Components
Last updated
Last updated
notops
managed (create, update, delete) the following components. Some are optional, and marked as such.
VPC: the AWS VPC which acts as the networking boundary for everything.
EKS cluster
Private subnets: this is where all of your workloads will be deployed. All the services running on your Kubernetes cluster. One or more subnets will always be created to deploy the workloads. The default is to deploy two subnets in two different availability zones
Public subnets: At least one public subnet (connected to an Internet Gateway) will be created. The default is to create two public subnets, in two different availability zones
NAT Gateways: One or more NAT Gateways may be created depending on the configuration. Defaults to one NAT Gateway per availability zone.
Internet Gateways: One Internet Gateways (IGW) is created so that public internet traffic can reach the services you (optionally) expose. Attached to the VPC
Load Balancer: connected to the Istio Ingress Gateway to provide ingress for any services you want to expose publicly. Defaults to creating a Network Load Balancer.
Certificate Manager Certificate: Optional. if public routing is enabled, we can also create a cert for you
Route53 Zone: Optional. If public routing is enabled, a Route53 zone for it will be created if the configuration enables it
Route53 Records: If zone-creation is enabled, depending on configuration, we would also create one or more records in that zone.
Route Tables
A single route table shared across all public subnets
A route-table per AZ for private subnets
EKS Add Ons. We install and manage the following
Amazon VPC CNI Plugin. See
CoreDNS. See
Kube-proxy. See
Amazon EBS CSI Driver. See
Cloudwatch Log Group: A log group gets created for storing
An Ingress Gateway: An Istio Gateway is created to route all the traffic coming into the cluster.
: the primary component for declarative GitOps pull-based deployments
: for loading secrets from AWS Secrets Manager. You may use it to load secrets from other secret management systems like Hashicorp Vault
: for managing traffic for your services. Both inter-service (east-west traffic), as well as ingress/egress (north-south traffic)
: for dynamically managing the compute resources for the Kubernetes cluster in a cost-effective way
: for managing load-balancers automatically via Service
type objects.