AWS debuts EKS Capabilities with built-in GitOps for AI-scale Kubernetes

AWS rolls out EKS Capabilities to simplify Kubernetes operations as AI workloads surge

AWS announced Amazon EKS Capabilities, a managed set of Kubernetes-native tools wired directly into the EKS control plane. The goal is simple: remove toil for platform and operations teams while keeping developers productive as AI demand spikes.

"Developers spend 70% of their time today managing infrastructure," said Eswar Bala, director of container engineering at AWS. "EKS Capabilities flips that model. We take on the heavy lifting so they can focus on building."

What shipped

• Managed Argo CD: GitOps without running Argo yourself. AWS handles upgrades, patching, HA, and scaling.
• AWS Controllers for Kubernetes (ACK): Manage AWS resources through Kubernetes APIs. AWS operates the control plane integrations.
• Kubernetes Resource Orchestrator (KRO): Build reusable, opinionated resource bundles that stay fully native to Kubernetes.

These run inside AWS-owned service accounts. You use them; AWS maintains them.

Why ops teams should care

AWS reports GPU usage under Kubernetes is doubling year over year. Agentic workloads, multimodal inference, and GPU batch jobs need automation, scale, and reliable scheduling. This launch targets those needs while removing self-managed plumbing.

How your runbook changes

• GitOps operational burden shifts to AWS: No more running Argo CD clusters. Use your repos and pipelines; AWS manages the control plane pieces.
• Provision AWS via Kubernetes: ACK lets teams define cloud resources alongside app manifests. You get a single change surface, audit trail in Git, and fewer handoffs.
• Standardize with KRO: Ship curated blueprints (GPU nodes, networking, policies) as reusable bundles to keep clusters consistent across teams and regions.
• Identity simplified: IAM and SSO integrate via AWS Identity Center, making access and RBAC mapping cleaner.

Stack alignment for AI scale

• EKS Auto Mode: Automates GPU provisioning and rightsizing for AI jobs.
• Karpenter: Scales CPU and GPU fleets on demand, cutting waste and queuing.
• EKS Ultra Clusters: Up to 100,000 nodes for training and high-volume inference.
• Amazon Q integrations: AI-driven troubleshooting to compress ops tasks from days to minutes.

Security and governance notes

• Shared responsibility shift: AWS patches, upgrades, and validates compatibility for the managed components. You own config, policies, and safe rollout.
• Service accounts: Tools run under AWS-owned identities. Review boundaries, least privilege, and how RBAC maps to IAM.
• Compliance: Keep Git as the source of truth, enforce org policies in KRO bundles, and log changes through your SIEM.

Availability and pricing

Amazon EKS Capabilities is available now in commercial AWS Regions with no minimum fees. You pay for what you use.

Migrations and coexistence

• Argo CD: Plan repo and app migration from self-hosted to AWS-managed. Validate differences in SSO, secrets, and plugin support.
• ACK adoption: Start with noncritical resources (e.g., S3, SQS) before moving stateful or networking-critical components.
• KRO rollout: Pilot a small set of bundles (base cluster config, GPU queue, ingress) and scale out after review.

Risks to evaluate

• Feature parity: Check Argo CD plugin compatibility, CRD versions, and any org-specific extensions.
• Blast radius: Treat Git as prod. Protect default branches, enforce approvals, and add policy checks.
• SLOs and failure modes: Define SLOs for sync, drift detection, and recovery. Test regional outages and rollbacks.
• Quotas and rate limits: For ACK-heavy patterns, plan around API limits and backoff.

30-day adoption plan

• Week 1: Enable EKS Capabilities in a sandbox. Connect a Git repo. Deploy noncritical services with managed Argo CD.
• Week 2: Introduce ACK for a few AWS resources. Add policy checks (OPA/Kyverno) and SSO via AWS Identity Center.
• Week 3: Pilot KRO bundles for a GPU workload. Turn on Karpenter and EKS Auto Mode. Validate cost and queue times.
• Week 4: Define SLOs, run failover drills, document rollback paths, and prepare a staged production rollout.

The bigger picture

"Foundational model builders rely on Kubernetes," Bala said. Features like dynamic GPU allocation and scheduling depend on the maturity the ecosystem reached over the past decade. Kubernetes is becoming the default control plane for AI.

Bala also pointed to agent-oriented application patterns that will need stronger isolation and new orchestration boundaries. Generative AI is acting like a runtime, and it's converging with the container runtime.

What this means for operations

If you run EKS at scale, this is a chance to retire self-managed GitOps control planes, push infrastructure changes through Kubernetes APIs, and ship standardized blueprints without building your own orchestration layer. The work shifts from operating tools to curating policies, templates, and SLOs.

The message is clear: highly automated, container-native infrastructure will carry the next decade of AI. EKS Capabilities is AWS's bid to make that operationally simple.

Helpful resources

• Kubernetes documentation
• Argo CD docs

If your team needs structured upskilling for AI-centric ops, see practical learning paths by job role here: Complete AI Training: Courses by Job.