Managed Cloud Providers
Key Takeaways for AI & Readers
- Managed Control Plane: Cloud providers (EKS, GKE, AKS) manage the API Server, etcd, Scheduler, and Controller Manager — reducing operational overhead significantly.
- Provider Strengths: GKE leads in automation and ease of use (Autopilot mode), EKS in AWS ecosystem integration and configurability, AKS in enterprise/Microsoft ecosystem integration.
- Shared Responsibility: Providers ensure the Control Plane is healthy and available; you are responsible for worker nodes (unless using a managed node service), application security, RBAC, networking configuration, and workload management.
- Cost Structure: All three charge for the Control Plane (~$70-75/month for EKS/AKS, free for GKE Standard) plus compute costs for worker nodes.
While Kind, Minikube, and K3d are excellent for learning, production workloads run on Managed Kubernetes services from cloud providers. These services handle the hardest operational challenges — maintaining the Control Plane, etcd reliability, API Server availability, and Kubernetes version upgrades — so your team can focus on deploying and running applications.
Comparing the Big Three
Google GKE
The most advanced. Autopilot mode and best-in-class UI.
$ gcloud container clusters get-credentials
Amazon Elastic Kubernetes Service (EKS)
EKS is the most widely adopted managed Kubernetes service, largely because AWS has the largest cloud market share. It provides a managed Control Plane with deep integration into the AWS ecosystem.
Key Features
- Managed Control Plane: AWS runs the API Server and etcd across multiple Availability Zones
- Compute Options: EC2 instances, Fargate (serverless pods), and EKS Anywhere (on-premises)
- EKS Managed Node Groups: AWS handles node provisioning, AMI updates, and draining during upgrades
- IAM Integration: AWS IAM roles mapped to Kubernetes RBAC via IRSA (IAM Roles for Service Accounts)
- Networking: VPC-native networking via the AWS VPC CNI plugin (each Pod gets a real VPC IP)
- Add-ons: Managed versions of CoreDNS, kube-proxy, VPC CNI, and EBS CSI driver
Strengths
- Deepest integration with AWS services (ALB Ingress Controller, Secrets Manager, CloudWatch, ECR)
- Largest ecosystem of third-party integrations
- EKS Anywhere for hybrid on-premises clusters
- Karpenter (AWS-native node autoscaler) is best-in-class for rapid scaling
Considerations
- Pricing: $0.10/hour per cluster (~$73/month) for the Control Plane, plus EC2/Fargate compute
- Complexity: EKS has the steepest learning curve due to IAM, VPC networking, and Security Groups
- Upgrade model: You must manually initiate control plane and node group upgrades
# Create an EKS cluster using eksctl
eksctl create cluster \
--name production \
--region us-west-2 \
--nodegroup-name workers \
--node-type m5.large \
--nodes 3 \
--managed
Google Kubernetes Engine (GKE)
Kubernetes was born at Google, and GKE is often considered the most polished and advanced managed service. It offers the smoothest operational experience and the most automation.
Key Features
- Autopilot Mode: Google manages everything — nodes, scaling, security baseline, and resource optimization. You only define Pods.
- Standard Mode: You manage the node pools; Google manages the Control Plane
- Release Channels: Rapid, Regular, and Stable channels for automatic version management
- GKE Dataplane V2: Powered by Cilium/eBPF for high-performance networking and built-in network policy enforcement
- Multi-cluster: GKE Enterprise offers multi-cluster management, Anthos Service Mesh, and fleet-wide policies
Strengths
- Most automated upgrade and patching experience
- Autopilot eliminates node management entirely
- Best built-in security features (Workload Identity, Binary Authorization, Security Posture)
- Free tier for the Standard mode Control Plane (one zonal cluster per account)
- Fastest to get started —
gcloudCLI creates a cluster in one command
Considerations
- Pricing: Standard mode Control Plane is free (zonal) or $0.10/hour (regional). Autopilot charges per Pod resource request
- Regional lock-in: While Kubernetes is portable, GKE-specific features (Autopilot, Config Connector) create soft lock-in
- Less flexibility: Autopilot restricts privileged containers and host-path mounts by default
# Create a GKE Autopilot cluster
gcloud container clusters create-auto production \
--region us-central1 \
--project my-project
Azure Kubernetes Service (AKS)
AKS is the natural choice for organizations already invested in the Microsoft ecosystem. It offers strong integration with Azure Active Directory, Azure DevOps, and the wider Azure platform.
Key Features
- Free Control Plane: AKS does not charge for the Kubernetes control plane (unique among the big three)
- Azure AD Integration: Native Azure Active Directory authentication for cluster access
- Virtual Nodes: Serverless pods via Azure Container Instances (ACI) for burst workloads
- Windows Node Pools: First-class support for running Windows containers alongside Linux
- Azure Policy: Kubernetes governance integrated with Azure's policy engine (based on OPA/Gatekeeper)
Strengths
- Free Control Plane significantly reduces base cost
- Best Windows container support in any managed Kubernetes service
- Deep integration with Azure Monitor, Azure Key Vault, and Azure DevOps
- Azure Arc extends AKS management to on-premises and multi-cloud clusters
- Automatic node image upgrades
Considerations
- Pricing: Control plane is free; you pay for VM compute, networking, and storage
- Maturity: Some features lag behind GKE and EKS in release timing
- Networking complexity: Azure networking (VNet, NSGs, UDRs) adds configuration overhead
# Create an AKS cluster
az aks create \
--resource-group my-rg \
--name production \
--node-count 3 \
--node-vm-size Standard_D4s_v3 \
--enable-managed-identity \
--generate-ssh-keys
Feature Comparison Matrix
| Feature | EKS | GKE | AKS |
|---|---|---|---|
| Control Plane cost | $73/month | Free (zonal Standard) / $73 (regional) | Free |
| Serverless pods | Fargate | Autopilot | Virtual Nodes (ACI) |
| Node autoscaling | Karpenter / Cluster Autoscaler | Node Auto-provisioning / Cluster Autoscaler | Cluster Autoscaler / KEDA |
| Networking | AWS VPC CNI | GKE Dataplane V2 (Cilium) | Azure CNI / Kubenet |
| Identity | IRSA (IAM Roles for Service Accounts) | Workload Identity | Azure AD + Workload Identity |
| Windows containers | Supported | Supported | Best-in-class |
| Multi-cluster | EKS Anywhere | GKE Enterprise / Anthos | Azure Arc |
| Upgrade automation | Manual trigger | Release channels (auto) | Auto-upgrade option |
| GPU support | P4/V100/A100 | T4/V100/A100/TPU | N-series/A100 |
| Default CNI | AWS VPC CNI | Cilium (Dataplane V2) | Azure CNI |
| Market share | Largest | Second | Third |
The Shared Responsibility Model
Understanding what the provider manages and what you manage is critical:
Provider Manages
- Control Plane availability (API Server, etcd, Scheduler, Controller Manager)
- Control Plane scaling and patching
- etcd backups and disaster recovery
- Kubernetes version support and security patches
- Cross-AZ Control Plane redundancy
You Manage
- Worker Nodes: OS updates, security patches (unless using managed node groups or Autopilot)
- Application Security: Container images, vulnerability scanning, runtime security
- RBAC: Defining who can do what in the cluster
- Network Policies: Controlling traffic between Pods
- Secrets Management: Encrypting and rotating sensitive data
- Monitoring and Alerting: Setting up Prometheus, Grafana, or provider-native tools
- Backup: Application data, persistent volumes, Kubernetes manifests (GitOps)
- Cost Management: Right-sizing nodes, cleaning up unused resources
Choosing a Provider
Choose EKS if:
- Your organization is all-in on AWS
- You need maximum configurability and control
- You're running workloads with deep AWS service dependencies (S3, SQS, DynamoDB)
- You need on-premises Kubernetes (EKS Anywhere)
Choose GKE if:
- You want the smoothest operational experience
- You prefer automation over manual control
- You're building AI/ML workloads (GKE has TPU support)
- You want Autopilot to eliminate node management entirely
Choose AKS if:
- Your organization uses Azure AD and the Microsoft ecosystem
- You need first-class Windows container support
- Free Control Plane pricing is a significant factor
- You need Azure Arc for multi-cloud management
Multi-Cloud and Hybrid Strategies
Some organizations run Kubernetes across multiple providers for resilience or compliance. Tools that help:
- Cluster API (CAPI): Declarative cluster lifecycle management across providers
- Crossplane: Manage cloud resources from within Kubernetes
- ArgoCD / Flux: GitOps-based deployment to multiple clusters
- Istio / Cilium Mesh: Multi-cluster service mesh for cross-cluster communication
See Cluster API and Crossplane for details.
What's Next?
With an understanding of managed services, proceed to:
- Your First Deployment — Deploy an application on your cluster
- Pods — Learn the fundamental unit of computation
- Services — Understand how networking works in Kubernetes