Skip to main content

Overview

Qovery integrates with Amazon Elastic Kubernetes Service (EKS) to provide managed Kubernetes deployments on AWS. Choose between Qovery-managed EKS (fully automated) or BYOK (bring your existing EKS cluster).

Deployment Options

Qovery-Managed EKS

Zero ConfigurationQovery creates and manages your EKS cluster in your AWS account. Automated setup, updates, and scaling.✅ Full automation ✅ 15-30 minute setup ✅ Best practices built-in ✅ Auto-scaling with Karpenter ✅ Spot instance support ✅ Graviton (ARM) support

Bring Your Own EKS (BYOK)

Full ControlConnect your existing EKS cluster to Qovery. You manage the cluster, Qovery manages deployments.✅ Use existing clusters ✅ Custom configurations ✅ Compliance requirements ✅ Multi-tenant setups ✅ Your cluster upgrade schedule

Features

  • Qovery-Managed
  • BYOK
What Qovery Creates:
  • EKS cluster (latest stable version)
  • VPC with public/private subnets
  • NAT Gateways for outbound traffic
  • Security groups and network ACLs
  • IAM roles and policies
  • Karpenter for auto-scaling
  • AWS Load Balancer Controller
  • EBS CSI driver for volumes
  • Cluster autoscaler
  • Metrics server
Auto-Scaling:
  • Karpenter for intelligent node provisioning
  • Supports On-Demand and Spot instances
  • Automatically right-sizes nodes
  • Fast scale-up (< 1 minute)
  • Cost-optimized instance selection
Networking:
  • VPC with /16 CIDR
  • Public subnets for load balancers
  • Private subnets for pods
  • NAT Gateways for internet access
  • VPC endpoints for AWS services
  • Network policies support
Security:
  • Private EKS endpoint option
  • Encryption at rest (EBS volumes)
  • Secrets encryption with KMS
  • IAM for service accounts (IRSA)
  • Pod security policies
  • Network policies

Supported Configurations

Instance Types

  • General Purpose
  • Compute Optimized
  • Memory Optimized
  • Spot Instances
T3/T3a (Burstable):
  • t3.medium, t3.large, t3.xlarge
  • Best for: Development, staging
  • Cost: $
M5/M6i (Balanced):
  • m5.large, m5.xlarge, m5.2xlarge
  • Best for: Production workloads
  • Cost: $$
M6g/M7g (Graviton ARM):
  • m6g.large, m6g.xlarge, m7g.large
  • Best for: Cost-optimized production
  • Cost: $$ (20% cheaper than Intel)

Kubernetes Versions

VersionStatusSupport End
1.29✅ RecommendedJan 2025
1.28✅ SupportedNov 2024
1.27✅ SupportedJul 2024
1.26⚠️ End of life soonMay 2024
1.25❌ End of lifeFeb 2024
Note: Qovery automatically upgrades clusters to supported versions

Regions

All AWS regions supported:
  • US East: us-east-1, us-east-2
  • US West: us-west-1, us-west-2
  • Europe: eu-west-1, eu-west-2, eu-west-3, eu-central-1, eu-north-1
  • Asia Pacific: ap-southeast-1, ap-southeast-2, ap-northeast-1, ap-northeast-2, ap-south-1
  • Others: ca-central-1, sa-east-1, af-south-1, me-south-1

Cost Breakdown

Qovery-Managed EKS

EKS Control Plane: 0.10/hour( 0.10/hour (~73/month)
  • Managed by AWS
  • Highly available across 3 AZs
  • Automatic version upgrades
  • Backed by AWS SLA
Worker Nodes (Example: 3x m5.large):
  • Instance cost: 0.096/hour×3=0.096/hour × 3 = 0.288/hour (~$210/month)
  • EBS volumes: ~$10/month
  • Data transfer: ~$10-50/month
Networking:
  • NAT Gateway: 0.045/hour×3AZs= 0.045/hour × 3 AZs = ~100/month
  • Load Balancer: ~$20/month
Total Example: ~$400-500/month for small production cluster Cost Optimization:
  • Use Spot instances (60-90% discount)
  • Use Graviton instances (20% cheaper)
  • Right-size instances with Karpenter
  • Use single NAT Gateway for dev/staging
  • Reserved instances for predictable workloads

BYOK

Your Costs:
  • EKS control plane: ~$73/month
  • Worker nodes: Based on your configuration
  • Networking: Your VPC and load balancers
  • Storage: Your EBS volumes
Qovery Cost:
  • Included in Qovery subscription
  • No additional cluster management fees

Setup Time

StepQovery-ManagedBYOK
AWS Account Setup5 minutesN/A
Cluster Creation20-30 minutesExisting cluster
Qovery Agent InstallationAutomatic10 minutes
First Deployment5 minutes5 minutes
Total~40 minutes~15 minutes

Security Features

Private Clusters:
  • EKS endpoint in private subnets only
  • No public access to Kubernetes API
  • Access via VPN or AWS PrivateLink
Network Policies:
  • Calico network policies
  • Pod-to-pod traffic control
  • Namespace isolation
Security Groups:
  • Minimal required access
  • Separate SGs for control plane and workers
  • Locked down by default
IAM Roles for Service Accounts (IRSA):
  • Fine-grained AWS permissions
  • No shared credentials
  • Automatic credential rotation
RBAC:
  • Kubernetes RBAC enabled
  • Namespace-level access control
  • Integration with AWS IAM
Audit Logging:
  • EKS control plane logging
  • CloudWatch Logs integration
  • API audit logs
At Rest:
  • EBS volume encryption with KMS
  • Secrets encryption with KMS
  • Custom KMS keys supported
In Transit:
  • TLS for all communication
  • Pod-to-pod encryption option
  • HTTPS load balancers
Secrets Management:
  • Kubernetes secrets encryption
  • AWS Secrets Manager integration
  • External Secrets Operator support
Certifications:
  • SOC 2
  • ISO 27001
  • HIPAA eligible
  • PCI DSS
Features:
  • Audit logs
  • Encryption at rest and in transit
  • Private clusters
  • VPC isolation

Integrations

AWS Services

RDS Databases

  • Automatic RDS provisioning
  • PostgreSQL, MySQL, MariaDB
  • Multi-AZ for high availability
  • Automated backups

S3 Storage

  • Bucket creation and management
  • IAM role for pod access
  • Lifecycle policies
  • Versioning and replication

Route 53 DNS

  • Automatic DNS record creation
  • SSL certificate automation
  • Health checks
  • Failover routing

ECR Registry

  • Private container registry
  • Image scanning
  • Lifecycle policies
  • Cross-region replication

Third-Party Tools

  • Datadog: Monitoring and APM
  • External Secrets: Secrets management
  • Cert-Manager: SSL certificates
  • ArgoCD: GitOps deployments

Best Practices

High Availability

  • Use multiple node pools
  • Spread across 3+ AZs
  • Mix of On-Demand and Spot
  • Pod disruption budgets

Cost Optimization

  • Use Spot instances (60-90% off)
  • Graviton instances (20% off)
  • Auto-scaling with Karpenter
  • Right-size node instances

Security

  • Private EKS endpoint
  • Enable audit logging
  • Use IRSA for pod permissions
  • Network policies

Monitoring

  • Enable CloudWatch Container Insights
  • Set up CloudWatch alarms
  • Use Qovery Observe
  • Consider Datadog for production

Troubleshooting

Common Issues:
  • AWS API rate limits
  • Insufficient IAM permissions
  • VPC CIDR conflicts
  • Service quota limits
Solutions:
  • Check AWS Service Quotas
  • Verify IAM permissions
  • Ensure no CIDR conflicts
  • Contact AWS support for quota increases
Common Issues:
  • Insufficient node capacity
  • Image pull errors
  • Resource limits too high
  • Node not ready
Solutions:
  • Check node autoscaling
  • Verify ECR/registry access
  • Review resource requests/limits
  • Check node status with kubectl
Common Causes:
  • Multiple NAT Gateways
  • Over-provisioned instances
  • Only On-Demand instances
  • High data transfer
Solutions:
  • Use single NAT Gateway for dev/staging
  • Enable Spot instances
  • Right-size with Karpenter
  • Use VPC endpoints for AWS services

Next Steps

Qovery-Managed EKS Setup

Set up automated EKS cluster

BYOK EKS Setup

Connect existing EKS cluster

AWS Installation Guide

Detailed AWS installation guide

EKS Anywhere

Deploy EKS on-premise