Clusters are not cost-optimised. Redhat survey says 93% of clusters ran into vulnerability/security issues, but there was also another survey that says that most security issues happen due to human error.
This blog tries to tell how to remove human errors.
Agenda
Considerations before production-ready EKS clusters
Operational excellence
- not just around CICD, how to improve things, and how to monitor so that we have enough observability.
- need additional tools with operational efficiency.
Security
- It's Just not about pod security or network security, it's also about runtime security.
- How to provide the least privilege possible, and set up rbac controls.
Reliability
- Architected in such a way that clusters and pods are backed up and restored.
Performance efficiency
- Deals with load balancers
Cost optimisation
- There is a free marketplace add-on kubecost which provides lots of information, per pod, per namespace, per region
- Game changer to understand how k8s add up to your bill and what customers are paying for.
Note: just going to show cost not going to optimise
Customer need to install and manage operational tools to make their cluster production ready
Kubernetes is cloud agnostic and open source their tone of open source tools like Argo, Jenkins, Prometheus, EKS add-ons, third-party vendors and so on. In order to make clusters teams have to use these tools in combination and then install them on the cluster and then manage it. It's not easy in such an overwhelming ecosystem.
Your experience finding 3rd party solutions
- The first 2 stages take a lot of time
- how to go about doing it
- regulatory compliance, availability, and reliability of vendors are possible concerns
- This process can be codified and take away all the pain of choosing and
- Architecture of the above picture
- Advantages it gives us the all marketplace add-ons are free of vulnerabilities, and already scanned, AWS takes care of container image scanning so gives a more reliable and secure approach for the production
Demo
Marketplace add-ons can be very easily installed on the cluster either through the console, CLI or terraform.
Using Console
- already created a cluster for the demo
- deploying estio to cluster
- it matter of 5 clicks to install a marketplace addon to cluster
- free solution + paid solution
using CLI
- you can view, and collect Information about add on's
- Even install addon from cli
What value does the AWS marketplace add?
It's already pre-scanned, pre-validated by aws team to provide the utmost security. Pre-tested to improve operational expectations so that users can just install the add-on and use it right away.
Takeaway
Using AWS marketplace is the fastest, safest, reliable and repeatable way to scale to scale and make our clusters production ready.
40
