hybrid network outages.
Developer impact
Developers and platform engineers benefit from abstracted hybrid networking complexities, allowing them to focus more on application modernization rather than maintaining network connectivity. The gateway automates pod-to-pod communication across cloud and on-premises environments, streamlining developer workflows by eliminating previous bottlenecks caused by cross-team network coordination and infrastructure configuration.
Additionally, standard AWS managed services such as Application Load Balancers and Amazon Managed Service for Prometheus can seamlessly interact with remote pods on hybrid nodes, improving deployment flexibility and observability integration. This unified networking allows developers to deploy, monitor, and scale applications uniformly across distributed environments, reducing friction in hybrid cloud development cycles.
What teams should watch
Network operations and Kubernetes platform teams should monitor the deployment configuration and capacity planning for the gateway pods, ensuring they run in separate fault domains and across Availability Zones to maintain high availability. Teams must deploy the AWS-maintained Cilium build with the specific CustomResourceDefinition (CiliumVTEPConfig) to enable gateway registration and VXLAN tunnel management.
Observability and reliability teams will want to incorporate monitoring around the gateway pods and VXLAN tunnel status to detect potential failover events and network anomalies early. As the gateway evolves and adoption grows, teams should track AWS updates for enhancements or integration with other networking features, adapting their hybrid cloud strategies accordingly.