Components

notops managed (create, update, delete) the following components. Some are optional, and marked as such.

AWS

  1. VPC: the AWS VPC which acts as the networking boundary for everything.

  2. EKS cluster

  3. Private subnets: this is where all of your workloads will be deployed. All the services running on your Kubernetes cluster. One or more subnets will always be created to deploy the workloads. The default is to deploy two subnets in two different availability zones

  4. Public subnets: At least one public subnet (connected to an Internet Gateway) will be created. The default is to create two public subnets, in two different availability zones

  5. NAT Gateways: One or more NAT Gateways may be created depending on the configuration. Defaults to one NAT Gateway per availability zone.

  6. Internet Gateways: One Internet Gateways (IGW) is created so that public internet traffic can reach the services you (optionally) expose. Attached to the VPC

  7. Load Balancer: connected to the Istio Ingress Gateway to provide ingress for any services you want to expose publicly. Defaults to creating a Network Load Balancer.

  8. Certificate Manager Certificate: Optional. if public routing is enabled, we can also create a cert for you

  9. Route53 Zone: Optional. If public routing is enabled, a Route53 zone for it will be created if the configuration enables it

    1. Route53 Records: If zone-creation is enabled, depending on configuration, we would also create one or more records in that zone.

  10. Route Tables

    1. A single route table shared across all public subnets

    2. A route-table per AZ for private subnets

  11. EKS Add Ons. We install and manage the following add-ons

    1. Amazon VPC CNI Plugin. See AWS Docs

    2. CoreDNS. See AWS Docs

    3. Kube-proxy. See AWS Docs

    4. Amazon EBS CSI Driver. See AWS Docs

  12. Cloudwatch Log Group: A log group gets created for storing EKS control-plane logs

Kubernetes

  1. Argo CD: the primary component for declarative GitOps pull-based deployments

  2. External Secrets: for loading secrets from AWS Secrets Manager. You may use it to load secrets from other secret management systems like Hashicorp Vault

  3. Istio: for managing traffic for your services. Both inter-service (east-west traffic), as well as ingress/egress (north-south traffic)

    1. An Ingress Gateway: An Istio Gateway is created to route all the traffic coming into the cluster.

  4. Karpenter: for dynamically managing the compute resources for the Kubernetes cluster in a cost-effective way

  5. AWS Load Balancer Controller: for managing load-balancers automatically via Service type objects.

PreviousIAM policy for the CLINextFAQ

Last updated