Amazon Elastic Kubernetes Service (EKS) is a AWS managed Kubernetes service that makes it possible to run Kubernetes without needing to install, operate, and maintain your own Kubernetes control plane. Amazon EKS Kubernetes automatically manages the availability and scalability of the control plane nodes that are responsible for starting and stopping containers, scheduling containers on virtual machines, storing cluster data, and other tasks. Amazon EKS automatically detects and replaces unhealthy control plane nodes for each cluster.
Xtremax uses EKS on several AWS projects to manage the customer environments that are using kubernetes. During the post deployment process, our manage service team will optimize the current environment to reach the optimum capability. In order to optimize the use, system engineer will set 1 EKS for services all environments that require containers service.
The General Procedure
EKS Architecture
The diagram above is one of our dev environments for AWS EKS, similar with the production and staging environment with some adjustment. On the diagram we run EKS to run our kubernetes system, there several services running on that EKS. In short, every request will come through the ALB, then fowarded into the EKS itself. Within the same environment, we also have some AWS services that are part of the system such us Elastic Search and ECR. For the database it's created on different account following the requirement.
Other than that, Xtremax have several points that are used to manage the AWS environment.
-
Every project with all their resources will be under the project account except the pods
-
Each project resources with be separated by account. Separated each other by account.
-
Connectivity using transit gateway
-
The code must support cross account IAM Role
-
The code must support fine grain AWS IAM Role for container
-
Maximize container binpacking for better resource utilization
By following that procedure, in the manage service scope of work we are defining Xtremax responsibility and customer responsibility for the environment access. The scope is described on the table below:
|
No. |
State |
Description |
PIC |
|
1. |
Network Setup |
All configuration related to networking such as VPC, subnet, routing |
Customer |
|
2. |
Developer Access |
Developer need access to the environment will request to Manage service team |
Xtremax Managed Service team |
|
3. |
Container Access |
Developer need access to the environment will request to Manage service team |
Xtremax Managed Service team |
In the actual operation, manage service team will help the customer to update the EKS configuration following the request. In addition, those activities only can be done using the local network that already registered to have the access on both production and staging environment.