AWS Elastic Kubernetes Service Accelerator(EKSA): Modernizing Applications
Accelerate design and build AWS Cloud Platform following AWS Security Best Practices
October 3, 2024Federal and commercial customers seek to modernize their applications on AWS. They frequently request solutions that enable them to run environments anywhere (cloud and on-premises), maintain consistent environments (development, testing, production), implement Infrastructure as Code, achieve rapid deployment and scaling, secure workloads, and reduce maintenance overhead. These customer challenges can be effectively addressed through container migration. Invertsys has developed a Elastic Kubernetes Service Accelerator (EKSA)solution that automates EKS cluster deployment, manages add-ons, and enables deployment across multiple accounts using CI/CD while following AWS security best practices. Using this solution, customers can deploy EKS clusters and complete migration cutover within three months. Invertsys provides comprehensive documentation of reusable patterns, including cluster deployment configurations and Helm templates, to facilitate future migrations efficiently.
AWS EKS Accelerator Benefits:
Automation: AWS EKS Accelerator automates the deployment of EKS clusters and add-ons across accounts, ensuring consistency and compliance across AWS regions.
Security: AWS EKS Accelerator uses AWS KMS for encryption, and all communication between nodes and EKS clusters remains private through secure networking.
Reduced Maintenance: AWS EKS Accelerator utilizes Karpenter to automatically update nodes with the latest Amazon Machine Images (AMIs). Updates can be scheduled for weekends, significantly reducing operational overhead.
AWS EKS Accelerator Design:
AWS EKS Accelerator Design:
- Deploy EKS Cluster in private subnets
- EKS Endpoint is accessible for private and public networks
- Communication between Node and EKS will be private
- Cluster is encrypted with KMS CMK
- Platform Admin Role for cluster access by platform admins
- Developer role with read-only access to cluster and admin access to namespace
- App Admin role for cluster access by app admins
- EKS Managed Nodes to install system addons
- Karpenter to Manage Application Nodes
- IAM roles
- Security groups for Nodes and accessing cluster from public
- Cluster Addons:
- CoreDNS
- – Kube-proxy
- – EKS-pod-identity-agent
- – VPC CNI (SNAT is false)
- EKS Addons
- AWS EBS CSI – Store persistent data in AWS EBS volumes
- AWS Load Balancer -mCreate AWS ALB, NLB, Ingress controller, and application routes
- Metrics Server – Monitor CPU and Memory of cluster
- CloudWatch metrics – Enable CloudWatch container insights and metrics
- External DNS – Manage records in Route 53
- Cert Manager – Add certificates to ALB
- Fluent Bit – Send pod logs to CloudWatch
- Secrets Manager – Read AWS Secrets Manager
- Argo CD – Automatically deploy the Contianers into EKS
- Leverage AWS CICD tools code build and code pipeline to deploy EKS cluster
AWS EKS Accelerator Installation and Configuration:
This repository contains EKS deployment code written in Terraform. The code deploys an EKS Cluster, EKS Managed nodes, EKS Add-ons, and Karpenter for node scaling.
- Follow these steps to deploy:
- Access the Invertsys EKS Accelerator
– Click on the provided link to access Invertsys EKS Accelerator repository ( Github Link to code repository – Click Here)
– Clone the repository to your preferred code repository - Set Up AWS Credentials
– Configure AWS STS credentials before proceeding - Deploy CI/CD Pipeline
– Navigate to the CICD folder in the repository
– Deploy the CI/CD infrastructure using Terraform
– Verify that CodePipeline is created successfully
– Update the CodePipeline configuration to point to your code repository - Execute Deployment
– Run the pipeline
– Review and approve after the plan stage
– Verify cluster deployment and test cluster access
Note: Working knowledge of is required to deploy the solution
– AWS Services
– AWS CLI
– Terraform
– DevOps tools
– AWS networking
– Amazon EKS
Next Step is Migration :
- Select applications to convert and prepare for migration to containers
- Document the application requirements, including:
– Storage needs
– Scaling parameters
– Secrets management
– Certificate management
– Other requirements - Containerize the application( Use multi stage docker and keep image size small) and push to AWS Elastic Container Registry (ECR)
- Create Helm templates to deploy the application into the cluster
- Verify the application and perform cutover to EKS.
Contact Information:
If you need help deploying the solution, we have a team of AWS professionals who can design your EKS Accelerator, deploy it, and educate your team. We have successfully deployed solutions and performed migrations for several customers. Please reach out to us directly at accelerators@inversys.com.
Happy Coding: Modernizing Applications
