By David Manners Posted on 19th September 2025 | Modified on 19th September 2025

AWS uses Raspberry Pi for EKS at the edge

AWS is showing how to implement Amazon EKS (Elastic Kubernetes Service) Hybrid Nodes using the Raspberry Pi 5.

In the cloud, an Amazon Virtual Private Cloud (Amazon VPC)  hosts the EKS cluster. Within this VPC, an EC2 instance acts as a gateway between the cloud environment and the on-premises edge network.

This EC2 instance establishes a secure site-to-site VPN tunnel, using WireGuard, to the Raspberry Pi 5, which serves as thevhybrid node. When the tunnel is established, traffic between the Raspberry Pi and the cloud is routed through the Wireguard Server running on Amazon EC2, extending the EKS cluster to the edge.


From the cluster’s perspective, the Raspberry Pi behaves just like any other node, despite being located outside the VPC. The resulting architecture looks like the following figure.


The managed Kubernetes control plane runs on AWS, providing the API server, etcd datastore, scheduler, and controller manager. In this walk through, we configure the Kubernetes control plane with public endpoint access, allowing our Raspberry Pi nodes to communicate with it over the internet.

AWS handles the operational complexity of securing and scaling the Kubernetes control plane for high availability, while you focus on your applications.

AWS runs a dedicated EC2 instance with WireGuard, which serves as a VPN gateway, creating a secure tunnel between AWS and the edge infrastructure. This server acts as the hub in a hub-and-spoke topology, enabling communication between the Amazon EKS control plane and our Raspberry Pi nodes for kubectl exec commands, log retrieval, and webhook operations.

The Raspberry Pi devices run the standard Kubernetes node components (kubelet, kube-proxy, and container runtime) along with the Amazon EKS Hybrid Nodes CLI tool (nodeadm). These nodes register with the EKS cluster through AWS Systems Manager, appearing as standard worker nodes in your cluster despite running on user-managed hardware.

The Raspberry Pi nodes initiate connections to the Amazon EKS control plane through the public internet. This includes API server communication for node registration, pod status updates, and resource requests. The public endpoint approach streamlines connectivity while maintaining security through AWS Identity and Access Management (IAM) authentication and TLS encryption.

You can read more on the AWS website.

David Manners

David Manners

David Manners has more than forty-years experience writing about the electronics industry, its major trends and leading players. As well as writing business, components and research news, he is the author of the site's most popular blog, Mannerisms. This features series of posts such as Fables, Markets, Shenanigans, and Memory Lanes, across a wide range of topics.

Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Copyright ©2026 Electronics Weekly |News|Products|Blogs - Owned by Emap, Southern House, CR0 1XG (020 39532600) Terms and Conditions Privacy policy