The Total Package: Production Ready EKS – Stable. Resilient. Reliable.

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service that makes it easier to run Kubernetes on AWS and on-premises. However, launching your EKS cluster on the cloud doesn’t mean it’s ready for production. Since many necessary components are not provided out-of-the-box as part of the cluster deployment, getting started with EKS can sometimes be challenging, error-prone, and time-consuming.

With Production Ready EKS, TeraSky has bundled the necessary AWS features that address production needs, packaging them together, and ensuring a stable, resilient, and reliable EKS deployment that leverages our experience and knowledge to save time and avoid failures in production. Our solution provides deployment of production-ready Kubernetes environments based on AWS EKS and the AWS ecosystem, following industry standards and best practices.

Every Production Ready EKS deployment includes everything you need to ensure your EKS is production-ready. This includes Kubernetes cluster based in EKS as well as tooling, add-ons, and initial CI/CD/GitOps infrastructure integrated with the EKS environment.

Here are the tools that TeraSky’s Production Ready EKS leverages for each aspect needed to make an environment production ready:

Kubernetes Infrastructure

• AWS EKS – A managed service that makes it easy to use Kubernetes on AWS without needing to install and operate the Kubernetes control plane.
• AWS ECR – A fully managed container registry that makes it easy to store, manage, share and deploy container images and artifacts anywhere.
• Karpenter – Automatically launches the precise compute resources to handle the cluster’s applications. Karpenter is designed to take full advantage of the cloud with fast and straightforward compute provisioning for Kubernetes clusters.
  • Reloader – A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet, and DeploymentConfig.

Observability

• AWS Managed Prometheus – A fully managed Prometheus-compatible monitoring service that makes it easy to monitor containerized applications securely and at scale.
• AWS Managed Grafana – A fully managed Grafana service that is scalable, secure, and highly available. Using Amazon Managed Grafana makes it possible to analyze, monitor, and alarm on metrics, logs, and traces across multiple data sources.
• AWS Managed OpenSearch – A managed service that makes it easy to perform interactive log analytics, real-time application monitoring, a website search, and more. OpenSearch is an open-source, distributed search and analytics suite derived from Elasticsearch.
• Fluent-Bit – Fluent Bit is a super fast, lightweight, and highly scalable logging and metrics processor and forwarder. It is the preferred choice for cloud and containerized environments.
• AWS X-Ray – A tool that makes it easy for developers to analyze the behavior of their distributed applications by providing request tracing, exception collection, and profiling capabilities.

Storage and Data Protection

• AWS S3 – An object storage service that offers industry-leading scalability, data availability, security, and performance.
• AWS EBS CSI – The Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver allows Amazon Elastic Kubernetes Service (Amazon EKS) clusters to manage the lifecycle of Amazon EBS volumes for persistent volumes.
• AWS EFS CSI – The Amazon EFS Container Storage Interface (CSI) driver provides a CSI interface that allows Kubernetes clusters running on AWS to manage the lifecycle of Amazon EFS file systems.
• AWS FSx CSI – The FSx for Lustre Container Storage Interface (CSI) driver provides a CSI interface that allows Amazon EKS clusters to manage the lifecycle of FSx for Lustre file systems.
• Velero – An open-source tool to safely back up and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes.

Networking

• AWS Load Balancer Controller – A controller to help manage Elastic Load Balancers for a Kubernetes cluster. It is also used as an Ingress controller.
• AWS VPC CNI – Networking plugin repository for pod networking in Kubernetes using Elastic Network Interfaces on AWS.
• AWS Route 53 – A highly available and scalable cloud Domain Name System (DNS) web service.
• External DNS – Allows the control of DNS records dynamically via Kubernetes resources in a DNS provider-agnostic way.
• AWS App Mesh – Standardizes how microservices communicate, giving end-to-end visibility and helping to ensure high availability for applications.

CI/CD and GitOps

• FluxCD – A set of continuous and progressive delivery solutions for Kubernetes that are open and extensible.
• AWS CodeCommit – A fully managed source control service that allows companies to host secure and highly scalable private Git repositories. CodeCommit eliminates the need to operate the source control system or worry about scaling its infrastructure.

Secret Management

• AWS Secrets Manager – Helps protect access to applications, services, and IT resources. Easily rotate, manage and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
• Secrets Store CSI – Integrates secrets stores with Kubernetes via a Container Storage Interface (CSI) volume.

Certification Management

• AWS Certificate Manager – A managed service that helps easily provision, manage, deploy, and renew SSL/TLS certificates.
• Cert Manager – Adds certificates and certificate issuers as resource types in Kubernetes clusters and simplifies obtaining, renewing, and using those certificates.

Security

• AWS IAM – you are able to integrate K8s RoleBinding with Roles created with AWS IAM to manage the control Plane. We can also integrate it with AWS IAM analyzer to validate your following the least privileged best practice on all users managing your EKS cluster
• AWS KMS – by enabling secrets encryption, the Kubernetes secrets are encrypted using the AWS KMS key that you select.
• AWS ECR image scanning – By integrating AWS ECR with AWS Inspector, you are able to get enhanced scanning on all images inside your ECR Private repositories
• AWS GuardDuty – GuardDuty EKS Protection enables Amazon GuardDuty to detect suspicious activities and potential compromises of your Kubernetes clusters within Amazon Elastic Kubernetes Service (Amazon EKS).
• Calico add-on – With Calico network policy enforcement, implement network segmentation and tenant isolation on the Kubernetes cluster.
• OPA Gatekeeper – The Open Policy Agent (OPA) Gatekeeper project can be leveraged to help enforce policies and strengthen governance in a Kubernetes environment.

If you’re ready to implement EKS and want to be sure your deployment is production-ready, TeraSky is here to help. Reach out to learn more about Production Ready EKS.