🚀
latest
  • Overview
  • Quick start - Linux
  • Quick start - Docker
  • Guides
    • Configure Domain Nameservers
    • Verify SSL Certificate
    • Use Private Docker Registry
    • Deploy a Demo Application
  • Reference
    • Configuration
    • CLI Commands
    • IAM policy for the CLI
    • Components
  • FAQ
Powered by GitBook
On this page
  • AWS
  • Kubernetes
  1. Reference

Components

PreviousIAM policy for the CLINextFAQ

Last updated 1 year ago

notops managed (create, update, delete) the following components. Some are optional, and marked as such.

AWS

  1. VPC: the AWS VPC which acts as the networking boundary for everything.

  2. EKS cluster

  3. Private subnets: this is where all of your workloads will be deployed. All the services running on your Kubernetes cluster. One or more subnets will always be created to deploy the workloads. The default is to deploy two subnets in two different availability zones

  4. Public subnets: At least one public subnet (connected to an Internet Gateway) will be created. The default is to create two public subnets, in two different availability zones

  5. NAT Gateways: One or more NAT Gateways may be created depending on the configuration. Defaults to one NAT Gateway per availability zone.

  6. Internet Gateways: One Internet Gateways (IGW) is created so that public internet traffic can reach the services you (optionally) expose. Attached to the VPC

  7. Load Balancer: connected to the Istio Ingress Gateway to provide ingress for any services you want to expose publicly. Defaults to creating a Network Load Balancer.

  8. Certificate Manager Certificate: Optional. if public routing is enabled, we can also create a cert for you

  9. Route53 Zone: Optional. If public routing is enabled, a Route53 zone for it will be created if the configuration enables it

    1. Route53 Records: If zone-creation is enabled, depending on configuration, we would also create one or more records in that zone.

  10. Route Tables

    1. A single route table shared across all public subnets

    2. A route-table per AZ for private subnets

  11. EKS Add Ons. We install and manage the following

    1. Amazon VPC CNI Plugin. See

    2. CoreDNS. See

    3. Kube-proxy. See

    4. Amazon EBS CSI Driver. See

  12. Cloudwatch Log Group: A log group gets created for storing

Kubernetes

    1. An Ingress Gateway: An Istio Gateway is created to route all the traffic coming into the cluster.

: the primary component for declarative GitOps pull-based deployments

: for loading secrets from AWS Secrets Manager. You may use it to load secrets from other secret management systems like Hashicorp Vault

: for managing traffic for your services. Both inter-service (east-west traffic), as well as ingress/egress (north-south traffic)

: for dynamically managing the compute resources for the Kubernetes cluster in a cost-effective way

: for managing load-balancers automatically via Service type objects.

add-ons
AWS Docs
AWS Docs
AWS Docs
AWS Docs
EKS control-plane logs
Argo CD
External Secrets
Istio
Karpenter
AWS Load Balancer Controller