Skip to content

ECS to Kubernetes

ECS Fargate to Kubernetes conversion

The specctl tool needs to connect to an AWS account with the ECS cluster and associated services and task definitions. To use the tool, your AWS user account and role will need read access for the below resources such as ECS service, task definition, ALB, listener, listener rules, target group, SSM Parameter Store, and/or AWS Secrets Manager.

  • ECS service is converted to Kubernetes Deployment and Kubernetes Service objects.
  • ECS task definition is converted to Kubernetes Pod specification.
  • When ECS tasks have references to SSM Parameters or AWS Secret Manager Secrets in container definitions, those values are extracted and converted to ConfigMap for SSM Parameter simple strings amd to Kubernetes Secrets for SSM Parameter SecureString or AWS Secret Manager. The configMapKeyRef and secretKeyRef is setup for the pod specific appropriately to refer to the generated ConfigMaps and Secrets.
  • ECS service can be using a load balancer. In this case, generated Kubernetes service is set to type LoadBalancer, and an ALB Ingress resource is also generated. The tool will read ALB, listener, and target group details to generate the Ingress resource.
  • ECS service can have a service discovery namespace in CloudMap. For example, orders.ecommerce.prod, orders is ECS service and ecommerce.prod is the CloudMap namespace. The tool will use the first "." delimiter of CloudMap to create a Kubernetes namespace resource. So, ecommerce will be generated as the Kubernetes namespace. The remaining "." entries from ECS CloudMap namespace are discarded since Kubernetes namespaces can't have "." in. You may need to manually adjust the reference to service endpoints as per above conversion. For e.g. if ui service was using orders.ecommerce.prod in ECS to discover the orders service, then it will need to use orders.ecommerce or orders.ecommerce.svc.cluster.local