Components

notops managed (create, update, delete) the following components. Some are optional, and marked as such.

AWS

1. VPC: the AWS VPC which acts as the networking boundary for everything.

2. EKS cluster

3. Private subnets: this is where all of your workloads will be deployed. All the services running on your Kubernetes cluster. One or more subnets will always be created to deploy the workloads. The default is to deploy two subnets in two different availability zones

4. Public subnets: At least one public subnet (connected to an Internet Gateway) will be created. The default is to create two public subnets, in two different availability zones

5. NAT Gateways: One or more NAT Gateways may be created depending on the configuration. Defaults to one NAT Gateway per availability zone.

6. Internet Gateways: One Internet Gateways (IGW) is created so that public internet traffic can reach the services you (optionally) expose. Attached to the VPC

7. Load Balancer: connected to the Istio Ingress Gateway to provide ingress for any services you want to expose publicly. Defaults to creating a Network Load Balancer.

8. Certificate Manager Certificate: Optional. if public routing is enabled, we can also create a cert for you

9. Route53 Zone: Optional. If public routing is enabled, a Route53 zone for it will be created if the configuration enables it

   1. Route53 Records: If zone-creation is enabled, depending on configuration, we would also create one or more records in that zone.

10. Route Tables

    1. A single route table shared across all public subnets

    2. A route-table per AZ for private subnets

11. EKS Add Ons. We install and manage the following

    1. Amazon VPC CNI Plugin. See

    2. CoreDNS. See

    3. Kube-proxy. See

    4. Amazon EBS CSI Driver. See

12. Cloudwatch Log Group: A log group gets created for storing

Kubernetes

3. 1. An Ingress Gateway: An Istio Gateway is created to route all the traffic coming into the cluster.