Managing Kubernetes with AWS EKS

Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that makes it to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane. Amazon EKS automatically manages the availability and scalability of the Kubernetes control plane nodes that are responsible for starting and stopping containers, scheduling containers on virtual machines, storing cluster data, and other tasks. Amazon EKS automatically detects and replaces unhealthy control plane nodes for each cluster. 

Xtremax using EKS on several AWS project to manage customer environment that are using kubernetes. During the post deployment process, our manage service team will optimize the current environment to reach the optimum capability. In order to optimize the use, system engineer will set 1 EKS for services all environments that require containers service. 

 

The General Procedure 

 

EKS Architecture 

 

The diagram above is one of our dev environments for EKS, similar with the production and staging environment with some adjustment. On the diagram we run EKS to run our kubernetes system, there several services running on that EKS. In short, every request will come through the ALB, then fowarded into the EKS itself. Within the same environment, we also have some AWS services that are part of the system such us Elastic Search and ECR. For the database it's created on different account following the requirement. 

Other than that, Xtremax have several points that are used to manage the AWS environment. 

  • Every project with all their resources will be under the project account except the pods 

  • Each project resources with be separated by account. Separated each other by account. 

  • Connectivity using transit gateway 

  • The code must support cross account IAM Role 

  • The code must support fine grain AWS IAM Role for container 

  • Maximize container binpacking for better resource utilization 

 

By following that procedure, in the manage service scope of work we are defining Xtremax responsibility and customer responsibility for the environment access. The scope is described on the table below: 

No. 

State 

Description 

PIC 

1. 

Network Setup 

All configuration related to networking such as VPC, subnet, routing 

Customer 

2. 

Developer Access 

Developer need access to the environment will request to Manage service team 

Xtremax Managed Service team 

3. 

Container Access 

Developer need access to the environment will request to Manage service team 

Xtremax Managed Service team 

 
In the actual operation, manage service team will help the customer to update the EKS configuration following the request. In addition, those activities only can be done using the local network that already registered to have the access on both production and staging environment.  

Get started on your AWS journey with us today. 

Contact Us