Components
notops
managed (create, update, delete) the following components. Some are optional, and marked as such.
AWS
VPC: the AWS VPC which acts as the networking boundary for everything.
EKS cluster
Private subnets: this is where all of your workloads will be deployed. All the services running on your Kubernetes cluster. One or more subnets will always be created to deploy the workloads. The default is to deploy two subnets in two different availability zones
Public subnets: At least one public subnet (connected to an Internet Gateway) will be created. The default is to create two public subnets, in two different availability zones
NAT Gateways: One or more NAT Gateways may be created depending on the configuration. Defaults to one NAT Gateway per availability zone.
Internet Gateways: One Internet Gateways (IGW) is created so that public internet traffic can reach the services you (optionally) expose. Attached to the VPC
Load Balancer: connected to the Istio Ingress Gateway to provide ingress for any services you want to expose publicly. Defaults to creating a Network Load Balancer.
Certificate Manager Certificate: Optional. if public routing is enabled, we can also create a cert for you
Route53 Zone: Optional. If public routing is enabled, a Route53 zone for it will be created if the configuration enables it
Route53 Records: If zone-creation is enabled, depending on configuration, we would also create one or more records in that zone.
Route Tables
A single route table shared across all public subnets
A route-table per AZ for private subnets
Cloudwatch Log Group: A log group gets created for storing EKS control-plane logs
Kubernetes
Argo CD: the primary component for declarative GitOps pull-based deployments
External Secrets: for loading secrets from AWS Secrets Manager. You may use it to load secrets from other secret management systems like Hashicorp Vault
Istio: for managing traffic for your services. Both inter-service (east-west traffic), as well as ingress/egress (north-south traffic)
An Ingress Gateway: An Istio Gateway is created to route all the traffic coming into the cluster.
Karpenter: for dynamically managing the compute resources for the Kubernetes cluster in a cost-effective way
AWS Load Balancer Controller: for managing load-balancers automatically via
Service
type objects.
Last updated