By
Ramesh Chandra – Lead, Infrastructure/Cloud Architect, Kyndryl
Nabarun Sen – Associated director, Cloud Automation, Kyndryl
Mayank Pratap Singh – Sr. Partner solution Architect, AWS
| Kyndryl |
 |
Managing the lifecycle of container orchestration within the cloud environment presents a multifaceted challenge. Customers need to address orchestration, deployment, scaling, high availability, security, compliance, monitoring, and cost management as they adopt containerization for deploying applications. This complexity can hinder their journey of application modernization and the delivery of value to their users.
There are several tools and framework available to address specific tasks to be done for Elastic Kubernetes Services (EKS) deployment . To give few example , there are tools and framework for scaling , cost management however there is lack of end to end solution for all aspects for EKS deployment. To address this challenge, Kyndryl offers Kyndryl Cloud-Native Solution (KCNS) for Elastic Kubernetes Services (EKS), a robust solution that combines the right AWS services, container orchestration add-ons, DevOps principles and Kyndryl managed services. By adopting this approach, customers can effectively manage the entire lifecycle of container orchestration and application modernization.
Kyndryl emphasizes an innovation focus, aiming to bridge skills gaps and empower customers to channel their energies toward innovation. Employing a deployment strategy grounded in Infrastructure as Code and DevOps principles, Kyndryl ensures the streamlined and effective deployment and management of the Amazon Elastic Kubernetes Service(EKS). Scalability and high availability are achieved through AWS tools such as AWS Autoscaling, Cluster Autoscaler and Karpenter, showcasing Kyndryl’s commitment to robust and resilient cloud solutions.
Kyndryl is an AWS Premier Tier Services Partner and global IT infrastructure services provider that is relentlessly innovating to help customers with cloud-native transformation and make the journey seamless. Kyndryl designs, builds, manages, and modernizes the complex, mission-critical information systems companies depend on every day.
This post explains how to simplify, optimize, and automate container orchestration and application modernization with Kyndryl Cloud Native Services (KCNS) for EKS (Elastic Kubernetes Service)
Solution overview
This section details the architecture of the solution as described below.
Figure 1 KCNS EKS Architecture
Implementing an efficient and tailored Amazon EKS solution begins with customer-driven cluster configuration, guided by the expert recommendations of KCNS EKS solutions. This involves specifying crucial details cluster configurations. The process further extends to creating Terraform variable files for seamless integration into GitHub Action Workflow, managed by DevOps engineers. Upon initiating the GitHub Action CI/CD pipeline, the EKS cluster deployment commences, resulting in the creation of a Multi AZ private EKS cluster with managed node groups and additional features for enhanced scalability, monitoring, backup, security, and managed services. Specifically for Security and Compliance, solution will use a comprehensive set of AWS services, including Amazon Guard Duty, AWS Security Hub, AWS Identity and Access Management(IAM), AWS Key Management Service(KMS), and KubeBench.
On top of the solution, Kyndryl’s managed services, offered through Kyndryl Cloud-native Solution (KCNS) for EKS, cover a wide range of aspects including cluster upgrades, monitoring and alerting, cost optimization, scaling policies, user administration, auditing, change and incident management. This comprehensive approach allows clients to experience operational efficiency as Kyndryl takes care of day-to-day maintenance, freeing up resources for strategic initiatives.
Key components of the solution are explained as below:
- Customer design EKS cluster configuration based on their requirements and guidelines provided by KCNS-EKS solutions. Example of cluster configurations details include: CIDR range for the VPC network, number of public and private subnets, number of NAT gateways, EKS Kubernetes version, encryption settings, and worker node details like instance type, size, and number.
- The DevOps engineer will create Terraform variable files based on EKS cluster configuration requirements. This files will be used by GitHubAction Workflow.
- The DevOps engineer run the GitHub Action CI/CD pipeline to deploy EKS Cluster.
- Upon the successful execution of GitHub Actions, the Multi AZ private EKS cluster with EKS managed node group and fargate created. Additional feature for scaling , monitoring , backup/restore , reporting , security and managed services are also configured. This unlocks the full potential of the EKS Cluster.
- The EKS cluster addon will be deployed to leverage the capabilities of AWS native services and their features.
- Kube proxy: It’s a network proxy that maintains network rules on nodes, allowing network communication between pods in an EKS cluster.
- Core DNS: A DNS server for Kubernetes clusters that provides service discovery and DNS-based pod communication.
- VPC CNI: The Amazon Virtual Private Cloud (Amazon VPC) Container Network Interface (CNI) plugin enables networking for pods in an EKS cluster within an amazon vpc.
- EFS CSI Driver: The Container Storage Interface (CSI) driver for Amazon EFS enables pods to use Amazon Elastic File System (EFS) as persistent storage.
- EBS CSI Driver: The Container Storage Interface (CSI) driver for Amazon EBS allows pods to use Amazon Elastic Block Store (EBS) volumes as storage.
- The KCNS EKS Monitoring solution will provide real-time monitoring, logging, and alerting capabilities for both the EKS cluster and applications.
- Amazon CloudWatch is a monitoring service that provides real-time monitoring and operational insights for AWS resources and applications.
- Container insight is a feature of Amazon CloudWatch that provides detailed visibility into the performance and health of containerized applications running on AWS.
- AWS Managed Prometheus is a fully managed monitoring service that automatically scales Prometheus workloads to handle the monitoring needs of your applications on AWS.
- AWS Managed Grafana is a fully managed service that makes it easy to create, publish, and share interactive dashboards and visualizations for monitoring your applications and infrastructure on AWS.
- The KCNS EKS scaling solution provides feature for scaling and high availability f to support the execution of application workloads.
- AWS EC2 Autoscaling is a built-in service that automatically adjusts the number of EKS nodes based on predefined policies.
- Karpenter is a flexible, high-performance Kubernetes cluster Auto scaler that helps improve application availability and cluster efficiency.
- Cluster Autoscaler is a Kubernetes component that automatically adjusts the size of a cluster’s node pool to accommodate changes in resource demands.
- The KCNS EKS Valero Cluster backup solution enables the functionality for cluster backup and restoration. This solution provides capabilities to back up the control plane and node groups in an Amazon EKS cluster
- KCNS EKS enhances security and compliance by enabling the following services for the EKS cluster.
- IAM roles for service account(IRSA) enables Kubernetes pods to assume IAM roles, enhancing security and access control for applications running on EKS.
- AWS Key management Service (KMS) is used to create and manage encryption keys, enhancing data security in various AWS services, including EKS.
- Amazon Guard Duty is a threat detection service that monitors AWS environments for security threats and suspicious activity.
- Kubebench is a security scanning tool for Kubernetes clusters, helping to identify security vulnerabilities and compliance issues.
- KCNS EKS reporting tools enable the visibility of security issues for EKS cluster.
- AWS Security Hub is a comprehensive security service that provides a unified view of security findings and compliance checks across an AWS environment, including EKS clusters.
- Fluent Bit is a log processor and forwarder that helps collect, parse, and send logs from various sources, including EKS clusters, for analysis and monitoring.
- AWS CloudTrail is a service that records API calls made on an AWS account, providing audit and traceability of actions and events within the account, including those related to EKS.
- KCNS EKS offers a comprehensive suite of below managed services
-
- EKS Patching and upgrade
- Monitoring and alerting
- Backup policies
- Cost optimization
- User administration
- Security and monitoring dashboards
- Change and Incident management
Key Features
The key features of the solution are as outlined below:
- Optimize the delivery and performance of container-based workloads on AWS EKS to minimize costs, complexity, time, and risk.
- With Kyndryl takes care of day-to-day maintenance, customer can focus on strategic initiatives.
- Enhance security posture by detecting threats with Amazon Guard Duty and identifying Centre of Internet Security (CIS) violations by Kubebench.
- Offers centralized reporting using the underlying AWS services. For example, monitoring with Amazon CloudWatch, Amazon Managed Prometheus and Grafana and Compliance finding from security hub.
- Augment networking capabilities with service mesh integration, load balancing, and traffic management – ensuring reliable and efficient communication between containers
- Adopt an automation-first approach using Infrastructure as Code (IaC) to reduce time spent on workload provisioning, onboarding and operations – enabling rapid deployments and maintenance
- Simplify day-to-day operations with Kyndryl Cloud Native Services (KCNS) for EKS
- Provide tailored solutions aligned to specific business needs, optimizing container workloads on AWS EKS to meet unique requirements
- Support seamless scalability, allowing containerized workloads to expand as demands grow
- Continually integrate the latest AWS EKS features and updates into services, ensuring customer benefit from advancements in orchestration
- Incorporates analytics tools to provide customers with detailed insights into their AWS EKS spending. This facilitates proactive cost management through recommendations for right-sizing resources, identifying unused capacities, and optimizing overall operational costs.
Benefits of the Solution
- Accelerate time to revenue: The automation-first approach reduces time spent on provisioning, onboarding, and operations, thereby enabling rapid application deployments and maintenance.
- Eliminates obstacles to rapid innovation: Simplifies integrations with pre-built assets and a framework that relies on AWS-native services
- Management of failures and notifications: Customers are notified of failures that occur in the configured services
- Seamless experience: AWS-native services, Kyndryl IP, and best practices are packaged to offer value to customers.
- Streamlined monitoring: Aggregate monitoring reports sourced from different AWS services such as Amazon CloudWatch, AWS Managed Prometheus, and Grafana offer organizations a consolidated and thorough perspective on the performance and well-being of their container workloads.
- Enhanced security: With SecOps posture and threat detection mechanisms in place, the solution ensures a high level of security for container-based workloads.
The KCNS EKS Solution offers a holistic approach to AWS EKS deployment, providing a comprehensive solution to address the various challenges organizations face. By adopting this Solution, customers can confidently advance their digital transformation initiatives, fully utilize the capabilities of AWS EKS, and deliver substantial value to their stakeholders.
KCNS employs an automation-first methodology using code assets that incorporate infrastructure as code (IaC) and DevOps practices. This solution accelerates cloud-based innovations to achieve transformational outcomes for end customers.
Kyndryl has expertise in cloud-native services for AWS and can assist customers in effectively building and managing AWS environments. Refer to these AWS blog posts to learn more about Kyndryl’s managed services
Kyndryl is an AWS Services Partner and IT infrastructure services provider that designs, builds, manages, and modernizes the complex, mission-critical information systems the world depends on every day.
Contact Kyndryl | Partner Overview
*Already worked with Kyndryl? Rate the Partner
*To review an AWS Partner, you must be a customer that has worked with them directly on a project.