AWS Partner Network (APN) Blog
Simplifying Amazon EKS Adoption With Comprinno’s Pre-Crafted Well-Architected EKS Package
By Pallavi Khopkar, CoE Manager – Comprinno
By Bhupali Tambekar, CTO – Comprinno
By Bala Mugunthan, Sr. Partner Solutions Architect – AWS
Comprinno |
As organizations increasingly embrace cloud-native architectures and containerization and embark on a modernization journey, Amazon Elastic Kubernetes Service (Amazon EKS) has emerged as a powerful solution for managing containerized applications.
Amazon EKS offers benefits such as scalability and resilience, and provides automatic scaling and high availability features. As a managed service, it frees users from managing the Kubernetes control plane and easily integrates with other AWS services, providing access to a robust ecosystem of tools and services for enhanced functionality.
However, the complexities involved in setting up an EKS environment can be daunting for many customers new to Kubernetes. Understanding concepts like pod scheduling, networking, and storage orchestration require a steep learning curve. Setup and management of multiple clusters, troubleshooting issues, gaining visibility into cluster performance, ensuring security, and setting up CI/CD pipelines may be challenging for customers who do not have much exposure to EKS.
Comprinno is an AWS Advanced Tier Services Partner and AWS Marketplace Seller with the Amazon EKS Service Delivery specialization that helps enterprises transform faster, modernizing their way of working through enterprise DevOps and cloud-native computing.
In this post, we will explore the architecture of a pre-crafted EKS solution and how customers can say goodbye to complexity and hello to simplicity.
Plug-and-Play Well-Architected EKS Package
Picture this: a carefully crafted Amazon EKS solution that customers can effortlessly deploy in their own environment. It’s like having a magic toolkit at your fingertips, ready to tackle integration hurdles, streamline cluster management, and grant you greater control over your infrastructure.
Comprinno’s solution provides a pre-crafted, well-architected EKS deployment package, encompassing best practices for cluster setup, pre-built CI/CD pipelines, observability, monitoring capabilities, alerting mechanisms, tracing tools, logging configurations, and infrastructure as code (IaC). The package includes environment setup, support for EKS version upgrades, assistance during go-live, and two weeks of post-production email-based support.
The diagram below shows the EKS package architecture that Comprinno deploys for its customers.
Figure 1 – Well-architected EKS package inclusions.
The pre-crafted well-architected EKS setup follows AWS best practices, ensuring a robust and scalable infrastructure. An EKS cluster with managed node groups is set up in private subnets in Amazon Virtual Private Cloud (VPC) spanning multiple Availability Zones (AZs).
The node groups are provisioned based on the customer’s specific requirements and availability preferences, utilizing a combination of Amazon EC2 Spot instances and/or On-Demand instances as per their needs. The worker nodes have routes to network access translation (NAT) gateways in each Availability Zone. Application Load Balancer (ALB) provides access to the exposed services.
The utilization of Amazon VPC container network interface (CNI) facilitates pod networking and integration with the VPC IP range. The maximum number of IP addresses that can be allocated to pods depends on the size and type of worker node instances. For instance, a c5.large instance has two vCPUs and allows for the allocation of up to 28 pods.
To enable efficient horizontal scaling of worker nodes, the Cluster Autoscaler with IAM Roles for Service Accounts (IRSA) is deployed. This allows for automatic adjustment of the cluster’s capacity based on demand, ensuring optimal utilization of resources. By employing IRSA, containers can access AWS Identity and Access Management (IAM) roles without the requirement of providing explicit secret credentials. This approach enhances security and simplifies the process of granting fine-grained permissions to containers within the EKS cluster.
AWS Load Balancer Controller is integrated with IRSA to enable load balancing and routing traffic to services running in the cluster.
Additionally, EBS CSI Controller and EFS CSI Controller are deployed for integration with Amazon Elastic Block Store (Amazon EBS) and Amazon Elastic File System (Amazon EFS), respectively. B0th are utilized to enhance the storage capabilities within an EKS cluster.
The EBS CSI Controller enables the dynamic provisioning and management of EBS volumes, offering scalable and reliable storage for stateful applications. The EFS CSI Controller facilitates the integration of Amazon EFS with EKS, allowing for the mounting of persistent volumes across multiple AZs, providing highly available and durable file-based storage for stateful workloads.
Application packaging involves the use of deployment files and Helm charts to streamline the deployment and management of applications. Deployment files, such as YAML or JSON, provide a declarative configuration that specifies the desired state of the application and its associated resources. These files define the containers, services, volumes, and other components required for running the application.
Helm charts, on the other hand, provide a higher-level abstraction for application packaging. They consist of a collection of files, including deployment templates, configuration values, and dependencies. Helm simplifies the process of deploying and managing complex applications by offering a standardized way to define, install, upgrade, and roll back releases.
Figure 2 – Well-Architected EKS Package Architecture.
Infrastructure Management
A pre-built CI/CD pipeline using AWS CodePipeline, AWS CodeBuild, Jenkins, and ArgoCD, streamlines the build and deployment process for customers. ArgoCD takes care of automated deployments in the cluster, versioning, and rollbacks. Amazon Elastic Container Registry (Amazon ECR) is integrated into the CI/CD pipeline, and the built-in capability of ECR to scan Docker images for known vulnerabilities is leveraged so the pipeline proceeds to deployment only when no critical or high severity ECR reports show vulnerabilities.
Terraform is used as infrastructure as code (IaC) to deploy the EKS package, and Comprinno created a library of pre-defined templates to speed up customer deployment. IaC provides a consistent and reproducible method for infrastructure deployment. Configuration files can be version-controlled, allowing for easy tracking of changes and promoting collaboration among team members. This ensures the infrastructure is consistently deployed across different environments, reducing the risk of configuration drift.
By leveraging Terraform’s modular and scalable approach, customers can easily replicate setups and manage multiple environments while simplifying the process of infrastructure updates through planned analysis of changes.
Comprinno’s offering encompasses two environment setups, including quality assurance (QA) and production, enabling customers to test and deploy their applications efficiently. Support for in-place EKS version upgrades is provided, assisting customers in keeping their clusters up to date with the latest enhancements.
Observability
A comprehensive monitoring solution is set up utilizing Metrics Server, Prometheus, and Grafana. This combination provides customers with visibility into the performance and overall health of their EKS clusters. Additionally, an alerting system is established with Prometheus keeps customers informed about any issues or events occurring within their EKS clusters.
For effective troubleshooting and performance enhancement, tracing capabilities using AWS X-Ray are enabled, assisting customers in identifying and resolving application-related issues.
All application logs are shipped from EKS to Amazon Kinesis Data Firehose with the Fluent Bit log shipping tool. Fluen Bbit is deployed as Daemonset across all the nodes. Fluentbit ships the logs to Kinesis Data Firehose which forwards logs to Amazon OpenSearch Service. All AWS service metrics are aggregated to create a common Amazon CloudWatch dashboard. All application metrics are exposed using a Kubernetes dashboard.
Security Management
To ensure access control and security within AWS environments, IAM enables the creation of policies that define different levels of access for different job functions or roles within an organization. These policies are then attached to individual identities such as users, groups, or roles, implementing a role-based access control (RBAC) mechanism.
By employing RBAC, organizations can effectively manage and control access to AWS resources. Policies can be customized to grant or restrict permissions at a granular level, ensuring that each identity has the appropriate privileges to perform their assigned tasks while maintaining the principle of least privilege.
In addition to access control, the management of secrets is essential for secure application development and deployment. AWS Secrets Manager helps handle sensitive information such as application credentials, OAuth tokens, API keys, and other secrets throughout their lifecycle.
Calico plugins are employed to provide advanced networking and network security capabilities in Kubernetes clusters. They enable features such as network policy enforcement, network connectivity, and IP address management, ensuring secure and efficient communication between pods and nodes within the cluster.
Customer Benefits
- Comprehensive coverage: Comprinno’s solution includes a wide range of features and services that help customers set up and manage their Amazon EKS clusters, including best practices for cluster setup, standard EKS deployments, pre-built CI/CD, monitoring, alerting, tracing, logging, and IaC. This comprehensive coverage may require more work for customers to replicate.
- Cost: Creating an EKS setup from scratch can be costly, as it may require various tools and services. This solution offers competitive pricing compared to building a setup from scratch, helping customers save money on their EKS deployment and management.
- Time and effort: Setting up an EKS cluster can be time-consuming and require a significant amount of effort, especially for users who are new to Kubernetes. This solution can help customers save time and effort by providing a pre-crafted, well-architected EKS deployment package that includes all of the necessary components and configurations.
- Expertise and support: The solution is backed by a team of experts who can provide guidance and support to help customers get the most out of their EKS clusters. This can be especially helpful for customers who are new to EKS or who are facing challenges.
- Ease of use: Comprinno’s solution is designed to be easy to use, with features like pre-built CI/CD and IaC that help customers streamline their workflow and reduce the time and effort required to set up and manage their EKS clusters.
- Customization: Customers can customize certain aspects of their EKS setup to meet their specific needs and requirements. Customizations are included as the clients can cherry pick add-ons.
Conclusion
Comprinno’s pre-crafted well-architected EKS package offers a comprehensive solution to simplify the adoption of Amazon EKS. By addressing common challenges such as cluster complexity, integration difficulties, and limited control over infrastructure, this package provides customers with an efficient approach to deploying and managing EKS clusters.
With its inclusive features like monitoring, alerting, tracing, and logging setups, as well as environment setups, upgrade support, and post-production assistance, customers can confidently embrace EKS while ensuring optimal performance, scalability, and security.
You can learn more about Comprinno in AWS Marketplace.
Comprinno – AWS Partner Spotlight
Comprinno is an AWS Advanced Tier Services Partner that helps enterprises transform faster, modernizing their way of working through enterprise DevOps and cloud-native computing.